Mail archive
alpine-devel

Re: [alpine-devel] OpenVPN Multiple Tunnels

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Tue, 14 Dec 2010 16:51:26 +0100

On Mon, 2010-12-13 at 14:54 -0700, Steve Fink wrote:
> Everyone,
>
> I researched OpenRC and rewrote parts of an OpenVPN init script I
> found but I have not been able to find a simple way to pass a command
> line argument to the init script.

> So for phase one of my (hopefully improved) OpenVPN init script, it is
> able to parse the /etc/openvpn directory and locate and start an
> OpenVPN tunnel for every file named with a .conf also writing
> their .pid files to /var/run/openvpn. Then later parsing the .pid
> files and stopping all the OpenVPN tunnels that were started. So in
> effect being able to do a restart too.

Great! Thanks!
>
> This script will hopefully help in keeping with both the documentation
> on the AlpineLinux wiki and the OpenVPN site for multiple tunnels.
>
> I am also hoping to expand this script to be able to
> start/stop/restart individual tunnels in the near future.

I wonder if we could have it both ways so if you have symlinks it works
like it already do (for compat with current running systems) and if you
have a list of configs in AUTOSTART= in /etc/conf.d/openvpn then it will
start those. I think samba init.d script have similar "problem",
possible multiple daemons to start from same init.d script.

VPN="${SVCNAME#*.}"
if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then
    # this is a gento-style symlink.
    # start only a single instance of openvpn and
    # use /etc/openvpn/$VPN.conf
else
    # this no symlink, start all in AUTOSTART or similar
fi

Also, it would be nice if it used start-stop-daemon from openrc.


> Best,
>
> Steve
>
> #!/sbin/runscript
>
> # OpenVPN start/stop script
> # Adapted to Gentoo by James Yonan
> # Modified by Steve Fink for multiple .conf files
>
> # This script does the following:
> #
> # - Starts an OpenVPN process for each .conf file in /etc/openvpn
> #
> # - If /etc/openvpn/xxx.start exists for a xxx.conf file then it
> executes
> # it before starting OpenVPN (useful for doing openvpn --mktun...).
> #
> # - If /etc/openvpn/xxx.stop exists for a xxx.conf file then it
> executes
> # it after stopping OpenVPN (useful for doing openvpn --rmtun...).
> #
>
> # OpenRC options
> opts="start stop restart"
>
> # Default location of openvpn
> OPENVPN=/usr/sbin/openvpn
>
> # Default pid directory
> PIDDIR=/var/run/openvpn
>
> # Default conf directory
> CONFDIR=/etc/openvpn
>
> depend() {
> need net
> use dns
> }
>
> start() {
> ebegin "Starting OpenVPN"
>
> # Load the TUN/TAP module
> /sbin/modprobe tun >/dev/null 2>&1
>
> if [ ! -d $PIDDIR ]; then
> mkdir $PIDDIR
> fi
>
> cd $CONFDIR
>
> # Start every .conf in $CONFDIR and run .start if available
> local errors=0
> local successes=0
> local retstatus=0
> for c in `/bin/ls *.conf 2>/dev/null`; do
> bn=${c%%.conf}
> ebegin "Starting VPN: $bn"
> if [ -f "$bn.start" ]; then
> . $bn.start
> fi
> rm -f $PIDDIR/$bn.pid
> $OPENVPN --daemon openvpn-$bn --writepid $PIDDIR/$bn.pid
> --config $CONFDIR/$c --cd $CONFDIR
> result=$?
> if [ $result = 0 ]; then
> successes=1
> else
> errors=1
> fi
> eend $result
> done
>
> # Decide status based on errors/successes.
> # If at least one tunnel succeeded, we return success.
> # If some tunnels succeeded and some failed, we return success but
> give a warning.
> if [ $successes = 1 ]; then
> if [ $errors = 1 ]; then
> ewarn "Note: At least one OpenVPN tunnel failed to start"
> fi
> else
> retstatus=1
> if [ $errors = 0 ]; then
> ewarn "Note: No OpenVPN configuration files were found in
> $CONFDIR"
> fi
> fi
> eend $retstatus "Error starting OpenVPN"
> }
>
> stop() {
> ebegin "Stopping OpenVPN"
> for pidf in `find $PIDDIR -name '*.pid' 2>/dev/null`; do
> if [ -s $pidf ]; then
> bn=${pidf%%.pid}
> bn=${bn##$PIDDIR/}
> einfo "Stopping VPN: $bn ..."
> kill `cat $pidf` >/dev/null 2>&1
> if [ -f "${CONFDIR}/${bn}.stop" ]; then
> . ${CONFDIR}/${bn}.stop
> fi
> eend $?
> rm -rf $pidf >/dev/null 2>&1
> dn=`dirname $pidf`
> if [ `ls -A "$dn"|wc -w` = 0 ]; then
> rm -rf "$dn"
> fi
> fi
> done
> eend 0
> }
>
>
>
>




---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue Dec 14 2010 - 16:51:26 UTC