From: Bonno B. <b.b...@ti...> - 2008-05-10 07:41:26
|
Hi, I wanted to implement a weekly logfile rotation for the openvpn logfile and noticed that it did not work, openvpn kept writing to the old logfile. If I did a manual mv openvpn.log openvpn.1 openvpn would still write to the same file, now called openvpn.1, and not start a new openvpn.log. Only after restarting openvpn dit it start a new openvpn.log file. What is the correct way to keep openvpn up and running but have it start using the new logfile? The logrotate program has a workaround by using the copytruncate option but that is more of a stopgap sollution for dumb programs, of which I'm sure openvpn is not one. The logrotate program can send a SIGHUP, SIGUSR1, etc after the rotation to tell the program the logfile has been rotated. The openvpn script in the init.d/ folder has options like reload and reopen which correspondent to SIGHUP, SIGUSR1 and might do what I want but.... so far it seems not. After both reload and reopen the old logfile is still being used. Besides that.... Testing with 2.0.9-1 on a Redhat 9 machine I found out that trying to do a reload would produce several errors, one about opening the key file, and I would loose the vpn connection. Sat May 10 08:58:44 2008 us=750706 TCP/UDP: Closing socket Sat May 10 08:58:44 2008 us=750822 /sbin/ip route del 172.16.1.64/26 RTNETLINK answers: Operation not permitted Sat May 10 08:58:44 2008 us=755306 ERROR: Linux route delete command failed: shell command exited with error status: 2 [.....] Sat May 10 08:58:44 2008 us=865438 OpenVPN 2.0.9 i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Feb 2 2007 Sat May 10 08:58:44 2008 us=865545 Restart pause, 2 second(s) Sat May 10 08:58:46 2008 us=866570 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sat May 10 08:58:46 2008 us=867202 Cannot load private key file bonnothuis.key: error:0200100D:system library:fopen:Permission denied: error:20074002:BIO routines:FILE_CTRL:system lib: error:140B0002:S SL routines:SSL_CTX_use_PrivateKey_file:system lib Sat May 10 08:58:46 2008 us=867316 Error: private key password verification failed Sat May 10 08:58:46 2008 us=867342 Exiting Is this a known error, maybe connected to the nobody options, or should I do some testing with the new 2.1 version? Is the issue with the logfile rotation dealt with in the 2.1 release? If not, will it be in a next rc? Do I need to help testing some things? I am NOT a C programmer, at least not anymore. My programming skills are old and were in several other languages like Pascal, Forth, etc. :-) p.s. In my production environment I will be using Openvpn mainly on Debian etch, so for that I would still be using the 2.0.9 release for a while. But at home I'd like to use the newer version to see if openvpn 2.1 does work as it should. Groetjes, Bonno Bloksma |