From 8e8aeea4d9b6acdcad0661b74e4fceacc0f2da0d Mon Sep 17 00:00:00 2001 From: Stanislas Date: Tue, 13 Jan 2026 22:07:05 +0100 Subject: [PATCH] Fix management socket path to persist after reboot (#1452) - Use `/var/run/openvpn-server/` instead of `/var/run/openvpn/` for the management socket - The former is created at boot by OpenVPN's tmpfiles.d, the latter was lost on reboot Fixes #1451 --- openvpn-install.sh | 13 ++++++++----- test/server-entrypoint.sh | 10 +++++----- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 9be5c8c..6229427 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -3050,13 +3050,10 @@ tls-version-min $TLS_VERSION_MIN" tls-ciphersuites $TLS13_CIPHERSUITES client-config-dir ccd status /var/log/openvpn/status.log -management /var/run/openvpn/server.sock unix +management /var/run/openvpn-server/server.sock unix verb 3" } >>/etc/openvpn/server/server.conf - # Create management socket directory - run_cmd_fatal "Creating management socket directory" mkdir -p /var/run/openvpn - # Create client-config-dir dir run_cmd_fatal "Creating client config directory" mkdir -p /etc/openvpn/server/ccd # Create log dir @@ -3130,6 +3127,12 @@ verb 3" run_cmd "Patching service file (paths)" sed -i 's|/etc/openvpn/|/etc/openvpn/server/|g' /etc/systemd/system/openvpn-server@.service fi + # Ensure RuntimeDirectory is set for the management socket + # Some distros (e.g., openSUSE) don't include this in their service file + if ! grep -q "RuntimeDirectory=" /etc/systemd/system/openvpn-server@.service; then + run_cmd "Patching service file (RuntimeDirectory)" sed -i '/\[Service\]/a RuntimeDirectory=openvpn-server' /etc/systemd/system/openvpn-server@.service + fi + run_cmd "Reloading systemd" systemctl daemon-reload run_cmd "Enabling OpenVPN service" systemctl enable openvpn-server@server # In fingerprint mode, delay service start until first client is created @@ -4096,7 +4099,7 @@ function revokeClient() { # Disconnect a client via the management interface function disconnectClient() { local client_name="$1" - local mgmt_socket="/var/run/openvpn/server.sock" + local mgmt_socket="/var/run/openvpn-server/server.sock" if [[ ! -S "$mgmt_socket" ]]; then log_warn "Management socket not found. Client may still be connected until they reconnect." diff --git a/test/server-entrypoint.sh b/test/server-entrypoint.sh index 0c727e4..58e5e42 100755 --- a/test/server-entrypoint.sh +++ b/test/server-entrypoint.sh @@ -162,7 +162,7 @@ echo "" echo "=== Verifying Management Interface Configuration ===" # Verify management socket is configured in server.conf -if grep -q "management /var/run/openvpn/server.sock unix" /etc/openvpn/server/server.conf; then +if grep -q "management /var/run/openvpn-server/server.sock unix" /etc/openvpn/server/server.conf; then echo "PASS: Management interface configured in server.conf" else echo "FAIL: Management interface not found in server.conf" @@ -171,10 +171,10 @@ else fi # Verify management socket directory exists -if [ -d /var/run/openvpn ]; then +if [ -d /var/run/openvpn-server ]; then echo "PASS: Management socket directory exists" else - echo "FAIL: Management socket directory /var/run/openvpn not found" + echo "FAIL: Management socket directory /var/run/openvpn-server not found" exit 1 fi @@ -1149,14 +1149,14 @@ echo "=== PASSPHRASE Support Tests PASSED ===" echo "" echo "=== Testing Management Interface ===" -MGMT_SOCKET="/var/run/openvpn/server.sock" +MGMT_SOCKET="/var/run/openvpn-server/server.sock" # Verify management socket exists and is accessible if [ -S "$MGMT_SOCKET" ]; then echo "PASS: Management socket exists at $MGMT_SOCKET" else echo "FAIL: Management socket not found at $MGMT_SOCKET" - ls -la /var/run/openvpn/ || true + ls -la /var/run/openvpn-server/ || true exit 1 fi