site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com [to start] sudo openvpn2 --daemon --config openvpn.conf [to stop] sudo kill -s SIGINT <pid> or [to start] sudo launchctl load net.openvpn.plist [to stop] sudo launchctl unload net.openvpn.plist I have also tried to run launchctl: net.openvpn: exited abnormally: Broken pipe net.openvpn: respawning too quickly! throttling My questions: Thanks in advance for your patience Nicola _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... Hi, I want to manage a privileged service (namely, openvpn) programmatically. I am using Mac OS X 10.4.7. From the shell, I can do either (having previously created the .conf and .plist files). Both methods work flawlessly (well, launchctl gives the mysterious "Workaround Bonjour: Unknown error: 0" message, but it works). I would like to perform the above operations from inside my code. I have read "Performing Privileged Operations With Authorization Services" in Apple's documentation, and I have browsed through AuthSample and MoreAuthSample's code. As a test, I have taken AuthSample code and changed the performOperation() function in authtool.c by adding the following code: /* XXX perform the actual operation here */ pid_t pid; switch(pid = fork()) { case 0: /* Child */ { execl("/opt/local/sbin/openvpn2", "openvpn2", "--daemon", "--config", "/Users/me/Library/openvpn/openvpn.conf", 0); } case -1: /* an error occured */ return kMyAuthorizedCommandInternalError; default: /* Parent */ break; } execl("/bin/launchctl", "launchctl", "load", "/Library/LaunchDaemons/ net.openvpn.plist", 0); The latter method simply does not work. In the console, I get several messages like this: Using the former method, the process starts (as root, correctly), but it does not work. Browsing the logs, it seems that openvpn initialization chokes somewhere, and the routing tables are left incomplete (I get one tap0 entry, while I get three when I run openvpn from the shell). 1) why do the commands from the shell and from the program behave differently? Is there any (possibly trivial) oversight in my code? 2) Is launchd to be preferred over other methods in this case? And is it the way to go in general? This email sent to site_archiver@lists.apple.com