早上发现openvpn没有启动, 看日志好像是说配置文件中用up调用外部脚本,需要--script-security参数.
回想起昨天晚上刚刚升级了一下系统, 因为是新版本的openvpn有安全上的修改.
到openvpn的doc目录(/usr/share/doc/openvpn)下看了一下, 发现在这个文件有说明
gunzip -c /usr/share/doc/openvpn/NEWS.Debian.gz
2.1~rc9-3openvpn (2.1~rc9-3) unstable; urgency=low
* Calling of external commands/scripts
Starting with version 2.1~rc9, openvpn has a new option to control the
ability to execute external commands (--script-security).
By default (script-security 1) it will only allow the execution of
built-in commands (ip, ifconfig, route,...). If you require the execution
of external commands, such as /etc/openvpn/update-resolv-conf, you'll have
to include the following option in your configuration file:
script-security 2
-- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 16 Aug 2008 13:34:24 +0200
大意是在2.1~rc9,openvpn增加了一个新的参数,--script-security,它的缺省设置为1, 这样只能执行内嵌的命令,
要调用外部的扩展命令,必须在配置文件中增加一行
script-security 2