I would like to activate two instances of OpenVPN server: The instance « server » which use NAT networking and the instance « server-bridge » which use bridge networking. I’ve tried to do « svccfg export -a svc:/ooce/network/openvpn » , add to the exported xml the instance server-bridge (<instance name=‘server-bridge’ enabled='false’/>) near the instances « server » and « client » which are already there. After

that, I try to import the .xml with « svccfg import /path/to/xml » but I get this error: « svccfg: Multiple definitions for property security_flags in property group start. ». I don’t want to mess with that feature (« aslr » ) because it seems like an important security feature… Here’s the faulty section:

<exec_method name='start' type='method' exec='/opt/ooce/openvpn/sbin/openvpn --cd /etc/opt/ooce/openvpn --config /etc/opt/ooce/openvpn/%i.conf --daemon openvpn:%i --log-append /var/log/opt/ooce/openvpn/%i.log' timeout_seconds='60'>

<method_context security_flags='aslr'/>

<propval name='security_flags' type='astring' value='aslr'/>

</exec_method>

Help anyone?

Even if I don’t modify at all the .xml and reimport it, it fails with the same error..

mighty_spiky - Rather than trying to re-import, you should just use `svccfg` to create a new instance.

I am not at a proper keyboard to give any example just now, but I can tomorrow or there might be something similar on the web site. I'll check.

There's an example of how we add new instances for the pkg/server service in omnios.org/makingof/setuprepo

Thanks for the help.. For the moment, I’ll just use the existing instance « client » to define my bridge instance and will move to a proper instance name later (when my bridge instance works)

Basically `svccfg -s <service> add <instance>` and then configure its properties as necessary, although in this instance it looks like just having a new instance will make it use <instance>.conf for the configuration file etc.

I’ve just executed the command you indicated to me and it works without further configuration at SMF level! Thanks again andyf !!

Now, I’ve created a bridge with dladm command and tried adding the real network interface to it successfully (dladm add-bridge -l rge0 bridge) but I cannot do the same with tap0 even if that interface appears when I run « ifconfig ». « tap0 » has been created by starting my OpenVPN bridge instance but it is not listed when running « dladm show-link »… Any help on that? (I think this is the last obstacle before a fully workin

OpenVPN)