[PATCH] Make init script start openvpn for each *.ovpn in addition to *.conf

[Ville Skyttä]

Many systems generate and assume OpenVPN config files to be named *.ovpn; the attached patch makes the sample init script activate openvpn on them in addition to *.conf in /etc/openvpn.

[David Sommerseth]

Thank you for your contribution!

However, I am not convinced we should include this patch. The reason is that *.ovpn files is not a file extension which is used anywhere on the *nix platform at all for configuration files. Many files in /etc do not have file extensions, and if they have, it is in most cases *.cfg, *.cnf or *.conf if it is plain-text configuration files. XML files use *.xml. Basically, you can based on the extension do a qualified guess if the file is readable by humans or not. And the file extension in this system directory is never (to my knowledge) connected to one particular application at all.

The *.ovpn extension is something which comes from the Windows world, to tie a particular extension up to use a particular program when being double clicked-on. This is not the case for OpenVPN on the *nix platform at all, and particularly not for files in /etc. So I am really reluctant to start mixing file extensions on the Linux platform, especially related to files in /etc. And also when *.conf is the de-facto file extension for plain-text based configuration files.

[Ville Skyttä]

Think of it this way:

Authors of appliances/firewalls/gateways that support OpenVPN need to choose *some* file extension for the OpenVPN configurations they offer (via downloading from web interfaces etc). Their options in no particular order basically are:

1) Ask the user the OS/platform they're be using OpenVPN with, then provide the config file with the appropriate filename extension for that platform
2) Use *.ovpn
3) Use *.conf

Choosing option 1) doesn't make much sense - it's just unnecessary and possibly confusing for novice users and would be annoying for users who use OpenVPN on multiple OS's, and I'm not aware of anything that would offer that option. Option 3) is a no go, because it wouldn't work with said commonly used Windows application out of the box. So they choose option 2), which causes extra work e.g. for Linux users who wish to use the configs with the OpenVPN init script.

I see no actual problems with supporting *.ovpn in addition to *.conf in the init script. It's not like *.ovpn would be confused with anything else, and would make life a bit easier for Unix users, and in general having different file extensions for files of the same format/type on different platforms just causes unnecessary confusion in my opinion. There's no need to encourage *.ovpn over *.conf on Unix, but why not just "silently" support it?

[David Sommerseth]

This is a sample-script. So if a vendor of any kind wants to implement different extensions, they can implement this themselves. In fact, they should most likely do that anyway.

*.ovpn extension exists only on Windows, due to how Windows is designed to handle file types. We don't need to mess up this on other platforms as well - especially when the config file is a plain text config file. The start-up script reads /etc/openvpn, which is a system directory where a system administrator has a responsibility. This directory should not be writeable to anyone else than root.

The OpenVPN packagers for each distribution/OS can decide to do this if they find it appropriate - as that will be dependent on the policies each distribution/OS have. It is not even a requirement that they use the OpenVPN provided sample-script. It is an example. This script must stay compliant to the broadest set of policies, where it stays as close as possible to well accepted standards. If somebody wants to include *.ovpn in their distribution, they can easily to that in the distribution where they have their responsibility. We will not push this as some expected behaviour or a requirement.

I'm closing this as wontfix now.