Hello everyone,
I am new to alpinelinux but I've been using OpenVPN for years.
The init script that is included in alpinelinux is a Gentoo init script.
There is a bug in Gentoo that requires the OpenVPN config file to be named openvpn.conf and essentially prevents multiple tunnels ie Server and Client. There are several work arounds by doing some symbolic links and such but the problem is with the init script.
Below is an init script that will fix this. I can get the script to stay in /etc/init.d after a reboot by including it in the lbu include but it will not auto start despite the fact that I have openvpn in the default runlevel and the permissions are 755.
Can anyone point me in the right direction as to make sure the lbu included version starts automatically?
I would prefer not to have to place it in an rc.local file.
Thanks,
Steve
#!/bin/sh -e
#
# Original version by Robert Leslie
# <rob@mars.org>, edited by iwj and cs
# Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org>
# Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net>
# Modified for AlpineLinux by Steve Fink <sfink@netvantix.com>
RCDLINKS="0,K20 1,K20 2,S20 3,S20 4,S20 5,S20 6,K20"
DAEMON=/usr/sbin/openvpn
DESC="OpenVPN Daemon"
CONFIG_DIR=/etc/openvpn
test -x $DAEMON || exit 0
test -d $CONFIG_DIR || exit 0
# Source defaults file; edit that file to configure this script.
# AlpineLinux currently does not use /etc/default so we explicitly
# set auto start to all files with .conf
AUTOSTART="all"
STATUSREFRESH=10
if test -e /etc/default/openvpn ; then
. /etc/default/openvpn
fi
start_vpn () {
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
# daemon already given in config file
DAEMONARG=
else
# need to daemonize
DAEMONARG="--daemon ovpn-$NAME"
fi
if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
# status file already given in config file
STATUSARG=""
elif test $STATUSREFRESH -eq 0 ; then
# default status file disabled in /etc/default/openvpn
STATUSARG=""
else
# prepare default status file
STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH"
fi
echo -n " $NAME"
STATUS="OK"
$DAEMON --writepid /var/run/openvpn.$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS="FAILED"
echo -n "($STATUS)"
}
stop_vpn () {
kill `cat $PIDFILE` || true
rm $PIDFILE
rm -f /var/run/openvpn.$NAME.status 2> /dev/null
}
case "$1" in
start)
echo -n "Starting $DESC:"
# autostart VPNs
if test -z "$2" ; then
# check if automatic startup is disabled by AUTOSTART=none
if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
echo " Autostart disabled."
exit 0
fi
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# all VPNs shall be started automatically
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
start_vpn
done
else
# start only specified VPNs
for NAME in $AUTOSTART ; do
if test -e $CONFIG_DIR/$NAME.conf ; then
start_vpn
else
echo -n " (failure: No such VPN: $NAME)"
fi
done
fi
#start VPNs from command line
else
while shift ; do
[ -z "$1" ] && break
if test -e $CONFIG_DIR/$1.conf ; then
NAME=$1
start_vpn
else
echo -n " (failure: No such VPN: $1)"
fi
done
fi
echo "."
;;
stop)
echo -n "Stopping $DESC:"
if test -z "$2" ; then
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
echo -n " $NAME"
done
else
while shift ; do
[ -z "$1" ] && break
if test -e /var/run/openvpn.$1.pid ; then
PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null`
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
echo -n " $NAME"
else
echo -n " (failure: No such VPN is running: $1)"
fi
done
fi
echo "."
;;
# We only 'reload' for running VPNs. New ones will only start with 'start' or 'restart'.
reload|force-reload)
echo -n "Reloading $DESC:"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
# If openvpn if running under a different user than root we'll need to restart
if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then
stop_vpn
sleep 1
start_vpn
echo -n "(restarted)"
else
kill -HUP `cat $PIDFILE` || true
echo -n " $NAME"
fi
done
echo "."
;;
restart)
shift
$0 stop ${@}
sleep 1
$0 start ${@}
;;
cond-restart)
echo -n "Restarting $DESC:"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
sleep 1
start_vpn
done
echo "."
;;
*)
echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart}" >&2
exit 1
;;
esac
exit 0
On Thu, 9 Dec 2010 11:36:49 -0700 (MST)
Steve Fink <sfink@netvantix.com> wrote:
> Hello everyone,
>
>
> I am new to alpinelinux but I've been using OpenVPN for years.
welcome :)
> The init script that is included in alpinelinux is a Gentoo init
> script. There is a bug in Gentoo that requires the OpenVPN config
> file to be named openvpn.conf and essentially prevents multiple
> tunnels ie Server and Client. There are several work arounds by doing
> some symbolic links and such but the problem is with the init script.
I thought the symlinks are features not workarounds. They do (did?)
network interfaces similar.
> Below is an init script that will fix this. I can get the script to
> stay in /etc/init.d after a reboot by including it in the lbu include
> but it will not auto start despite the fact that I have openvpn in
> the default runlevel and the permissions are 755.
Maybe openrc does not like that it is an /bin/sh script rather
than /sbin/runscript?
>
> Can anyone point me in the right direction as to make sure the lbu
> included version starts automatically?
rc-update add openvpn should do it.
> I would prefer not to have to place it in an rc.local file.
yeah. that would be a workaround.
>
>
> Thanks,
>
>
> Steve
>
>
>
>
>
> #!/bin/sh -e
try convert it to an openrc /sbin/runscript
> #
> # Original version by Robert Leslie
> # <rob@mars.org>, edited by iwj and cs
> # Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org>
> # Modified for restarting / starting / stopping single tunnels by
> Richard Mueller <mueller@teamix.net> # Modified for AlpineLinux by
> Steve Fink <sfink@netvantix.com> RCDLINKS="0,K20 1,K20 2,S20 3,S20
> 4,S20 5,S20 6,K20"
>
>
> DAEMON=/usr/sbin/openvpn
> DESC="OpenVPN Daemon"
> CONFIG_DIR=/etc/openvpn
> test -x $DAEMON || exit 0
> test -d $CONFIG_DIR || exit 0
>
>
> # Source defaults file; edit that file to configure this script.
> # AlpineLinux currently does not use /etc/default so we explicitly
> # set auto start to all files with .conf
> AUTOSTART="all"
> STATUSREFRESH=10
> if test -e /etc/default/openvpn ; then
> . /etc/default/openvpn
> fi
the /sbin/runscript will source /etc/conf.d/openvpn for you without you
need check if it is there and do it.
>
> start_vpn () {
> if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
> # daemon already given in config file
> DAEMONARG=
> else
> # need to daemonize
> DAEMONARG="--daemon ovpn-$NAME"
> fi
>
>
> if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
> # status file already given in config file
> STATUSARG=""
> elif test $STATUSREFRESH -eq 0 ; then
> # default status file disabled in /etc/default/openvpn
> STATUSARG=""
> else
> # prepare default status file
> STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH"
> fi
>
>
> echo -n " $NAME"
> STATUS="OK"
>
>
> $DAEMON --writepid /var/run/openvpn.$NAME.pid \
> $DAEMONARG $STATUSARG --cd $CONFIG_DIR \
> --config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS="FAILED"
> echo -n "($STATUS)"
> }
> stop_vpn () {
> kill `cat $PIDFILE` || true
> rm $PIDFILE
> rm -f /var/run/openvpn.$NAME.status 2> /dev/null
> }
>
>
> case "$1" in
> start)
> echo -n "Starting $DESC:"
>
>
> # autostart VPNs
> if test -z "$2" ; then
> # check if automatic startup is disabled by AUTOSTART=none
> if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
> echo " Autostart disabled."
> exit 0
> fi
> if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
> # all VPNs shall be started automatically
> for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
> NAME=${CONFIG%%.conf}
> start_vpn
> done
> else
> # start only specified VPNs
> for NAME in $AUTOSTART ; do
> if test -e $CONFIG_DIR/$NAME.conf ; then
> start_vpn
So you create different .conf files in $CONFIG_DIR and add them to
$AUTOSTART. But you cannot restart a single openvpn instance?
I think the symlinks thingy is supposed to work something like this:
If you have only one openvpn instance, use openvpn.conf.
If you have many, lets say tunnel0, tunnel1 and tunnelN then you create
tunnel0.conf, tunnel1.conf and tunnelN.conf, and a symlink for each
instance: /etc/init.d/openvpn.tunnel[01N] -> openvpn.
Then you treat each instance as a separate service, start and stop it
with /etc/init.d/openvpn.tunnel0 for example. You can restart them
separately and pick which ones you want to start at boot like any other
serivce, for example rc-update add openvpn.tunnelN
If the above does not work then we do have a bug which should be fixed.
The drawback is that you cannot restart them all in one go (well, you
can probably by setting up a dummy service and have them all depend on
the dummy service. Restarting the dummy will restart them all)
I have not really used more than one tunnel so I dont really know what
is most useful: restart them all in one go or being able to restart
them individually. I would belive the latter is more useful.
> else
> echo -n " (failure: No such VPN: $NAME)"
> fi
> done
> fi
> #start VPNs from command line
> else
> while shift ; do
> [ -z "$1" ] && break
> if test -e $CONFIG_DIR/$1.conf ; then
> NAME=$1
> start_vpn
> else
> echo -n " (failure: No such VPN: $1)"
> fi
> done
> fi
> echo "."
>
>
> ;;
> stop)
> echo -n "Stopping $DESC:"
>
>
> if test -z "$2" ; then
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
> NAME=`echo $PIDFILE | cut -c18-`
> NAME=${NAME%%.pid}
> stop_vpn
> echo -n " $NAME"
> done
> else
> while shift ; do
> [ -z "$1" ] && break
> if test -e /var/run/openvpn.$1.pid ; then
> PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null`
> NAME=`echo $PIDFILE | cut -c18-`
> NAME=${NAME%%.pid}
> stop_vpn
> echo -n " $NAME"
> else
> echo -n " (failure: No such VPN is running: $1)"
> fi
> done
> fi
> echo "."
> ;;
> # We only 'reload' for running VPNs. New ones will only start with
> 'start' or 'restart'. reload|force-reload)
> echo -n "Reloading $DESC:"
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
> NAME=`echo $PIDFILE | cut -c18-`
> NAME=${NAME%%.pid}
> # If openvpn if running under a different user than root we'll need
> to restart if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null
> 2>&1 ; then stop_vpn
> sleep 1
> start_vpn
> echo -n "(restarted)"
> else
> kill -HUP `cat $PIDFILE` || true
> echo -n " $NAME"
> fi
> done
> echo "."
> ;;
>
>
> restart)
> shift
> $0 stop ${@}
> sleep 1
> $0 start ${@}
> ;;
> cond-restart)
> echo -n "Restarting $DESC:"
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
> NAME=`echo $PIDFILE | cut -c18-`
> NAME=${NAME%%.pid}
> stop_vpn
> sleep 1
> start_vpn
> done
> echo "."
> ;;
> *)
> echo "Usage: $0
> {start|stop|reload|restart|force-reload|cond-restart}" >&2 exit 1
> ;;
> esac
>
>
> exit 0
>
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---