The current "up" script takes place quite late in the process.
In my setup I have a fairly complex set of tunnels, that I need to define and bride in advance.
Currently I do it with sytemd-netowkrd, but I cannot allow openvpn to create the tunnels dinamically as many other services in the machine are dependent on the tunel device.
In this context all the routing is handled without openvpn "äutomations", as there is quite a bit of network traffic mangling and balancing.
Under unexpected circumstances the tunel can fail connection leading to situations where the "up" script was executed but not the "down".
In this sense I have experienced situations where I need to do manual cleanups on the networking. To automate this, the only way is to have openvpn do not retry connections, exit the process, and a ExecStartPre in systemd...
But it would be much simpler having a script extension called within the openvpn process, before on each connection attempt.
I have not checked the code in detail, but probably it should take place in "init.c" init_instance(..) function and before the preresolve part.
The current "up" script takes place quite late in the process.
In my setup I have a fairly complex set of tunnels, that I need to define and bride in advance. Currently I do it with sytemd-netowkrd, but I cannot allow openvpn to create the tunnels dinamically as many other services in the machine are dependent on the tunel device.
In this context all the routing is handled without openvpn "äutomations", as there is quite a bit of network traffic mangling and balancing.
Under unexpected circumstances the tunel can fail connection leading to situations where the "up" script was executed but not the "down".
In this sense I have experienced situations where I need to do manual cleanups on the networking. To automate this, the only way is to have openvpn do not retry connections, exit the process, and a ExecStartPre in systemd...
But it would be much simpler having a script extension called within the openvpn process, before on each connection attempt. I have not checked the code in detail, but probably it should take place in "init.c" init_instance(..) function and before the preresolve part.