SFOS 2.1 openvpn --dev-type tap not possible
Thanks for adding a proper openvpn support to SF. While SecureFishNet has been available for years, it has also been unreliable. However, the SF openvpn support is sorely lacking: even if I give a complete config file via Advanced Settings, SFOS/connmand insist on adding options to the openvpn command line which break the vpn.
For example, running "openvpn --config /home/nemo/openvpn/myvpn.ovpn" results in a working vpn, but defining the same through the SFOS Settings results in the following command line:
/usr/sbin/openvpn --remote MY.SERVER --ca /home/nemo/openvpn/ca.crt --proto udp --config /home/nemo/openvpn/myvpn.ovpn --syslog --script-security 2 --up /usr/lib/connman/scripts/openvpn-script --up-restart --setenv CONNMAN_BUSNAME :1.20547 --setenv CONNMAN_INTERFACE net.connman.Task --setenv CONNMAN_PATH /task/4 --dev vpn0 --dev-type tun --persist-tun --route-noexec --ifconfig-noexec --ping-restart 0
which does not work because of the "--dev-type tun" flag: the tunnel is a tap tunnel and "dev tap" is correctly specified in myvpn.ovpn config file yet the interface insists on overriding this, thus breaking the config.
The Settings should check the ovpn config file for options and NOT replace those it finds. It is ok to add --setenv
options and probably also the --up
and other such flags, but --dev-type
is only going to break things.