On 12-02-22 08:38 AM, Teodor MICU wrote: > 2012/2/22 Simon Deziel <[email protected]>: >> This new patch implements the above pseudo code and rely only on sysctl >> for kfreebsd compatibility. I tested it with dynamically and statically >> named tun devices. >> >> Please let me know if something should be reworked/improved. > > I like this idea. However, I think you should change a few things: > 1) default.send_redirects=0 and all.send_redirects=0 should be done > only if necessary (is not 0) and the original value reverted back > after the device was created
Adding more logic would result in calling sysctl more times which is suboptimal IMHO unless there are some advantages I'm not aware of ? > 2) I'm not sure the tunX is up when you revert the above changes (if > necessary). Above is the call for start-stop-daemon but is there any > guarantee that it will finish starting the oVPN service in time for > the next command in the script? I haven't looked in the OpenVPN sources to confirm that the daemon forks after the tun creation but my tests showed no problem regarding this. The tun (dynamically or statically named) was always present right after the call to the daemon returned and the send_redirects setting was properly configured for it. Simon -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
