Dear both, thank you for your reply. Yes, we are using the "--client-connect" and according to 2.3 OpenVPN manual (see section below) it does create files by writing to "file named by $1."
Gert, we are sure, there was not a problem with the resources (eg.: max open files, max filed descriptors, etc.) on the system. What else can I do about it? --client-connect script Run script on client connection. The script is passed the common name and IP address of the just-authenticated client as environmental variables (see environmental variable section below). The script is also passed the pathname of a not-yet-created temporary file as $1 (i.e. the first command line argument), to be used by the script to pass dynamically generated config file directives back to OpenVPN. If the script wants to generate a dynamic config file to be applied on the server when the client connects, it should write it to the file named by $1. thank you again Arno From: Gert Doering <g...@greenie.muc.de> To: Eric Crist <ecr...@secure-computing.net>, Cc: arno.oderm...@ch.schindler.com, openvpn-devel@lists.sourceforge.net List-Post: openvpn-devel@lists.sourceforge.net Date: 22.07.2014 21:34 Subject: Re: [Openvpn-devel] Openvpn 2.3.2: "Could not create temporary file" ....Too many open files Hi, On Tue, Jul 22, 2014 at 12:37:19PM -0500, Eric Crist wrote: > This isn't an OpenVPN problem, directly. It appears you have a client connect script, or are storing connection information in temp files. You can increase the maximum allowed open files in Fedora (you'll have to research that yourself). Alternatively, stop storing connection data in a temp file for new connections. OpenVPN, by itself, does not create these temporary files. Uh, this is not fully correct. If you use --client-connect (or any of the other up scripts that enable passing of config values back), OpenVPN will create the temp file to be used for that, to avoid race conditions. I'm not sure when this was added, but "recentish" (2.2.x) Now the sema-files do not ring a bell, but we need to check whether we properly clean up the other files - but that should be visible in "lsof" while OpenVPN is running and after a few connections have completed. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de [attachment "attp7yyb.dat" deleted by Arno Odermatt/R&D/SCH/SCHINDLER] ****************************************************** Notice: The information contained in this message is intended only for use of the individual(s) named above and may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate , copy it in any form or take any action in reliance of it. If you have received this message in error please delete it and any copies of it and notify the sender immediately. *******************************************************
