OpenVPN Boot and Shutdown problems with NFS filesystems

By jbayer - Last updated: Tuesday, November 2, 2010 - Save & Share - Leave a Comment

  Ubuntu OpenVPN Boot Fix (2.2 KiB, 532 hits)

OpenVPN is a free, open-source, enterprise-level VPN.  It runs on most if not all Linux systems as well as Windows.

On Linux, if an NFS filesystem is auto-mounted over the VPN, a race condition can occur where the system will try to mount all the auto-mount filesystems BEFORE OpenVPN is started.

Similarly, at shutdown, OpenVPN is normally shut down before the filesystems are unmounted.  This will cause an indefinite hang when the system then tries to unmount the NFS filesystems which are mounted over the VPN.

The attached scripts are designed to fix these problems.  These scripts have been tested on Ubuntu 8.04, but should work on most if not all Debian systems.  Minor modifications will need to be made for RedHat/CentOS systems.

This script fixes several problems with the OpenVPN setup.

1.  The boot problems occur because of the order in which services are started.   OpenVPN is installed as a normal service, which means that the networking is
started, and then the system tries to mount the networked filesystems before OpenVPN is started.  Since the filesystems are only available via OpenVPN,
problems are created.

These changes do the following:

  1. Start OpenVPN immediately after the networking is started, as a high priority system service.  This is done by putting the OpenVPN script into the rcS.d directory instead of the normal rc[0-6].d directories.
  2. The startup script “openvpn-wait4active” will wait until tun0 and  tap0 are started.  Once they are started, it will again attempt to mount all filesytems.   The openvpn-wait4active mounts each entry in /etc/fstab which is marked as a networked filesystem.  This ensures that all the networked filesystems are properly mounted.  Then the boot sequence is allowed to proceed.
  3. The shutdown/reboot problems occur because the shutdown/reboot sequence turns off the networking BEFORE the filesystems are unmounted.  This causes a hang when the samba client tries to unmount the filesystem.  Since the samba client cannot access the network, it causes CIFS errors.  The solution is to unmount the networked filesystems before the network is shut off.  This is performed by the shutdown script “openvpn-unmount”, which finds and unmounts all NFS and CIFS filesystems.
  4. The fstab has had the following modifications:

a.  dmask has been changed to dir_mode, since dmask is depreciated
b.  fmask has been changed to file_mode, since fmask is depreciated

  Ubuntu OpenVPN Boot Fix (2.2 KiB, 532 hits)

Posted in Administration, Open Source • • Top Of Page

Write a comment