Bind the local TCP/UDP socket before UID/GID downgrade, otherwise we cannot bind to ports < 1024.
Signed-off-by: James Yonan <ja...@openvpn.net> --- src/openvpn/init.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index cb73a3d..9658895 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3630,16 +3630,16 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int open_plugins (c, false, OPENVPN_PLUGIN_INIT_POST_DAEMON); #endif + /* finalize the TCP/UDP socket */ + if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) + do_init_socket_2 (c); + /* * Actually do UID/GID downgrade, and chroot, if requested. * May be delayed by --client, --pull, or --up-delay. */ do_uid_gid_chroot (c, c->c2.did_open_tun); - /* finalize the TCP/UDP socket */ - if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) - do_init_socket_2 (c); - /* initialize timers */ if (c->mode == CM_P2P || child) do_init_timers (c, false); -- 1.9.1