Dear openvpn developers, I would like to talk about an issue that got fixed in December 2018 in the git repository but not in any 2.4.X following releases. It was fixed at least on linux but maybe without being aware of it, so could still be there on other platforms, be nice to mention on the next release changelog and be fixed if there is a `2.4.9`.
With openvpn `2.4.8`, when using `--iproute` in conjunction with `--setenv`, the environment variable are not passed to the `ip` command when removing ip addresses so when executing `ip addr del` and `ip -6 addr del`. >From my observations, it is correctly passed for the other calls I have in my configuration. I tried in master and it is working. Curious about what fixed it I bisected to find the commit. It found me the commit dc7fcd714188989966ac2bd9315485603813fe0f [1] that updated to a new API but nothing in the commit messages talks about fixing the issue. I dug a bit further and the mailing-list thread [2] mentions "diff from v1: fixed env passed to ip command". But when looking on the original patch answer [3] it seems the author was referring to an issue with the new implementation and not the old one: > This behaviour does not reflect the original one as in the current code > we always pass the complete ENV coming from the openvpn context. > So it seems like the change was not expecting to fix an issue in the current code base. >From the wording, it feels like the issue was unknown and could still be present in the repository for other targets. I hope this information is useful and could provide a new test case. If it is already known, sorry for the noise. I added my testing procedure in appendix. 1: https://sourceforge.net/p/openvpn/openvpn/ci/dc7fcd714188989966ac2bd9315485603813fe0f 2: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18026.html 3: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16807.htm Best Regards, Gaëtan HARTER Testing Procedure ----------------- I used Arch Linux with the packaged `openvpn_2.4.8` version, but also tried compiling `v2.4.8` from the repository with `--enable-iproute2` and got the same result. My testing procedure is having an executable "ip" file with #! /bin/sh -xu echo VARIABLE=${VARIABLE} exec ip $@ Then compile, execute `openvpn` with `timeout` and look at the log autoreconf -vi && ./configure --enable-iproute2 && make sudo timeout 10 ./src/openvpn/openvpn --setenv VARIABLE value --iproute ./ip --script-security 2 --config vpn.conf With v2.4.8, when openvpn exits, it fails the `ip` command as the variable is not set when calling `ip addr del` Mon Jan 6 01:18:22 2020 Closing TUN/TAP interface Mon Jan 6 01:18:22 2020 ./ip addr del dev tun0 X.X.X.X/27 ./ip: line 2: VARIABLE: unbound variable Mon Jan 6 01:18:22 2020 Linux ip addr del failed: external program exited with error status: 1 Mon Jan 6 01:18:22 2020 ./ip -6 addr del XXXX::1/64 dev tun0 ./ip: line 2: VARIABLE: unbound variable Mon Jan 6 01:18:22 2020 Linux ip -6 addr del failed: external program exited with error status: 1 Mon Jan 6 01:18:22 2020 SIGTERM[soft,exit-with-notification] received, process exiting With `master` or after the mentioned commit it works as expected: Mon Jan 6 01:19:24 2020 Closing TUN/TAP interface Mon Jan 6 01:19:24 2020 ./ip addr del dev tun0 X.X.X.X/27 + echo VARIABLE=value VARIABLE=value + exec ip addr del dev tun0 X.X.X.X/27 Mon Jan 6 01:19:24 2020 ./ip -6 addr del XXXX::1/64 dev tun0 + echo VARIABLE=value VARIABLE=value + exec ip -6 addr del XXXX::1/64 dev tun0 Mon Jan 6 01:19:24 2020 SIGTERM[soft,exit-with-notification] received, process exiting
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel