diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-09-26 05:28:27 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-09-26 05:28:27 +0000 |
commit | 6fbf66fad3367b24fd6743bcd50254902fd9c8d5 (patch) | |
tree | 9802876e3771744eead18917bb47ff6e90ac39f5 /suse/openvpn.init | |
download | openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.tar.xz |
This is the start of the BETA21 branch.
It includes the --topology feature, and
TAP-Win32 driver changes to allow
non-admin access.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'suse/openvpn.init')
-rw-r--r-- | suse/openvpn.init | 264 |
1 files changed, 264 insertions, 0 deletions
diff --git a/suse/openvpn.init b/suse/openvpn.init new file mode 100644 index 0000000..8f1060a --- /dev/null +++ b/suse/openvpn.init @@ -0,0 +1,264 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: openvpn +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: This shell script takes care of starting and stopping OpenVPN. +# Description: OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. +### END INIT INFO + +# Contributed to the OpenVPN project by +# Douglas Keller <doug@voidstar.dyndns.org> +# 2002.05.15 + +# Modified for SuSE by +# Frank Plohmann <openvpn@franks-planet.de> +# 2003.08.24 +# Please feel free to contact me if you have problems or suggestions +# using this script. + +# To install: +# copy this file to /etc/rc.d/init.d/openvpn +# use the runlevel editor in Yast to add it to runlevel 3 and/or 5 +# shell> mkdir /etc/openvpn +# make .conf or .sh files in /etc/openvpn (see below) + +# To uninstall: +# use also Yast and the runlevel editor to uninstall + +# Author's Notes: +# +# I have created an /etc/init.d init script and enhanced openvpn.spec to +# automatically register the init script. Once the RPM is installed you +# can start and stop OpenVPN with "service openvpn start" and "service +# openvpn stop". +# +# The init script does the following: +# +# - Starts an openvpn process for each .conf file it finds in +# /etc/openvpn. +# +# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes +# it before starting openvpn (useful for doing openvpn --mktun...). +# +# - In addition to start/stop you can do: +# +# /etc/init.d/openvpn reload - SIGHUP +# /etc/init.d/openvpn reopen - SIGUSR1 +# /etc/init.d/openvpn status - SIGUSR2 + +# Modifications 2003.05.02 +# * Changed == to = for sh compliance (Bishop Clark). +# * If condrestart|reload|reopen|status, check that we were +# actually started (James Yonan). +# * Added lock, piddir, and work variables (James Yonan). +# * If start is attempted twice, without an intervening stop, or +# if start is attempted when previous start was not properly +# shut down, then kill any previously started processes, before +# commencing new start operation (James Yonan). +# * Do a better job of flagging errors on start, and properly +# returning success or failure status to caller (James Yonan). +# +# Modifications 2003.08.24 +# * Converted the script for SuSE Linux distribution. +# Tested with version 8.2 (Frank Plohmann). +# - removed "chkconfig" header +# - added Yast header +# - changed installation notes +# - corrected path to openvpn binary +# - removes sourcing "functions" +# - removed sourcing "network" +# - removed network checking. it seemed not to work with SuSE. +# - added sourcing "rc.status", comments and "rc_reset" command +# - removed "succes; echo" and "failure; echo" lines +# - added "rc_status" lines at the end of each section +# - changed "service" to "/etc/init.d/" in "In addition to start/stop" +# section above. +# +# Modifications 2005.04.04 +# * Added openvpn-startup and openvpn-shutdown script calls (James Yonan). +# + +# Location of openvpn binary +openvpn="/usr/local/sbin/openvpn" + +# Lockfile +lock="/var/lock/subsys/openvpn" + +# PID directory +piddir="/var/run/openvpn" + +# Our working directory +work=/etc/openvpn + +# Source rc functions +. /etc/rc.status + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +# First reset status of this service +rc_reset + +[ -f $openvpn ] || exit 0 + +# See how we were called. +case "$1" in + start) + echo -n $"Starting openvpn: " + + /sbin/modprobe tun >/dev/null 2>&1 + + # From a security perspective, I think it makes + # sense to remove this, and have users who need + # it explictly enable in their --up scripts or + # firewall setups. + + #echo 1 > /proc/sys/net/ipv4/ip_forward + + # Run startup script, if defined + if [ -f $work/openvpn-startup ]; then + $work/openvpn-startup + fi + + if [ ! -d $piddir ]; then + mkdir $piddir + fi + + if [ -f $lock ]; then + # we were not shut down correctly + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + rm -f $lock + sleep 2 + fi + + rm -f $piddir/*.pid + cd $work + + # Start every .conf in $work and run .sh if exists + errors=0 + successes=0 + for c in `/bin/ls *.conf 2>/dev/null`; do + bn=${c%%.conf} + if [ -f "$bn.sh" ]; then + . $bn.sh + fi + rm -f $piddir/$bn.pid + $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work + if [ $? = 0 ]; then + successes=1 + else + errors=1 + fi + done + + if [ $successes = 1 ]; then + touch $lock + fi + + rc_status -v + ;; + stop) + echo -n $"Shutting down openvpn: " + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + + # Run shutdown script, if defined + if [ -f $work/openvpn-shutdown ]; then + $work/openvpn-shutdown + fi + + rm -f $lock + + rc_status -v + ;; + restart) + $0 stop + sleep 2 + $0 start + + rc_status + ;; + reload) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -HUP `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + + rc_status -v + ;; + reopen) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR1 `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + + rc_status -v + ;; + condrestart) + if [ -f $lock ]; then + $0 stop + # avoid race + sleep 2 + $0 start + fi + + rc_status + ;; + status) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR2 `cat $pidf` >/dev/null 2>&1 + fi + done + echo "Status written to /var/log/messages" + else + echo "openvpn: service not started" + exit 1 + fi + + rc_status -v + ;; + *) + echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}" + exit 1 +esac + +exit 0 |