Subject: Re: [alpine-devel] OpenVPN Multiple Tunnels
From: Natanael Copa <ncopa@alpinelinux.org>
To: Steve Fink <sfink@netvantix.com>
Cc: Alpine-Devel <alpine-devel@lists.alpinelinux.org>
In-Reply-To: <3838688.4179.1292277298892.JavaMail.root@zimbra.netvantix.net>
References: <3838688.4179.1292277298892.JavaMail.root@zimbra.netvantix.net>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 14 Dec 2010 16:51:26 +0100
Message-ID: <1292341886.26904.19.camel@ncopa-desktop.nor.wtbts.net>
Precedence: list
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit

On Mon, 2010-12-13 at 14:54 -0700, Steve Fink wrote:
> Everyone,
> 
> I researched OpenRC and rewrote parts of an OpenVPN init script I
> found but I have not been able to find a simple way to pass a command
> line argument to the init script.

> So for phase one of my (hopefully improved) OpenVPN init script, it is
> able to parse the /etc/openvpn directory and locate and start an
> OpenVPN tunnel for every file named with a .conf also writing
> their .pid files to /var/run/openvpn. Then later parsing the .pid
> files and stopping all the OpenVPN tunnels that were started. So in
> effect being able to do a restart too.

Great! Thanks!
> 
> This script will hopefully help in keeping with both the documentation
> on the AlpineLinux wiki and the OpenVPN site for multiple tunnels.
> 
> I am also hoping to expand this script to be able to
> start/stop/restart individual tunnels in the near future.

I wonder if we could have it both ways so if you have symlinks it works
like it already do (for compat with current running systems) and if you
have a list of configs in AUTOSTART= in /etc/conf.d/openvpn then it will
start those. I think samba init.d script have similar "problem",
possible multiple daemons to start from same init.d script.

VPN="${SVCNAME#*.}"
if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then
    # this is a gento-style symlink.
    # start only a single instance of openvpn and
    # use /etc/openvpn/$VPN.conf
else
    # this no symlink, start all in AUTOSTART or similar
fi

Also, it would be nice if it used start-stop-daemon from openrc.


> Best,
> 
> Steve
> 
> #!/sbin/runscript
> 
> # OpenVPN start/stop script
> # Adapted to Gentoo by James Yonan
> # Modified by Steve Fink for multiple .conf files
> 
> # This script does the following:
> #
> # - Starts an OpenVPN process for each .conf file in /etc/openvpn
> #
> # - If /etc/openvpn/xxx.start exists for a xxx.conf file then it
> executes
> #   it before starting OpenVPN (useful for doing openvpn --mktun...).
> #
> # - If /etc/openvpn/xxx.stop exists for a xxx.conf file then it
> executes
> #   it after stopping OpenVPN (useful for doing openvpn --rmtun...).
> #
> 
> # OpenRC options
> opts="start stop restart"
> 
> # Default location of openvpn
> OPENVPN=/usr/sbin/openvpn
> 
> # Default pid directory
> PIDDIR=/var/run/openvpn
> 
> # Default conf directory
> CONFDIR=/etc/openvpn
> 
> depend() {
>     need net
>     use dns
> }
> 
> start() {
>     ebegin "Starting OpenVPN"
> 
>     # Load the TUN/TAP module
>     /sbin/modprobe tun >/dev/null 2>&1
> 
>     if [ ! -d  $PIDDIR ]; then
>         mkdir $PIDDIR
>     fi
> 
>     cd $CONFDIR
> 
>     # Start every .conf in $CONFDIR and run .start if available
>     local errors=0
>     local successes=0
>     local retstatus=0
>     for c in `/bin/ls *.conf 2>/dev/null`; do
>             bn=${c%%.conf}
>             ebegin "Starting VPN: $bn"
>             if [ -f "$bn.start" ]; then
>                 . $bn.start
>             fi
>             rm -f $PIDDIR/$bn.pid
>             $OPENVPN --daemon openvpn-$bn --writepid $PIDDIR/$bn.pid
> --config $CONFDIR/$c --cd $CONFDIR
>             result=$?
>             if [ $result = 0 ]; then
>                 successes=1
>             else
>                 errors=1
>             fi
>             eend $result
>     done
> 
>     # Decide status based on errors/successes.
>     # If at least one tunnel succeeded, we return success.
>     # If some tunnels succeeded and some failed, we return success but
> give a warning.
>     if [ $successes = 1 ]; then
>         if [ $errors = 1 ]; then
>             ewarn "Note: At least one OpenVPN tunnel failed to start"
>         fi
>     else
>         retstatus=1
>         if [ $errors = 0 ]; then
>             ewarn "Note: No OpenVPN configuration files were found in
> $CONFDIR"
>         fi
>     fi
>     eend $retstatus "Error starting OpenVPN"
> }
> 
> stop() {
>     ebegin "Stopping OpenVPN"
>     for pidf in `find $PIDDIR -name '*.pid' 2>/dev/null`; do
>         if [ -s $pidf ]; then
>             bn=${pidf%%.pid}
>             bn=${bn##$PIDDIR/}
>             einfo "Stopping VPN: $bn ..."
>             kill `cat $pidf` >/dev/null 2>&1
>             if [ -f "${CONFDIR}/${bn}.stop" ]; then
>                 . ${CONFDIR}/${bn}.stop
>             fi
>             eend $?
>             rm -rf $pidf >/dev/null 2>&1
>             dn=`dirname $pidf`
>             if [ `ls -A "$dn"|wc -w` = 0 ]; then
>                 rm -rf "$dn"
>             fi
>         fi
>     done
>     eend 0
> }
> 
> 
> 
> 




---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---