On Wed, Jan 27, 2016 at 3:20 AM, Gert Doering <g...@greenie.muc.de
<mailto:g...@greenie.muc.de>> wrote:
Hi,
On Wed, Jan 27, 2016 at 10:14:18AM +0200, Samuli Seppänen wrote:
> An added bonus is that openvpnserv2 is written in C#, which means it can
> be developed on Linux using Mono, and the language choice probably helps
> getting new contributions from people not fluent with C.
I'm not totally convinced that "mixing in a new language" is a *bonus*
(as it means that the core team won't be able to help unless also fluent
with the other language).
Currently the service is a part of the openvpn repo, but there is no
reason to keep it thus. In fact, once the interactive service is
available, in my view, it may not be even necessary to ship the original
service with the windows binary distribution. Only advanced users would
need the original service or its equivalent (openvpnserv2 or NSSM) usage
of which could be made available as documentation in the wiki pages.
This would be a novel idea. The service component has very few ties to
OpenVPN, and is a very simple piece of software. I don't think it
_needs_ to be in the main OpenVPN repo, either. Splitting the project
into smaller chunks both code- and organization-vise has been beneficial
in the past by allowing us to get more people onboard. Plus we've been
able to optimize the development processes per subproject, so that the
strict patch review regime in the main project has not slowed down the
development of less critical components.
I have no idea how large a percentage of our users use the service.
Probably the only way to _really_ find that out would be to deselect the
service in the installer by default and see how loudly people scream. We
could have a poll, but in my experience only a few people would answer,
and we wouldn't be any better off. If most people would be basically ok
without the service, we could still provide it as a separate download on
the official download pages. That said, I have no strong opinions one
way or the other.
Given that services run with maximum privileges, strong review is as
important there as for core openvpn...
If the only reason why everyone is disliking the old openvpnserv is
"it is not restarting openvpn.exe when it breaks" - *that* should be
fairly easy to add. So, what is that people consider "broken"?
Although it is called a service, it only works like a one time task or
an rc script. However, unlike a startup script, it does not terminate
after spawning openvpn.exe processes, giving it the appearance of a
service. It does not keep track of the spawned processes, has no way of
knowing any of the processes stopped or crashed, has no way of editing
one config and then restart only that connection leaving others up etc.
I believe openvpnserv2 - or rather the more generic MS code upon which
it builds - can monitor the individual processes and restart them as
necessary. So it definitely a more complete solution than what
openvpnserv.exe provides.
Having said that, on the only windows 10 machine I have, the original
service works the same way as on Windows 7. Early reports of "not
working on windows 10" might have had more to do with unrelated TAP6 issues.
Quite likely. Also some issues seem to have been related to specific
problematic Windows 10 builds.
Samuli
