On Fri, May 2, 2014 at 11:20 AM, David Sommerseth < openvpn.l...@topphemmelig.net> wrote:
> The core principle in OpenVPN's option > parsing is that the last argument wins. So if you have f.ex. --ping-exit > 3 > times in a command line and two times in a config file, it's the last one > which really sets the option. --syslog-facility should be no different. > > IMO, distro init.d scripts should add the config file as the last argument > when they kick off openvpn. If they add stuff which overrides the config > file, then it's a bug in the init.d script. > That might be good for distros, but Tunnelblick purposefully starts OpenVPN with "--management" *after* "--config"; other GUIs may do this, too. Tunnelblick does this to make sure that the management interface is used only by Tunnelblick. (Tunnelblick separately warns the user if the configuration file contains "--management" or other problematic options.) For some options, it is the *first* argument that wins: "--log", "--log-append", and I think "--daemon" (and possibly some other options like "--syslog"). Tunnelblick puts --log and --daemon first to make sure it controls logging. (Tunnelblick sends the log to a file, which it monitors, instead of logging through the management interface, so Tunnelblick (the GUI) does not need to be running when the OpenVPN instance is running -- for example, when nobody is logged in.)
