~alpine/devel

1

Re: [alpine-devel] OpenVPN Multiple Tunnels

Details
Message ID
<3838688.4179.1292277298892.JavaMail.root@zimbra.netvantix.net>
Sender timestamp
1292277298
DKIM signature
missing
Download raw message
Everyone, 

I researched OpenRC and rewrote parts of an OpenVPN init script I found but I have not been able to find a simple way to pass a command line argument to the init script. 

So for phase one of my (hopefully improved) OpenVPN init script, it is able to parse the /etc/openvpn directory and locate and start an OpenVPN tunnel for every file named with a .conf also writing their .pid files to /var/run/openvpn. Then later parsing the .pid files and stopping all the OpenVPN tunnels that were started. So in effect being able to do a restart too. 

This script will hopefully help in keeping with both the documentation on the AlpineLinux wiki and the OpenVPN site for multiple tunnels. 

I am also hoping to expand this script to be able to start/stop/restart individual tunnels in the near future. 

Best, 

Steve 

#!/sbin/runscript 

# OpenVPN start/stop script 
# Adapted to Gentoo by James Yonan 
# Modified by Steve Fink for multiple .conf files 

# This script does the following: 
# 
# - Starts an OpenVPN process for each .conf file in /etc/openvpn 
# 
# - If /etc/openvpn/xxx.start exists for a xxx.conf file then it executes 
# it before starting OpenVPN (useful for doing openvpn --mktun...). 
# 
# - If /etc/openvpn/xxx.stop exists for a xxx.conf file then it executes 
# it after stopping OpenVPN (useful for doing openvpn --rmtun...). 
# 

# OpenRC options 
opts="start stop restart" 

# Default location of openvpn 
OPENVPN=/usr/sbin/openvpn 

# Default pid directory 
PIDDIR=/var/run/openvpn 

# Default conf directory 
CONFDIR=/etc/openvpn 

depend() { 
need net 
use dns 
} 

start() { 
ebegin "Starting OpenVPN" 

# Load the TUN/TAP module 
/sbin/modprobe tun >/dev/null 2>&1 

if [ ! -d $PIDDIR ]; then 
mkdir $PIDDIR 
fi 

cd $CONFDIR 

# Start every .conf in $CONFDIR and run .start if available 
local errors=0 
local successes=0 
local retstatus=0 
for c in `/bin/ls *.conf 2>/dev/null`; do 
bn=${c%%.conf} 
ebegin "Starting VPN: $bn" 
if [ -f "$bn.start" ]; then 
. $bn.start 
fi 
rm -f $PIDDIR/$bn.pid 
$OPENVPN --daemon openvpn-$bn --writepid $PIDDIR/$bn.pid --config $CONFDIR/$c --cd $CONFDIR 
result=$? 
if [ $result = 0 ]; then 
successes=1 
else 
errors=1 
fi 
eend $result 
done 

# Decide status based on errors/successes. 
# If at least one tunnel succeeded, we return success. 
# If some tunnels succeeded and some failed, we return success but give a warning. 
if [ $successes = 1 ]; then 
if [ $errors = 1 ]; then 
ewarn "Note: At least one OpenVPN tunnel failed to start" 
fi 
else 
retstatus=1 
if [ $errors = 0 ]; then 
ewarn "Note: No OpenVPN configuration files were found in $CONFDIR" 
fi 
fi 
eend $retstatus "Error starting OpenVPN" 
} 

stop() { 
ebegin "Stopping OpenVPN" 
for pidf in `find $PIDDIR -name '*.pid' 2>/dev/null`; do 
if [ -s $pidf ]; then 
bn=${pidf%%.pid} 
bn=${bn##$PIDDIR/} 
einfo "Stopping VPN: $bn ..." 
kill `cat $pidf` >/dev/null 2>&1 
if [ -f "${CONFDIR}/${bn}.stop" ]; then 
. ${CONFDIR}/${bn}.stop 
fi 
eend $? 
rm -rf $pidf >/dev/null 2>&1 
dn=`dirname $pidf` 
if [ `ls -A "$dn"|wc -w` = 0 ]; then 
rm -rf "$dn" 
fi 
fi 
done 
eend 0 
}

Re: [alpine-devel] OpenVPN Multiple Tunnels

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<1292341886.26904.19.camel@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<3838688.4179.1292277298892.JavaMail.root@zimbra.netvantix.net> (view parent)
Sender timestamp
1292341886
DKIM signature
missing
Download raw message
On Mon, 2010-12-13 at 14:54 -0700, Steve Fink wrote:
> Everyone,
> 
> I researched OpenRC and rewrote parts of an OpenVPN init script I
> found but I have not been able to find a simple way to pass a command
> line argument to the init script.

> So for phase one of my (hopefully improved) OpenVPN init script, it is
> able to parse the /etc/openvpn directory and locate and start an
> OpenVPN tunnel for every file named with a .conf also writing
> their .pid files to /var/run/openvpn. Then later parsing the .pid
> files and stopping all the OpenVPN tunnels that were started. So in
> effect being able to do a restart too.

Great! Thanks!
> 
> This script will hopefully help in keeping with both the documentation
> on the AlpineLinux wiki and the OpenVPN site for multiple tunnels.
> 
> I am also hoping to expand this script to be able to
> start/stop/restart individual tunnels in the near future.

I wonder if we could have it both ways so if you have symlinks it works
like it already do (for compat with current running systems) and if you
have a list of configs in AUTOSTART= in /etc/conf.d/openvpn then it will
start those. I think samba init.d script have similar "problem",
possible multiple daemons to start from same init.d script.

VPN="${SVCNAME#*.}"
if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then
    # this is a gento-style symlink.
    # start only a single instance of openvpn and
    # use /etc/openvpn/$VPN.conf
else
    # this no symlink, start all in AUTOSTART or similar
fi

Also, it would be nice if it used start-stop-daemon from openrc.


> Best,
> 
> Steve
> 
> #!/sbin/runscript
> 
> # OpenVPN start/stop script
> # Adapted to Gentoo by James Yonan
> # Modified by Steve Fink for multiple .conf files
> 
> # This script does the following:
> #
> # - Starts an OpenVPN process for each .conf file in /etc/openvpn
> #
> # - If /etc/openvpn/xxx.start exists for a xxx.conf file then it
> executes
> #   it before starting OpenVPN (useful for doing openvpn --mktun...).
> #
> # - If /etc/openvpn/xxx.stop exists for a xxx.conf file then it
> executes
> #   it after stopping OpenVPN (useful for doing openvpn --rmtun...).
> #
> 
> # OpenRC options
> opts="start stop restart"
> 
> # Default location of openvpn
> OPENVPN=/usr/sbin/openvpn
> 
> # Default pid directory
> PIDDIR=/var/run/openvpn
> 
> # Default conf directory
> CONFDIR=/etc/openvpn
> 
> depend() {
>     need net
>     use dns
> }
> 
> start() {
>     ebegin "Starting OpenVPN"
> 
>     # Load the TUN/TAP module
>     /sbin/modprobe tun >/dev/null 2>&1
> 
>     if [ ! -d  $PIDDIR ]; then
>         mkdir $PIDDIR
>     fi
> 
>     cd $CONFDIR
> 
>     # Start every .conf in $CONFDIR and run .start if available
>     local errors=0
>     local successes=0
>     local retstatus=0
>     for c in `/bin/ls *.conf 2>/dev/null`; do
>             bn=${c%%.conf}
>             ebegin "Starting VPN: $bn"
>             if [ -f "$bn.start" ]; then
>                 . $bn.start
>             fi
>             rm -f $PIDDIR/$bn.pid
>             $OPENVPN --daemon openvpn-$bn --writepid $PIDDIR/$bn.pid
> --config $CONFDIR/$c --cd $CONFDIR
>             result=$?
>             if [ $result = 0 ]; then
>                 successes=1
>             else
>                 errors=1
>             fi
>             eend $result
>     done
> 
>     # Decide status based on errors/successes.
>     # If at least one tunnel succeeded, we return success.
>     # If some tunnels succeeded and some failed, we return success but
> give a warning.
>     if [ $successes = 1 ]; then
>         if [ $errors = 1 ]; then
>             ewarn "Note: At least one OpenVPN tunnel failed to start"
>         fi
>     else
>         retstatus=1
>         if [ $errors = 0 ]; then
>             ewarn "Note: No OpenVPN configuration files were found in
> $CONFDIR"
>         fi
>     fi
>     eend $retstatus "Error starting OpenVPN"
> }
> 
> stop() {
>     ebegin "Stopping OpenVPN"
>     for pidf in `find $PIDDIR -name '*.pid' 2>/dev/null`; do
>         if [ -s $pidf ]; then
>             bn=${pidf%%.pid}
>             bn=${bn##$PIDDIR/}
>             einfo "Stopping VPN: $bn ..."
>             kill `cat $pidf` >/dev/null 2>&1
>             if [ -f "${CONFDIR}/${bn}.stop" ]; then
>                 . ${CONFDIR}/${bn}.stop
>             fi
>             eend $?
>             rm -rf $pidf >/dev/null 2>&1
>             dn=`dirname $pidf`
>             if [ `ls -A "$dn"|wc -w` = 0 ]; then
>                 rm -rf "$dn"
>             fi
>         fi
>     done
>     eend 0
> }
> 
> 
> 
> 




---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)