Default rc.openvpn script can break routing for roaming clients
Just a quick heads up that for some OpenVPN setups, the default Slackware rc.openvpn which uses --user nobody and --group nobody can break the vpn connection for OpenVPN clients.
If used with "persist-tun" and "persist-key", the above will allow OpenVPN to restart the connection even without root privileges. However, the OpenVPN process won't have control over the tun/tap device when restarting the connection - so it can't set a new IP address on it, and it can't add or remove routing rules. If using multiple connection sections in the OpenVPN config file, and the different servers send out different IP's and/or different routes, the connection will break when restarted by the OpenVPN process, as the OpenVPN process can't reconfigure the interface or routing rules. This also happens sometimes when the client moves between different sites / wifi connections - as, again, OpenVPN can't reconfigure properly the connection and routes.
A full computer restart will fix the broken connection - but it can be annoying for roaming users to keep on having to restart the computer.
I don't think the default rc.openvpn should be changed - but it is good for people to be aware of the above - as I spent some time going round in circles troubleshooting it.
Last edited by xj25vm; 06-16-2023 at 09:14 AM.
|