On 2018-04-10 10:55, Christoph Böhmwalder wrote: > I was wondering how the OpenRC dependencies between start scripts > work.
openvpn start-up dependencies (and, I imagine, any user space based VPN) are definitely a pain point. One part is the subject of the main thread here ie. what other scripts openvpn itself should depend on. Is it really safe to start it before the hardware interfaces are up? I guess in its default config it will keep trying until it can connect to the server, but I think it can also be configured to just give up. Another part is the reverse dependencies. On my systems, any network service that provides the option is configured to only listen on the VPN interface (plus localhost if necessary). But that means the service depends on the interface being functional - and, as I have learned, in the case of openvpn and TUN interface that means not just being in the UP state, but also the routing table being updated which happens _after_ it is put into UP state. The work to ensure all this state is done by the openvpn daemon in the background, out of control of openrc or sysvinit, so it is definitely possible that the openvpn initscript finishes before the final working state is reached. Then I have network service daemons failing to start (even if they have an explicit dependency on openvpn) because they cannot listen() on the VPN interface. I have to work around this with nefarious hacks using netcat or ping to test the VPN. I assume systemd handles this correctly, and this is an occasion when I envy systemd users and consider, for a few seconds, joining them. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
