Date: Thu, 9 Dec 2010 21:54:27 +0000
From: Natanael Copa <ncopa@alpinelinux.org>
To: Steve Fink <sfink@netvantix.com>
Cc: Alpine-Devel  <alpine-devel@lists.alpinelinux.org>
Subject: Re: [alpine-devel] OpenVPN Multiple Tunnels
Message-ID: <20101209215427.3e12ed50@alpinelinux.org>
In-Reply-To: <13375983.3972.1291919809136.JavaMail.root@zimbra.netvantix.net>
References: <29574620.3969.1291919686920.JavaMail.root@zimbra.netvantix.net>
	<13375983.3972.1291919809136.JavaMail.root@zimbra.netvantix.net>
Precedence: list
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Thu, 9 Dec 2010 11:36:49 -0700 (MST)
Steve Fink <sfink@netvantix.com> wrote:

> Hello everyone, 
> 
> 
> I am new to alpinelinux but I've been using OpenVPN for years. 

welcome :)

> The init script that is included in alpinelinux is a Gentoo init
> script. There is a bug in Gentoo that requires the OpenVPN config
> file to be named openvpn.conf and essentially prevents multiple
> tunnels ie Server and Client. There are several work arounds by doing
> some symbolic links and such but the problem is with the init script. 

I thought the symlinks are features not workarounds. They do (did?)
network interfaces similar.
 
> Below is an init script that will fix this. I can get the script to
> stay in /etc/init.d after a reboot by including it in the lbu include
> but it will not auto start despite the fact that I have openvpn in
> the default runlevel and the permissions are 755. 

Maybe openrc does not like that it is an /bin/sh script rather
than /sbin/runscript?
 
> 
> Can anyone point me in the right direction as to make sure the lbu
> included version starts automatically? 

rc-update add openvpn should do it. 

> I would prefer not to have to place it in an rc.local file. 

yeah. that would be a workaround.

> 
> 
> Thanks, 
> 
> 
> Steve 
> 
> 
> 
> 
> 
> #!/bin/sh -e 

try convert it to an openrc /sbin/runscript

> # 
> # Original version by Robert Leslie 
> # <rob@mars.org>, edited by iwj and cs 
> # Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org> 
> # Modified for restarting / starting / stopping single tunnels by
> Richard Mueller <mueller@teamix.net> # Modified for AlpineLinux by
> Steve Fink <sfink@netvantix.com> RCDLINKS="0,K20 1,K20 2,S20 3,S20
> 4,S20 5,S20 6,K20" 
> 
> 
> DAEMON=/usr/sbin/openvpn 
> DESC="OpenVPN Daemon" 
> CONFIG_DIR=/etc/openvpn 
> test -x $DAEMON || exit 0 
> test -d $CONFIG_DIR || exit 0 
> 
> 
> # Source defaults file; edit that file to configure this script. 
> # AlpineLinux currently does not use /etc/default so we explicitly 
> # set auto start to all files with .conf 
> AUTOSTART="all" 
> STATUSREFRESH=10 
> if test -e /etc/default/openvpn ; then 
> . /etc/default/openvpn 
> fi 

the /sbin/runscript will source /etc/conf.d/openvpn for you without you
need check if it is there and do it.

> 
> start_vpn () { 
> if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then 
> # daemon already given in config file 
> DAEMONARG= 
> else 
> # need to daemonize 
> DAEMONARG="--daemon ovpn-$NAME" 
> fi 
> 
> 
> if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then 
> # status file already given in config file 
> STATUSARG="" 
> elif test $STATUSREFRESH -eq 0 ; then 
> # default status file disabled in /etc/default/openvpn 
> STATUSARG="" 
> else 
> # prepare default status file 
> STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH" 
> fi 
> 
> 
> echo -n " $NAME" 
> STATUS="OK" 
> 
> 
> $DAEMON --writepid /var/run/openvpn.$NAME.pid \ 
> $DAEMONARG $STATUSARG --cd $CONFIG_DIR \ 
> --config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS="FAILED" 
> echo -n "($STATUS)" 
> } 
> stop_vpn () { 
> kill `cat $PIDFILE` || true 
> rm $PIDFILE 
> rm -f /var/run/openvpn.$NAME.status 2> /dev/null 
> } 
> 
> 
> case "$1" in 
> start) 
> echo -n "Starting $DESC:" 
> 
> 
> # autostart VPNs 
> if test -z "$2" ; then 
> # check if automatic startup is disabled by AUTOSTART=none 
> if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then 
> echo " Autostart disabled." 
> exit 0 
> fi 
> if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then 
> # all VPNs shall be started automatically 
> for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do 
> NAME=${CONFIG%%.conf} 
> start_vpn 
> done 
> else 
> # start only specified VPNs 
> for NAME in $AUTOSTART ; do 
> if test -e $CONFIG_DIR/$NAME.conf ; then 
> start_vpn

So you create different .conf files in $CONFIG_DIR and add them to
$AUTOSTART. But you cannot restart a single openvpn instance?

I think the symlinks thingy is supposed to work something like this:

If you have only one openvpn instance, use openvpn.conf.

If you have many, lets say tunnel0, tunnel1 and tunnelN then you create
tunnel0.conf, tunnel1.conf and tunnelN.conf, and a symlink for each
instance: /etc/init.d/openvpn.tunnel[01N] -> openvpn.

Then you treat each instance as a separate service, start and stop it
with /etc/init.d/openvpn.tunnel0 for example. You can restart them
separately and pick which ones you want to start at boot like any other
serivce, for example rc-update add openvpn.tunnelN

If the above does not work then we do have a bug which should be fixed.

The drawback is that you cannot restart them all in one go (well, you
can probably by setting up a dummy service and have them all depend on
the dummy service. Restarting the dummy will restart them all)

I have not really used more than one tunnel so I dont really know what
is most useful: restart them all in one go or being able to restart
them individually. I would belive the latter is more useful.

> else 
> echo -n " (failure: No such VPN: $NAME)" 
> fi 
> done 
> fi 
> #start VPNs from command line 
> else 
> while shift ; do 
> [ -z "$1" ] && break 
> if test -e $CONFIG_DIR/$1.conf ; then 
> NAME=$1 
> start_vpn 
> else 
> echo -n " (failure: No such VPN: $1)" 
> fi 
> done 
> fi 
> echo "." 
> 
> 
> ;; 
> stop) 
> echo -n "Stopping $DESC:" 
> 
> 
> if test -z "$2" ; then 
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> stop_vpn 
> echo -n " $NAME" 
> done 
> else 
> while shift ; do 
> [ -z "$1" ] && break 
> if test -e /var/run/openvpn.$1.pid ; then 
> PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null` 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> stop_vpn 
> echo -n " $NAME" 
> else 
> echo -n " (failure: No such VPN is running: $1)" 
> fi 
> done 
> fi 
> echo "." 
> ;; 
> # We only 'reload' for running VPNs. New ones will only start with
> 'start' or 'restart'. reload|force-reload) 
> echo -n "Reloading $DESC:" 
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> # If openvpn if running under a different user than root we'll need
> to restart if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null
> 2>&1 ; then stop_vpn 
> sleep 1 
> start_vpn 
> echo -n "(restarted)" 
> else 
> kill -HUP `cat $PIDFILE` || true 
> echo -n " $NAME" 
> fi 
> done 
> echo "." 
> ;; 
> 
> 
> restart) 
> shift 
> $0 stop ${@} 
> sleep 1 
> $0 start ${@} 
> ;; 
> cond-restart) 
> echo -n "Restarting $DESC:" 
> for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do 
> NAME=`echo $PIDFILE | cut -c18-` 
> NAME=${NAME%%.pid} 
> stop_vpn 
> sleep 1 
> start_vpn 
> done 
> echo "." 
> ;; 
> *) 
> echo "Usage: $0
> {start|stop|reload|restart|force-reload|cond-restart}" >&2 exit 1 
> ;; 
> esac 
> 
> 
> exit 0 
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---