Config parsing on OpenVPN 2.5

Hey guys,

I just upgraded to OpenVPN 2.5 and realized that the "up/down" directives no longer get parsed. I got an option like "option up ''''/bin/ up''''" in my /etc/config/openvpn file which is just being ignored since I upgraded to OpenVPN 2.5 on OpenWRT. To be clear, that directive isn't inserted into the temporary ovpn configuration file in /tmp/etc/opvnconfiguration.conf ad thus is not used at all on that particular connection I created.

How can I get those up/down scripts running again (script-security is set to "2" by the way).

Any help would be appreciated!

1 Like

Use the alternative supported options to invoke scripts:

Or modify the valid options list:

opkg files openvpn-openssl | grep -e options

You can as well file an bug for the missing options.

Or use the native OpenVPN syntax.


ok, so you mean I could use "route-up" and "route-pre-down" instead of "up" / "down"?

I just compared the options list of 2.5 against the one before that (I think it was 2.41) and indeed, "up" and "down" were removed for some reason. Manually adding those two options back to the options list also puts them into the /tmp/etc/opvnconfiguration.conf again. I think I will just adjust my build script to insert those two options into my image for now. Maybe removing those was by design? The commit that removed the options is this one:

I can't find any reason for removing them though.

To use the native OpenVPN syntax would mean that I woudn't use UCI for managing openvpn any longer, right?

1 Like

LuCI provides "file editor mode" to modify imported/native OpenVPN profiles.