On Sat, 22 Feb 2003, James Yonan wrote: > This might be handled in a way similar to --ping-restart or SIGHUP/SIGUSR1, > where the openvpn daemon would essentially restart if the MTU size changed. > This would be effective if path MTU changes are infrequent but still creates > problems when --user/--group nobody is used, since the openvpn daemon will > lack sufficient privilege to reopen and re-ifconfig the TUN/TAP device. >
One option to deal with the --user/--group stuff is to keep a parent process running as root with the real work being done by the child with dropped privledges. The parent just waits around waiting for a signal regarding the child, and then let the parent start a new child. Of course if you are going to go down the IPC route, there is other fun things you can do like passing sockets via AF_UNIX sockets. It really depends on how you want to do it. Regards, Aaron
