Re: openvpn: do not force --daemon as first argument

Sat, 06 Dec 2025 03:38:15 -0800

then if someone doesn't set --daemon themselves (either on the command line or in config) the script won't work properly. not sure I see the problem with specifying --config? 

upstream supports multiple sockets in server mode now, btw.

--
 Sent from a phone, apologies for poor formatting.

On 6 December 2025 10:43:34 Klemens Nanni <[email protected]> wrote:


Whilst the intention here is to ensure a background daemon,
this flag may also take an argument [progname] to set its syslog name.

openvpn(8) also lets you omit --config in front of an absoloute path
if that file is the first argument, but flags in `daemon' break that.

My use case is multiple openvpn servers on different listen sockets
as OpenVPN on OpenBSD is unable to serve IPv4 and IPv6 in one process:

$ file /etc/rc.d/openvpn?
/etc/rc.d/openvpn4: symbolic link to '/etc/rc.d/openvpn'
/etc/rc.d/openvpn6: symbolic link to '/etc/rc.d/openvpn'

$ grep ^openvpn /etc/rc.conf.local
openvpn4_flags=/etc/openvpn/server4.conf
openvpn6_flags=/etc/openvpn/server6.conf

$ head -n4 /etc/openvpn/server4.conf
config /etc/openvpn/server.common
daemon openvpn4
local 0.0.0.0
dev tun4

I could work around this, knowing that --daemon is hardcoded,
but it looks ugly and is less flexible:

# rcctl set openvpn6 flags openvpn6 --config /...

Feedback?

Existing setups need adjusting, but I'm not sure whether MESSAGE or
current.html is the best way to signal that.


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/openvpn/Makefile,v
diff -u -p -r1.138 Makefile
--- Makefile 29 Nov 2025 15:43:27 -0000 1.138
+++ Makefile 5 Dec 2025 22:32:37 -0000
@@ -1,6 +1,7 @@
COMMENT= easy-to-use, robust, and highly configurable VPN

DISTNAME= openvpn-2.6.17
+REVISION= 0

CATEGORIES= net security

Index: pkg/openvpn.rc
===================================================================
RCS file: /cvs/ports/net/openvpn/pkg/openvpn.rc,v
diff -u -p -r1.2 openvpn.rc
--- pkg/openvpn.rc 10 Mar 2022 00:04:07 -0000 1.2
+++ pkg/openvpn.rc 5 Dec 2025 22:33:17 -0000
@@ -1,6 +1,7 @@
#!/bin/ksh

-daemon="${TRUEPREFIX}/sbin/openvpn --daemon"
+daemon="${TRUEPREFIX}/sbin/openvpn"
+daemon_flags="--daemon"

. /etc/rc.d/rc.subr

Reply via email to