4 files changed, 10 insertions, 8 deletions

diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index a583c94c..bfb92421 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -83,14 +83,11 @@ FIXED_FLAGS = [
     "--tls-client",
     "--remote-cert-tls", "server",
     "--management-signal",
-    "--management", MANAGEMENT_SOCKET, "unix",
-    "--script-security", "1"
+    "--script-security", "1",
     "--user", "nobody",
     "--group", "nogroup",
 ]
 
-#    "--management", MANAGEMENT_SOCKET, "unix",
-
 ALLOWED_FLAGS = {
     "--remote": ["IP", "NUMBER", "PROTO"],
     "--tls-cipher": ["CIPHER"],
diff --git a/src/leap/bitmask/backend.py b/src/leap/bitmask/backend.py
index 2bfcbfa0..bd26bb1c 100644
--- a/src/leap/bitmask/backend.py
+++ b/src/leap/bitmask/backend.py
@@ -1048,6 +1048,9 @@ class Backend(object):
     def stop_eip(self, shutdown=False):
         """
         Stop the EIP service.
+
+        :param shutdown:
+        :type shutdown: bool
         """
         self._call_queue.put(("eip", "stop", None, shutdown))
 
diff --git a/src/leap/bitmask/services/eip/vpnlauncher.py b/src/leap/bitmask/services/eip/vpnlauncher.py
index 20b4d87d..af3116f2 100644
--- a/src/leap/bitmask/services/eip/vpnlauncher.py
+++ b/src/leap/bitmask/services/eip/vpnlauncher.py
@@ -125,8 +125,6 @@ class VPNLauncher(object):
         domain = providerconfig.get_domain()
         gateway_conf = leap_settings.get_selected_gateway(domain)
 
-        print "GETTING GATEWAYS -----"
-
         if gateway_conf == leap_settings.GATEWAY_AUTOMATIC:
             gateway_selector = VPNGatewaySelector(eipconfig)
             print "auto: getting from selector"
diff --git a/src/leap/bitmask/services/eip/vpnprocess.py b/src/leap/bitmask/services/eip/vpnprocess.py
index c09daf78..a8b833d0 100644
--- a/src/leap/bitmask/services/eip/vpnprocess.py
+++ b/src/leap/bitmask/services/eip/vpnprocess.py
@@ -161,6 +161,8 @@ class VPN(object):
         self._signaler = kwargs['signaler']
         self._openvpn_verb = flags.OPENVPN_VERBOSITY
 
+        self._user_stopped = False
+
     def start(self, *args, **kwargs):
         """
         Starts the openvpn subprocess.
@@ -172,6 +174,7 @@ class VPN(object):
         :type kwargs: dict
         """
         logger.debug('VPN: start')
+        self._user_stopped = False
         self._stop_pollers()
         kwargs['openvpn_verb'] = self._openvpn_verb
         kwargs['signaler'] = self._signaler
@@ -242,7 +245,7 @@ class VPN(object):
 
     def _kill_if_left_alive(self, tries=0):
         """
-        Check if the process is still alive, and sends a
+        Check if the process is still alive, and send a
         SIGKILL after a timeout period.
 
         :param tries: counter of tries, used in recursion
@@ -256,7 +259,7 @@ class VPN(object):
                 # we try to bring the firewall up
                 # XXX We could keep some state to be sure it was the
                 # user who did turn EIP off.
-                if IS_LINUX:
+                if IS_LINUX and self._user_stopped:
                     firewall_down = self._tear_down_firewall()
                     if firewall_down:
                         logger.debug("Firewall down")
@@ -298,6 +301,7 @@ class VPN(object):
         """
         from twisted.internet import reactor
         self._stop_pollers()
+        self._user_stopped = True
 
         # First we try to be polite and send a SIGTERM...
         if self._vpnproc: