mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
6fbf66fad3
It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
265 lines
6.9 KiB
Bash
265 lines
6.9 KiB
Bash
#!/bin/sh
|
|
### BEGIN INIT INFO
|
|
# Provides: openvpn
|
|
# Required-Start: $network
|
|
# Required-Stop: $network
|
|
# Default-Start: 3 5
|
|
# Default-Stop: 0 1 2 6
|
|
# Short-Description: This shell script takes care of starting and stopping OpenVPN.
|
|
# Description: OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port.
|
|
### END INIT INFO
|
|
|
|
# Contributed to the OpenVPN project by
|
|
# Douglas Keller <doug@voidstar.dyndns.org>
|
|
# 2002.05.15
|
|
|
|
# Modified for SuSE by
|
|
# Frank Plohmann <openvpn@franks-planet.de>
|
|
# 2003.08.24
|
|
# Please feel free to contact me if you have problems or suggestions
|
|
# using this script.
|
|
|
|
# To install:
|
|
# copy this file to /etc/rc.d/init.d/openvpn
|
|
# use the runlevel editor in Yast to add it to runlevel 3 and/or 5
|
|
# shell> mkdir /etc/openvpn
|
|
# make .conf or .sh files in /etc/openvpn (see below)
|
|
|
|
# To uninstall:
|
|
# use also Yast and the runlevel editor to uninstall
|
|
|
|
# Author's Notes:
|
|
#
|
|
# I have created an /etc/init.d init script and enhanced openvpn.spec to
|
|
# automatically register the init script. Once the RPM is installed you
|
|
# can start and stop OpenVPN with "service openvpn start" and "service
|
|
# openvpn stop".
|
|
#
|
|
# The init script does the following:
|
|
#
|
|
# - Starts an openvpn process for each .conf file it finds in
|
|
# /etc/openvpn.
|
|
#
|
|
# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
|
|
# it before starting openvpn (useful for doing openvpn --mktun...).
|
|
#
|
|
# - In addition to start/stop you can do:
|
|
#
|
|
# /etc/init.d/openvpn reload - SIGHUP
|
|
# /etc/init.d/openvpn reopen - SIGUSR1
|
|
# /etc/init.d/openvpn status - SIGUSR2
|
|
|
|
# Modifications 2003.05.02
|
|
# * Changed == to = for sh compliance (Bishop Clark).
|
|
# * If condrestart|reload|reopen|status, check that we were
|
|
# actually started (James Yonan).
|
|
# * Added lock, piddir, and work variables (James Yonan).
|
|
# * If start is attempted twice, without an intervening stop, or
|
|
# if start is attempted when previous start was not properly
|
|
# shut down, then kill any previously started processes, before
|
|
# commencing new start operation (James Yonan).
|
|
# * Do a better job of flagging errors on start, and properly
|
|
# returning success or failure status to caller (James Yonan).
|
|
#
|
|
# Modifications 2003.08.24
|
|
# * Converted the script for SuSE Linux distribution.
|
|
# Tested with version 8.2 (Frank Plohmann).
|
|
# - removed "chkconfig" header
|
|
# - added Yast header
|
|
# - changed installation notes
|
|
# - corrected path to openvpn binary
|
|
# - removes sourcing "functions"
|
|
# - removed sourcing "network"
|
|
# - removed network checking. it seemed not to work with SuSE.
|
|
# - added sourcing "rc.status", comments and "rc_reset" command
|
|
# - removed "succes; echo" and "failure; echo" lines
|
|
# - added "rc_status" lines at the end of each section
|
|
# - changed "service" to "/etc/init.d/" in "In addition to start/stop"
|
|
# section above.
|
|
#
|
|
# Modifications 2005.04.04
|
|
# * Added openvpn-startup and openvpn-shutdown script calls (James Yonan).
|
|
#
|
|
|
|
# Location of openvpn binary
|
|
openvpn="/usr/local/sbin/openvpn"
|
|
|
|
# Lockfile
|
|
lock="/var/lock/subsys/openvpn"
|
|
|
|
# PID directory
|
|
piddir="/var/run/openvpn"
|
|
|
|
# Our working directory
|
|
work=/etc/openvpn
|
|
|
|
# Source rc functions
|
|
. /etc/rc.status
|
|
|
|
# Shell functions sourced from /etc/rc.status:
|
|
# rc_check check and set local and overall rc status
|
|
# rc_status check and set local and overall rc status
|
|
# rc_status -v ditto but be verbose in local rc status
|
|
# rc_status -v -r ditto and clear the local rc status
|
|
# rc_failed set local and overall rc status to failed
|
|
# rc_reset clear local rc status (overall remains)
|
|
# rc_exit exit appropriate to overall rc status
|
|
|
|
# rc_status check and set local and overall rc status
|
|
# rc_status -v ditto but be verbose in local rc status
|
|
# rc_status -v -r ditto and clear the local rc status
|
|
# rc_failed set local and overall rc status to failed
|
|
# rc_reset clear local rc status (overall remains)
|
|
# rc_exit exit appropriate to overall rc status
|
|
|
|
# First reset status of this service
|
|
rc_reset
|
|
|
|
[ -f $openvpn ] || exit 0
|
|
|
|
# See how we were called.
|
|
case "$1" in
|
|
start)
|
|
echo -n $"Starting openvpn: "
|
|
|
|
/sbin/modprobe tun >/dev/null 2>&1
|
|
|
|
# From a security perspective, I think it makes
|
|
# sense to remove this, and have users who need
|
|
# it explictly enable in their --up scripts or
|
|
# firewall setups.
|
|
|
|
#echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
|
# Run startup script, if defined
|
|
if [ -f $work/openvpn-startup ]; then
|
|
$work/openvpn-startup
|
|
fi
|
|
|
|
if [ ! -d $piddir ]; then
|
|
mkdir $piddir
|
|
fi
|
|
|
|
if [ -f $lock ]; then
|
|
# we were not shut down correctly
|
|
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
|
|
if [ -s $pidf ]; then
|
|
kill `cat $pidf` >/dev/null 2>&1
|
|
fi
|
|
rm -f $pidf
|
|
done
|
|
rm -f $lock
|
|
sleep 2
|
|
fi
|
|
|
|
rm -f $piddir/*.pid
|
|
cd $work
|
|
|
|
# Start every .conf in $work and run .sh if exists
|
|
errors=0
|
|
successes=0
|
|
for c in `/bin/ls *.conf 2>/dev/null`; do
|
|
bn=${c%%.conf}
|
|
if [ -f "$bn.sh" ]; then
|
|
. $bn.sh
|
|
fi
|
|
rm -f $piddir/$bn.pid
|
|
$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
|
|
if [ $? = 0 ]; then
|
|
successes=1
|
|
else
|
|
errors=1
|
|
fi
|
|
done
|
|
|
|
if [ $successes = 1 ]; then
|
|
touch $lock
|
|
fi
|
|
|
|
rc_status -v
|
|
;;
|
|
stop)
|
|
echo -n $"Shutting down openvpn: "
|
|
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
|
|
if [ -s $pidf ]; then
|
|
kill `cat $pidf` >/dev/null 2>&1
|
|
fi
|
|
rm -f $pidf
|
|
done
|
|
|
|
# Run shutdown script, if defined
|
|
if [ -f $work/openvpn-shutdown ]; then
|
|
$work/openvpn-shutdown
|
|
fi
|
|
|
|
rm -f $lock
|
|
|
|
rc_status -v
|
|
;;
|
|
restart)
|
|
$0 stop
|
|
sleep 2
|
|
$0 start
|
|
|
|
rc_status
|
|
;;
|
|
reload)
|
|
if [ -f $lock ]; then
|
|
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
|
|
if [ -s $pidf ]; then
|
|
kill -HUP `cat $pidf` >/dev/null 2>&1
|
|
fi
|
|
done
|
|
else
|
|
echo "openvpn: service not started"
|
|
exit 1
|
|
fi
|
|
|
|
rc_status -v
|
|
;;
|
|
reopen)
|
|
if [ -f $lock ]; then
|
|
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
|
|
if [ -s $pidf ]; then
|
|
kill -USR1 `cat $pidf` >/dev/null 2>&1
|
|
fi
|
|
done
|
|
else
|
|
echo "openvpn: service not started"
|
|
exit 1
|
|
fi
|
|
|
|
rc_status -v
|
|
;;
|
|
condrestart)
|
|
if [ -f $lock ]; then
|
|
$0 stop
|
|
# avoid race
|
|
sleep 2
|
|
$0 start
|
|
fi
|
|
|
|
rc_status
|
|
;;
|
|
status)
|
|
if [ -f $lock ]; then
|
|
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
|
|
if [ -s $pidf ]; then
|
|
kill -USR2 `cat $pidf` >/dev/null 2>&1
|
|
fi
|
|
done
|
|
echo "Status written to /var/log/messages"
|
|
else
|
|
echo "openvpn: service not started"
|
|
exit 1
|
|
fi
|
|
|
|
rc_status -v
|
|
;;
|
|
*)
|
|
echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
|
|
exit 1
|
|
esac
|
|
|
|
exit 0
|