systemd: Move the READY=1 signalling to an earlier point
Currently, OpenVPN will first tell systemd it is ready once the
log will be appended with "Initialization Sequence Completed".
This turns out to cause some issues several places.
First, it adds challenges if --chroot is used in the configuration;
this is already fixed. Secondly, it will cause havoc on static key
p2p mode configurations where the log line above will not happen
before either sides have completed establishing a connection. And
thirdly, if a client configuration fails to establish a connection
within 90 seconds, it will also fail. For the third case this may
not be a critical issue itself, as the host just needs to get
an Internet access established first - which in some scenarios may
take much longer than those 90 seconds systemd grants after the
OpenVPN client configuration is started.
The approach this patch takes is to consider OpenVPN ready when
all the initial preparations and configurations have completed - but
before a connection to a remote side have been attempted. This
also removes the need for specially handling the --chroot scenario.
The final "Initialization Sequence Completed" message update is
kept (though slightly simplified) to indicate we're in a good
state - even though this update will not be visible if --chroot
is used (which was the situation also before this patch).
Trac: #827, #801
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Christian Hesse <mail@eworm.de>
Message-Id: <
20170124232344.7825-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13945.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit
e83a8684f0a0d944e9d53cdad2b543cfd1b6fbae)
projects / thirdparty / openvpn.git / commit
