Debian Jessie to Stretch upgrade - Openvpn to 2.4.0

[sandrone81]

Dear All,
I upgraded my Debian Jessie server to Debian Stretch.
As you know, with this upgrade, openvpn upgraded to 2.4 version.
I don't know if my issue is related to debian or openvpn upgrade.
BTW, the issue is with this UP script I have in the config file:
Config file:

Code: Select all

...
script-security 2
up /etc/openvpn/up.sh
up-restart
...

/etc/openvpn/up.sh script :

Code: Select all

#!/bin/bash
/bin/echo "$trusted_ip" > /tmp/vpn.txt

i suppose there is some issue with security or something similar, because the file /tmp/vpn.txt is never created. No issue with old debian/openvpn version.
It seems that now openvpn script cannot "create" (or edit) file. is it possible?
I tried also to create a user (vpn) and add these entries:\\

Code: Select all

user vpn
group vpn

Of course, privileges are ok:

Code: Select all

drwxrwxrwt  15 root root  4096 mar  6 03:20 tmp

and

Code: Select all

-rwxr-xr-x 1 root root  121 mar  6 02:16 up.sh

No error on log, I just see:

Code: Select all

/etc/openvpn/up.sh tun0 1500 1570 10.0.0.42 10.0.0.41 init

Any ideas?


I need this because I have a nagios script that read that file with variable $trusted_ip and alert me in case of this is not the preferred one.

[TinCanTech]

Are you starting with systemd ? If so post the unit file.

[sandrone81]

I found the issue...
the new openvpn version can "edit" or "create" file on /etc/openvpn folder (perhaps inside the chroot dir?).
If I create the script :
/bin/echo "$trusted_ip" > /etc/openvpn/vpn.txt
It works...