[refactor] restart by allowing to send SIGUSR1 to openvpn process

by properly allowing openvpn to restart when receiving SIGUSR1, we can
reserve the hard process restarts for cases in which the process is
aborted.

this depends on bitmask-root adding --persist-tun and --persist-key as
mandatory/allowed parameters.

1 files changed, 6 insertions, 3 deletions

diff --git a/src/leap/bitmask/vpn/helpers/linux/bitmask-root b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
index 80ac12e8..cad082be 100755
--- a/src/leap/bitmask/vpn/helpers/linux/bitmask-root
+++ b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
@@ -73,7 +73,7 @@ def get_no_group_name():
             return None
 
 
-VERSION = "6"
+VERSION = "7"
 SCRIPT = "bitmask-root"
 NAMESERVER = "10.42.0.1"
 BITMASK_CHAIN = "bitmask"
@@ -105,7 +105,8 @@ FIXED_FLAGS = [
     "--management-signal",
     "--script-security", "1",
     "--user", "nobody",
-    "--remap-usr1", "SIGTERM",
+    "--persist-key",
+    "--persist-tun",
 ]
 
 if OPENVPN_GROUP is not None:
@@ -121,7 +122,8 @@ ALLOWED_FLAGS = {
     "--cert": ["FILE"],
     "--key": ["FILE"],
     "--ca": ["FILE"],
-    "--fragment": ["NUMBER"]
+    "--fragment": ["NUMBER"],
+    "--keepalive": ["NUMBER", "NUMBER"],
 }
 
 PARAM_FORMATS = {
@@ -964,6 +966,7 @@ def main():
     else:
         bail("ERROR: No such command")
 
+
 if __name__ == "__main__":
     debug(" ".join(sys.argv))
     main()