Description of problem: OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora: 1. Missing "--script-security 3" in initscript for backward compatibility without breaking current setups during upgrade (2.1rc9 is a security bugfix release), see bug #458594 2. It looks like the change from system() -> execvp() breaks tls-verify commands in pipe behaviour or line foldings/endings, see bug #458600 The issues don't exist in OpenVPN 2.1rc8 or previous, came up with 2.1rc9 the first time, so this is an OpenVPN regression then. I know, you're just the downstream maintainer, but the problems have to be solved, before any new OpenVPN package should ever go to stable. I really did not have a nice Sunday today caused by this stuff ;-) As far as I can see and reproduce, this problem affects Fedora and EPEL. Version-Release number of selected component (if applicable): openvpn-2.1-0.27.rc9 How reproducible: Everytime, see above. Expected results: Both issues solved before a push of the new OpenVPN packages to stable.
OpenVPN 2.1rc13 still shows exactly the same issues to me. It also breaks (as starting with rc9) client-connect/disconnect scripts by just not executing them - completely independent of what I set script-security option to. Can we please unpull the crappy OpenVPN package from EPEL really ASAP?
James, maybe a more important thing: Can you unbreak client-connect/disconnect scripts again, please? Seemingly, both scripts (e.g. /etc/openvpn/connect.sh) are just not executed, script-security 3 doesn't change anything; script has some iptables commands in it choosed by the given CN.
James, can we please concentrate on the non-working client-connect/disconnect scripts first rather bug #458600? Thank you.
The non-working client-connect/disconnect scripts are caused by missing PATH exports since rc9. Using full path inside of the script solves the issue. For Fedora and especially EPEL this is a regression.
openvpn-2.1-0.29.rc15.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc9
openvpn-2.1-0.29.rc15.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc10
openvpn-2.1-0.29.rc15.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc8
openvpn-2.1-0.29.rc15.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
openvpn-2.1-0.29.rc15.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
openvpn-2.1-0.29.rc15.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.