> You can break this with something like:
> status /etc/openvpn/client/status.log
> in your configuration. Writing a status file
> to /run/openvpn-{client,server}/status.log works, though. So the default
> setups should be fine. Do we have any more cases where openvpn wants write
> access for whatever?

>From my configuration:
1) status
2) ifconfig-pool-persist
3) tmp-dir (for storing openvpn_pf_*.tmp files)
4) client-connect script may want to write something
5) a plugin may want to write something

For me even the read-only option will break nearly *everything*. And for user 
it will be completely not obvious why his scripts doesn't work, why his status 
file is not updated, and what's wrong with ifconfig-pool-persist.
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
Openvpn-devel mailing list

Reply via email to