Bind the local TCP/UDP socket before UID/GID downgrade,
otherwise we cannot bind to ports < 1024.
Signed-off-by: James Yonan <ja...@openvpn.net>
---
src/openvpn/init.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cb73a3d..9658895 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -3630,16 +3630,16 @@ init_instance (struct context *c, const struct env_set
*env, const unsigned int
open_plugins (c, false, OPENVPN_PLUGIN_INIT_POST_DAEMON);
#endif
+ /* finalize the TCP/UDP socket */
+ if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP)
+ do_init_socket_2 (c);
+
/*
* Actually do UID/GID downgrade, and chroot, if requested.
* May be delayed by --client, --pull, or --up-delay.
*/
do_uid_gid_chroot (c, c->c2.did_open_tun);
- /* finalize the TCP/UDP socket */
- if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP)
- do_init_socket_2 (c);
-
/* initialize timers */
if (c->mode == CM_P2P || child)
do_init_timers (c, false);
--
1.9.1
