~alpine/devel

2 2

[alpine-devel] OpenVPN Multiple Tunnels

Details
Message ID
<13375983.3972.1291919809136.JavaMail.root@zimbra.netvantix.net>
Sender timestamp
1291919809
DKIM signature
missing
Download raw message
Hello everyone, 


I am new to alpinelinux but I've been using OpenVPN for years. 
The init script that is included in alpinelinux is a Gentoo init script. 
There is a bug in Gentoo that requires the OpenVPN config file to be named openvpn.conf and essentially prevents multiple tunnels ie Server and Client. There are several work arounds by doing some symbolic links and such but the problem is with the init script. 


Below is an init script that will fix this. I can get the script to stay in /etc/init.d after a reboot by including it in the lbu include but it will not auto start despite the fact that I have openvpn in the default runlevel and the permissions are 755. 


Can anyone point me in the right direction as to make sure the lbu included version starts automatically? 


I would prefer not to have to place it in an rc.local file. 


Thanks, 


Steve 





#!/bin/sh -e 
# 
# Original version by Robert Leslie 
# <rob@mars.org>, edited by iwj and cs 
# Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org> 
# Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net> 
# Modified for AlpineLinux by Steve Fink <sfink@netvantix.com> 
RCDLINKS="0,K20 1,K20 2,S20 3,S20 4,S20 5,S20 6,K20" 


DAEMON=/usr/sbin/openvpn 
DESC="OpenVPN Daemon" 
CONFIG_DIR=/etc/openvpn 
test -x $DAEMON || exit 0 
test -d $CONFIG_DIR || exit 0 


# Source defaults file; edit that file to configure this script. 
# AlpineLinux currently does not use /etc/default so we explicitly 
# set auto start to all files with .conf 
AUTOSTART="all" 
STATUSREFRESH=10 
if test -e /etc/default/openvpn ; then 
. /etc/default/openvpn 
fi 


start_vpn () { 
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then 
# daemon already given in config file 
DAEMONARG= 
else 
# need to daemonize 
DAEMONARG="--daemon ovpn-$NAME" 
fi 


if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then 
# status file already given in config file 
STATUSARG="" 
elif test $STATUSREFRESH -eq 0 ; then 
# default status file disabled in /etc/default/openvpn 
STATUSARG="" 
else 
# prepare default status file 
STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH" 
fi 


echo -n " $NAME" 
STATUS="OK" 


$DAEMON --writepid /var/run/openvpn.$NAME.pid \ 
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \ 
--config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS="FAILED" 
echo -n "($STATUS)" 
} 
stop_vpn () { 
kill `cat $PIDFILE` || true 
rm $PIDFILE 
rm -f /var/run/openvpn.$NAME.status 2> /dev/null 
} 


case "$1" in 
start) 
echo -n "Starting $DESC:" 


# autostart VPNs 
if test -z "$2" ; then 
# check if automatic startup is disabled by AUTOSTART=none 
if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then 
echo " Autostart disabled." 
exit 0 
fi 
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then 
# all VPNs shall be started automatically 
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do 
NAME=${CONFIG%%.conf} 
start_vpn 
done 
else 
# start only specified VPNs 
for NAME in $AUTOSTART ; do 
if test -e $CONFIG_DIR/$NAME.conf ; then 
start_vpn 
else 
echo -n " (failure: No such VPN: $NAME)" 
fi 
done 
fi 
#start VPNs from command line 
else 
while shift ; do 
[ -z "$1" ] && break 
if test -e $CONFIG_DIR/$1.conf ; then 
NAME=$1 
start_vpn 
else 
echo -n " (failure: No such VPN: $1)" 
fi 
done 
fi 
echo "." 


;; 
stop) 
echo -n "Stopping $DESC:" 


if test -z "$2" ; then 
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
NAME=`echo $PIDFILE | cut -c18-` 
NAME=${NAME%%.pid} 
stop_vpn 
echo -n " $NAME" 
done 
else 
while shift ; do 
[ -z "$1" ] && break 
if test -e /var/run/openvpn.$1.pid ; then 
PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null` 
NAME=`echo $PIDFILE | cut -c18-` 
NAME=${NAME%%.pid} 
stop_vpn 
echo -n " $NAME" 
else 
echo -n " (failure: No such VPN is running: $1)" 
fi 
done 
fi 
echo "." 
;; 
# We only 'reload' for running VPNs. New ones will only start with 'start' or 'restart'. 
reload|force-reload) 
echo -n "Reloading $DESC:" 
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
NAME=`echo $PIDFILE | cut -c18-` 
NAME=${NAME%%.pid} 
# If openvpn if running under a different user than root we'll need to restart 
if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then 
stop_vpn 
sleep 1 
start_vpn 
echo -n "(restarted)" 
else 
kill -HUP `cat $PIDFILE` || true 
echo -n " $NAME" 
fi 
done 
echo "." 
;; 


restart) 
shift 
$0 stop ${@} 
sleep 1 
$0 start ${@} 
;; 
cond-restart) 
echo -n "Restarting $DESC:" 
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
NAME=`echo $PIDFILE | cut -c18-` 
NAME=${NAME%%.pid} 
stop_vpn 
sleep 1 
start_vpn 
done 
echo "." 
;; 
*) 
echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart}" >&2 
exit 1 
;; 
esac 


exit 0
Nathan Angelacos <nangel@nothome.org>
Details
Message ID
<4D015223.4040901@nothome.org>
In-Reply-To
<20101209215427.3e12ed50@alpinelinux.org> (view parent)
Sender timestamp
1291932195
DKIM signature
missing
Download raw message
fwiw..

I'm running alpinelinux 2.1.2 with multiple openvpn tunnels:

ln -s /etc/init.d/openvpn /etc/init.d/openvpn.SanFrancisco

rc-update add openvpn.SanFrancisco
rc-update add openvpn

The config files are named :
/etc/openvpn/openvpn.conf
/etc/openvpn/SanFrancisco.conf





---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20101209215427.3e12ed50@alpinelinux.org>
In-Reply-To
<13375983.3972.1291919809136.JavaMail.root@zimbra.netvantix.net> (view parent)
Sender timestamp
1291931667
DKIM signature
missing
Download raw message
On Thu, 9 Dec 2010 11:36:49 -0700 (MST)
Steve Fink <sfink@netvantix.com> wrote:

> Hello everyone, 
> 
> 
> I am new to alpinelinux but I've been using OpenVPN for years. 

welcome :)

> The init script that is included in alpinelinux is a Gentoo init
> script. There is a bug in Gentoo that requires the OpenVPN config
> file to be named openvpn.conf and essentially prevents multiple
> tunnels ie Server and Client. There are several work arounds by doing
> some symbolic links and such but the problem is with the init script. 

I thought the symlinks are features not workarounds. They do (did?)
network interfaces similar.
 
> Below is an init script that will fix this. I can get the script to
> stay in /etc/init.d after a reboot by including it in the lbu include
> but it will not auto start despite the fact that I have openvpn in
> the default runlevel and the permissions are 755. 

Maybe openrc does not like that it is an /bin/sh script rather
than /sbin/runscript?
 
> 
> Can anyone point me in the right direction as to make sure the lbu
> included version starts automatically? 

rc-update add openvpn should do it. 

> I would prefer not to have to place it in an rc.local file. 

yeah. that would be a workaround.

> 
> 
> Thanks, 
> 
> 
> Steve 
> 
> 
> 
> 
> 
> #!/bin/sh -e 

try convert it to an openrc /sbin/runscript

> # 
> # Original version by Robert Leslie 
> # <rob@mars.org>, edited by iwj and cs 
> # Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org> 
> # Modified for restarting / starting / stopping single tunnels by
> Richard Mueller <mueller@teamix.net> # Modified for AlpineLinux by
> Steve Fink <sfink@netvantix.com> RCDLINKS="0,K20 1,K20 2,S20 3,S20
> 4,S20 5,S20 6,K20" 
> 
> 
> DAEMON=/usr/sbin/openvpn 
> DESC="OpenVPN Daemon" 
> CONFIG_DIR=/etc/openvpn 
> test -x $DAEMON || exit 0 
> test -d $CONFIG_DIR || exit 0 
> 
> 
> # Source defaults file; edit that file to configure this script. 
> # AlpineLinux currently does not use /etc/default so we explicitly 
> # set auto start to all files with .conf 
> AUTOSTART="all" 
> STATUSREFRESH=10 
> if test -e /etc/default/openvpn ; then 
> . /etc/default/openvpn 
> fi 

the /sbin/runscript will source /etc/conf.d/openvpn for you without you
need check if it is there and do it.

> 
> start_vpn () { 
> if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then 
> # daemon already given in config file 
> DAEMONARG= 
> else 
> # need to daemonize 
> DAEMONARG="--daemon ovpn-$NAME" 
> fi 
> 
> 
> if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then 
> # status file already given in config file 
> STATUSARG="" 
> elif test $STATUSREFRESH -eq 0 ; then 
> # default status file disabled in /etc/default/openvpn 
> STATUSARG="" 
> else 
> # prepare default status file 
> STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH" 
> fi 
> 
> 
> echo -n " $NAME" 
> STATUS="OK" 
> 
> 
> $DAEMON --writepid /var/run/openvpn.$NAME.pid \ 
> $DAEMONARG $STATUSARG --cd $CONFIG_DIR \ 
> --config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS="FAILED" 
> echo -n "($STATUS)" 
> } 
> stop_vpn () { 
> kill `cat $PIDFILE` || true 
> rm $PIDFILE 
> rm -f /var/run/openvpn.$NAME.status 2> /dev/null 
> } 
> 
> 
> case "$1" in 
> start) 
> echo -n "Starting $DESC:" 
> 
> 
> # autostart VPNs 
> if test -z "$2" ; then 
> # check if automatic startup is disabled by AUTOSTART=none 
> if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then 
> echo " Autostart disabled." 
> exit 0 
> fi 
> if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then 
> # all VPNs shall be started automatically 
> for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do 
> NAME=${CONFIG%%.conf} 
> start_vpn 
> done 
> else 
> # start only specified VPNs 
> for NAME in $AUTOSTART ; do 
> if test -e $CONFIG_DIR/$NAME.conf ; then 
> start_vpn

So you create different .conf files in $CONFIG_DIR and add them to
$AUTOSTART. But you cannot restart a single openvpn instance?

I think the symlinks thingy is supposed to work something like this:

If you have only one openvpn instance, use openvpn.conf.

If you have many, lets say tunnel0, tunnel1 and tunnelN then you create
tunnel0.conf, tunnel1.conf and tunnelN.conf, and a symlink for each
instance: /etc/init.d/openvpn.tunnel[01N] -> openvpn.

Then you treat each instance as a separate service, start and stop it
with /etc/init.d/openvpn.tunnel0 for example. You can restart them
separately and pick which ones you want to start at boot like any other
serivce, for example rc-update add openvpn.tunnelN

If the above does not work then we do have a bug which should be fixed.

The drawback is that you cannot restart them all in one go (well, you
can probably by setting up a dummy service and have them all depend on
the dummy service. Restarting the dummy will restart them all)

I have not really used more than one tunnel so I dont really know what
is most useful: restart them all in one go or being able to restart
them individually. I would belive the latter is more useful.

> else 
> echo -n " (failure: No such VPN: $NAME)" 
> fi 
> done 
> fi 
> #start VPNs from command line 
> else 
> while shift ; do 
> [ -z "$1" ] && break 
> if test -e $CONFIG_DIR/$1.conf ; then 
> NAME=$1 
> start_vpn 
> else 
> echo -n " (failure: No such VPN: $1)" 
> fi 
> done 
> fi 
> echo "." 
> 
> 
> ;; 
> stop) 
> echo -n "Stopping $DESC:" 
> 
> 
> if test -z "$2" ; then 
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> stop_vpn 
> echo -n " $NAME" 
> done 
> else 
> while shift ; do 
> [ -z "$1" ] && break 
> if test -e /var/run/openvpn.$1.pid ; then 
> PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null` 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> stop_vpn 
> echo -n " $NAME" 
> else 
> echo -n " (failure: No such VPN is running: $1)" 
> fi 
> done 
> fi 
> echo "." 
> ;; 
> # We only 'reload' for running VPNs. New ones will only start with
> 'start' or 'restart'. reload|force-reload) 
> echo -n "Reloading $DESC:" 
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> # If openvpn if running under a different user than root we'll need
> to restart if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null
> 2>&1 ; then stop_vpn 
> sleep 1 
> start_vpn 
> echo -n "(restarted)" 
> else 
> kill -HUP `cat $PIDFILE` || true 
> echo -n " $NAME" 
> fi 
> done 
> echo "." 
> ;; 
> 
> 
> restart) 
> shift 
> $0 stop ${@} 
> sleep 1 
> $0 start ${@} 
> ;; 
> cond-restart) 
> echo -n "Restarting $DESC:" 
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> stop_vpn 
> sleep 1 
> start_vpn 
> done 
> echo "." 
> ;; 
> *) 
> echo "Usage: $0
> {start|stop|reload|restart|force-reload|cond-restart}" >&2 exit 1 
> ;; 
> esac 
> 
> 
> exit 0 
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)