openvpn2 startup script not working

[thomas.hartwig@…]

Hi, I tested the openvpn2 port and I have major issues with the startup script org.macports.openvpn2.plist. I can run the daemon manually and the tunnel is established but I can not get it running automatically via launchctl for following reasons:

1. bin -> sbin: the script uses the wrong location for openvpn2, instead of /opt/local/bin/openvpn2 it should be /opt/local/sbin/openvpn2
2. daemondo: I can run the whole daemondo call from the command line, but if I run the script via launchctl it only logs that the service did run for 0 seconds only. I can not find any further ouptut showing me what might be wrong with the script.
3. debug: launchtl is giving a warning: The Debug key is no longer respected. Please remove it.
4. inefficient: launchtl is giving a warning: This service is defined to be constantly running and is inherently inefficient.

In the end it is not starting and I don't know where to look else, my only source of logging is /var/log/system.log.

My system is Sierra 10.12.

This is how I can establish the tunnel:

daemondo --label=openvpn2 --start-cmd /opt/local/sbin/openvpn2 --cd /opt/local/etc/openvpn2 --config /opt/local/etc/openvpn2/my.conf \;

The script currently looks like this:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
<plist version='1.0'>
<dict>
<key>Label</key><string>org.macports.openvpn2</string>
<key>ProgramArguments</key>
<array>
	<string>/opt/local/bin/daemondo</string>
	<string>--label=openvpn2</string>
	<string>--start-cmd</string>
	<string>/opt/local/sbin/openvpn2 --config /opt/local/etc/openvpn2/my.conf</string>
	<string>;</string>
	<string>--pid=exec</string>
</array>
<key>Debug</key><false/>
<key>Disabled</key><false/>
<key>KeepAlive</key><true/>
</dict>
</plist>

[thomas.hartwig@…]

Cc Me!

[mf2k (Frank Schima)]

The Priority field is for use by Macports team members only.

[mf2k (Frank Schima)]

In the future, please use WikiFormatting. As reporter, you do not need to Cc yourself.

[mf2k (Frank Schima)]

I fixed the sbin issue with the startup item in r153641. Also made a correction in the notes.

It still is not working for me. I'm not sure how to correct the other issues you mention. Can you look in the ​guide and possibly submit a Portfile patch to fix the remaining issues?

[thomas.hartwig@…]

I have checked the plist file further and it turns out that you have to specify the startup command in a single attribute. Further it looks like all other parameters are not forwarded to the command itself. So I ended up writing a wrapper script which contained all the parameters for starting up openvpn correctly. So the final test script looks like below. I created a openvpn2.sh which makes the call finally. I have also activated some kind of debug to see what happens. However I do not know how you usually realize startup things. IMHO there is a problem with deamondo not forwarding the parameters correctly. But I am not an expert in this.

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
<plist version='1.0'>
<dict>
<key>Label</key><string>org.macports.openvpn2</string>
<key>ProgramArguments</key>
<array>
	<string>/opt/local/bin/daemondo</string>
	<string>--label=openvpn2</string>
	<string>--start-cmd</string>
	<string>/opt/local/sbin/openvpn2.sh</string>
	<string>;</string>
	<string>--pid=exec</string>
</array>
<key>Debug</key><false/>
<key>Disabled</key><false/>
<key>KeepAlive</key><true/>
<key>StandardOutPath</key>
<string>/tmp/logfile.log</string>
<key>StandardErrorPath</key>
<string>/tmp/error.log</string>
</dict>
</plist>

[ctreleaven (Craig Treleaven)]

Untested, but I think the problem is the double quotes around the startupitem.executable:

startupitem.executable  "${prefix}/bin/openvpn2 --config ${prefix}/etc/${name}/server.conf"

Should be

startupitem.executable  ${prefix}/bin/openvpn2 --config ${prefix}/etc/${name}/server.conf

But I could be completely wrong.

[mf2k (Frank Schima)]

I tested it locally without quotes and the startupitem looks like this:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
<plist version='1.0'>
<dict>
<key>Label</key><string>org.macports.openvpn2</string>
<key>ProgramArguments</key>
<array>
        <string>/opt/local/bin/daemondo</string>
        <string>--label=openvpn2</string>
        <string>--start-cmd</string>
        <string>/opt/local/sbin/openvpn2</string>
        <string>--config</string>
        <string>/opt/local/etc/openvpn2/server.conf</string>
        <string>;</string>
        <string>--pid=exec</string>
</array>
<key>Debug</key><false/>
<key>Disabled</key><true/>
<key>KeepAlive</key><true/>
</dict>
</plist>

[mf2k (Frank Schima)]

Has duplicate #50655.

[mf2k (Frank Schima)]

Committed in r153653. Based on the guide, this is more correct. But it still is not launching for me.