Re: [Openvpn-users] Problem with plugin openvpn-down-root.so and SIGUSR1 restarts

[James Y. <ji...@yo...>]

On Thu, 20 Jan 2005, Claas Hilbrecht wrote:

> Today I found a problem that I've hunted for many weeks. I run an openvpn 
> tunnel above an isdn raw line to allow the isdn line to hang up if not data 
> is flowing through the tunnel. Sometimes (it can take several weeks) one 
> end of the vpn shuts down his openvpn process. The problem occurs when a 
> SIGUSR1 is sent to the daemon and the daemon is running with
> 
> chroot /var/run/openvpn/obermann-isdn/chroot
> down-pre
> plugin openvpn-down-root.so "/usr/local/bin/openvpn_fwrules-helper-down"
> 
> With these options the route -del command will fail sometimes (I think when 
> the SIGUSR1 is sent more than once) and causes OpenVPN to make a complete 
> restart. OpenVPN will try to reopen the config file which is not available 
> in the chroot. Since this fails OpenVPN will exit.
> 
> I think the best way to handle this is to execute the route -del command 
> within the root plugin or to ignore the error condition and simply go on 
> with the restart.

Once OpenVPN tries to do a full SIGHUP restart, it will probably fail if
user, group, or chroot have been used.  SIGUSR1 + the --persist-x options
is really the only way to restart when privileges have been dropped and/or 
chroot has been used.

The problem is that if a SIGUSR1 occurs while a previous SIGUSR1 is still 
being processed, OpenVPN gets confused and does a full SIGHUP restart 
instead.  Is there any way you can avoid hitting the daemon with more 
than one SIGUSR1 in close succession?

James