-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/03/10 22:41, Davide Brini wrote: > On Wednesday 10 March 2010, David Sommerseth wrote: > >>> Well, I was actually going to write a patch, but shortly after starting I >>> found out that it would end up being essentially the same as Gentoo's >>> scripts. Would it be worth separately maintaining something that has >>> already been written somewhere else? >> >> I would say that if there are things which are distro related, they >> should either be found only in that distribution or we can consider (if >> it is considered important by more people) to put distro specific stuff >> into a separate folder in the OpenVPN source tree. >> >> If it is possible to get some up/down scripts which are generic for the >> vast majority of POSIX sh based distributions, that would be the >> preferred approach. If not, then we are back to where we started :) > > Ok, here it goes (it's against 2.1.1). As said, it's basically a complete > rewrite that draws many ideas from the Gentoo scripts. These are the main > differences from the "old" client.{up,down} scripts: > > - No more bashisms (AFAICT). Should work with any POSIX-compatible shell > (which means "almost all reasonably recent shells"), though I've only tested > with bash and dash. > > - Unnecessary calls to external tools (sed) removed > > - Manages multiple DNS and DOMAIN options. Each DNS option becomes a > "nameserver" line in the new resolv.conf (up to a maximum of 3). If there's a > single DOMAIN option, it becomes a "domain" line in resolv.conf; otherwise, > all the domains are listed in a "search" line in resolv.conf (eg "search > foo.com example.net"). > > - Client.up renames the existing resolv.conf and creates a brand new one; > client.down restores it from the saved copy when the VPN terminates (the > usual > rules about running as root apply). This is how Gentoo does that; the old > scripts instead added/removed some lines at the beginning of the file, which > looks a less clean approach to me. The rename approach also dramatically > simplifies and shortens client.down, as you'll see. > > - Uses resolvconf if it's available (detected by the presence of > /sbin/resolvconf) rather than writing to resolv.conf directly. Not sure > whether this is a Linux-only thing or other systems use it though. > > A doubt I have is: should the script output its errors as it does now? If > yes, > is it possible to somehow send them to the main OpenVPN log so they appear > among the other normal messages? > > Let me know what you think.
ACK! I've done a quick test on one of my connections on Fedora 12 without any resolvconf package (meaning it invokes the simple cp approach), and it worked like a charm. Applied to bugfix2.1 and merged into allmerged. Commit a9c9a89e96dc1e4e843e05ecadc4349b81606b06 kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvMwe0ACgkQDC186MBRfroWOwCeMFu3NO/s6UDeTSjGkmde/DpQ MtsAn0rqsF7B5/4RIjcF4k7zyoryvhsw =RuVf -----END PGP SIGNATURE-----