On 01/10/2020 17:03, Simon Matter wrote: > I really can't understand why this small patch was refused for years and I > still feel nobody ever really looked at it.
Perhaps this also an indication of the corner case this patch is covering? This patch started 7 years ago. There has been 2 other users being supportive in the Trac ticket, where at least one of them do have another functional alternative (--management with --management-hold). From what I recall from the last review years ago, the behavior was also not well defined in restart scenarios (--up-restart) - where the script might be run with different privileges, the --chroot might also change things. Which makes this patch very fragile for users. All of these issues are avoided with the --management and --management-hold. And if you still require more flexibility when starting client configurations, you should rather consider OpenVPN 3 Linux - which can be much more fine grained controlled via an API. OpenVPN 3 Linux can also be used by unprivileged users out-of-the-box, resulting in better security for what is being executed and when it is being executed. There are several examples in Python, but any language with D-Bus support will work: <https://github.com/OpenVPN/openvpn3-linux/tree/master/src/tests/python> <https://github.com/OpenVPN/openvpn3-linux/tree/master/src/python> -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel