Teemu Kiviniemi <teem...@iki.fi> said: > Hi, > > OpenVPN 1.5beta12 and the CVS version have a problem when --resolv-retry > and --chroot are used at the same time. In chroot environment, > gethostbyname() can't resolve the remote IP address: > > Wed Oct 29 17:19:17 2003 13: RESOLVE: Cannot resolve host address: > somehost.somedomain: [unknown h_errno value] > > This problem occurs with Debian Woody. I think it's related to the Glibc > dynamic loader. If the name resolver libraries aren't loaded before > OpenVPN enters the chroot jail, OpenVPN can't do any DNS queries. If > gethostbyname() is run before entering chroot(), the resolver libraries > are loaded and everything works as it should. > > I changed link_socket_init_phase1() in socket.c to resolve the remote > host even if resolve_retry_seconds is set. That way, gethostbyname() is > run before chroot(). I don't know if that's the right way to do it, but > it fixes the problem for me. > > The patch for 1.5 beta12 and the CVS version is available at: > http://iki.fi/teemuki/openvpn/openvpn-resolvfix.diff
Teemu, The DNS name resolution code for --remote is somewhat delicate -- for example, the phase1 code cannot block because it's called before daemonization. I would rather see this fix accomplished by adding some kind of dummy call early on in the initialization sequence to trigger the dynamic load of the DNS library -- but which doesn't touch the functionality of the current DNS name resolution code. James
