Package: openvpn Version: 2.4.0-6+deb9u2 Severity: normal Dear Maintainer,
In version 2.3.4-5+deb8u2, if one had a setting of, e.g.: management tunnel 5656 the behaviour was as documented -- it would wait for the tunnel to come up, and then listen on port 5656 for the management interface. Having upgraded to 2.4.0-6+deb9u2, the port number seems to be ignored, as you can see here: # grep management /etc/openvpn/vpn1.conf management tunnel 5656 # netstat -tlnp | grep openvpn tcp 0 0 172.12.34.14:43125 0.0.0.0:* LISTEN 495/openvpn Downgrading to 2.3.4-5+deb8u2 restores the previous behaviour. It seems that if you specify an IP address, rather than "tunnel" then it uses a different code path, which does the listen before the tunnel comes up, and it does then use the specified port. This cannot be used as a workaround though if you want it to listen on the tunnel address, since the interface is not up at this point. Cheers, Phil. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.61 ii init-system-helpers 1.48 ii iproute2 4.9.0-1 ii libc6 2.24-11+deb9u1 ii liblz4-1 0.0~r131-2+b1 ii liblzo2-2 2.08-1.2+b2 ii libpam0g 1.1.8-3.6 ii libpkcs11-helper1 1.21-1 ii libssl1.0.2 1.0.2l-2+deb9u1 ii libsystemd0 232-25+deb9u1 ii lsb-base 9.20161125 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-2 Versions of packages openvpn suggests: ii openssl 1.1.0f-3+deb9u1 ii resolvconf 1.79 -- debconf information: openvpn/create_tun: false
