Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
3 - 1 
#!/bin/sh
2 
#
3 
# openvpn       This shell script takes care of starting and stopping
4 
#               openvpn on RedHat or other chkconfig-based system.
5 
#
6 
# chkconfig: - 24 76
7 
#
8 
# processname: openvpn
9 
# description: OpenVPN is a robust and highly flexible tunneling \
10 
#              application that uses all of the encryption, \
11 
#              authentication, and certification features of the OpenSSL \
12 
#              library to securely tunnel IP networks over a single UDP \
13 
#              port.
14 
 
15 
# Contributed to the OpenVPN project by
16 
### BEGIN INIT INFO
17 
# Provides: openvpn
18 
# Required-Start: $network
19 
# Required-Stop: $network
20 
# Short-Description: start and stop openvpn
21 
# Description: OpenVPN is a robust and highly flexible tunneling \
22 
#              application that uses all of the encryption, \
23 
#              authentication, and certification features of the OpenSSL \
24 
#              library to securely tunnel IP networks over a single UDP \
25 
#              port.
26 
### END INIT INFO
27 
 
28 
 
29 
# Douglas Keller <doug@voidstar.dyndns.org>
30 
# 2002.05.15
31 
 
32 
# To install:
33 
#   copy this file to /etc/rc.d/init.d/openvpn
34 
#   shell> chkconfig --add openvpn
35 
#   shell> mkdir /etc/openvpn
36 
#   make .conf or .sh files in /etc/openvpn (see below)
37 
 
38 
# To uninstall:
39 
#   run: chkconfig --del openvpn
40 
 
41 
# Author's Notes:
42 
#
43 
# I have created an /etc/init.d init script and enhanced openvpn.spec to
44 
# automatically register the init script.  Once the RPM is installed you
45 
# can start and stop OpenVPN with "service openvpn start" and "service
46 
# openvpn stop".
47 
#
48 
# The init script does the following:
49 
#
50 
# - Starts an openvpn process for each .conf file it finds in
51 
#   /etc/openvpn.
52 
#
53 
# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
54 
#   it before starting openvpn (useful for doing openvpn --mktun...).
55 
#
56 
# - In addition to start/stop you can do:
57 
#
58 
#   service openvpn reload - SIGHUP
59 
#   service openvpn reopen - SIGUSR1
60 
#   service openvpn status - SIGUSR2
61 
#
62 
# Modifications:
63 
#
64 
# 2003.05.02
65 
#   * Changed == to = for sh compliance (Bishop Clark).
66 
#   * If condrestart|reload|reopen|status, check that we were
67 
#     actually started (James Yonan).
68 
#   * Added lock, piddir, and work variables (James Yonan).
69 
#   * If start is attempted twice, without an intervening stop, or
70 
#     if start is attempted when previous start was not properly
71 
#     shut down, then kill any previously started processes, before
72 
#     commencing new start operation (James Yonan).
73 
#   * Do a better job of flagging errors on start, and properly
74 
#     returning success or failure status to caller (James Yonan).
75 
#
76 
# 2005.04.04
77 
#   * Added openvpn-startup and openvpn-shutdown script calls
78 
#     (James Yonan).
79 
#
80 
 
81 
# Location of openvpn binary
82 
openvpn=""
83 
openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
84 
for location in $openvpn_locations
85 
do
86 
  if [ -f "$location" ]
87 
  then
88 
    openvpn=$location
89 
  fi
90 
done
91 
 
92 
# Lockfile
93 
lock="/var/lock/subsys/openvpn"
94 
 
95 
# PID directory
96 
piddir="/var/run/openvpn"
97 
 
98 
# Our working directory
99 
work=/etc/openvpn
100 
 
101 
# Source function library.
102 
. /etc/rc.d/init.d/functions
103 
 
104 
# Source networking configuration.
105 
. /etc/sysconfig/network
106 
 
107 
# Check that networking is up.
108 
if [ ${NETWORKING} = "no" ]
109 
then
110 
  echo "Networking is down"
111 
  exit 0
112 
fi
113 
 
114 
# Check that binary exists
115 
if ! [ -f  $openvpn ]
116 
then
117 
  echo "openvpn binary not found"
118 
  exit 0
119 
fi
120 
 
121 
# See how we were called.
122 
case "$1" in
123 
  start)
124 
	echo -n $"Starting openvpn: "
125 
 
126 
	/sbin/modprobe tun >/dev/null 2>&1
127 
 
128 
	# From a security perspective, I think it makes
129 
	# sense to remove this, and have users who need
130 
	# it explictly enable in their --up scripts or
131 
	# firewall setups.
132 
 
133 
	#echo 1 > /proc/sys/net/ipv4/ip_forward
134 
 
135 
	# Run startup script, if defined
136 
	if [ -f $work/openvpn-startup ]; then
137 
	    $work/openvpn-startup
138 
	fi
139 
 
140 
	if [ ! -d  $piddir ]; then
141 
	    mkdir $piddir
142 
	fi
143 
 
144 
	if [ -f $lock ]; then
145 
	    # we were not shut down correctly
146 
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
147 
	      if [ -s $pidf ]; then
148 
		kill `cat $pidf` >/dev/null 2>&1
149 
	      fi
150 
	      rm -f $pidf
151 
	    done
152 
	    rm -f $lock
153 
	    sleep 2
154 
	fi
155 
 
156 
	rm -f $piddir/*.pid
157 
	cd $work
158 
 
159 
	# Start every .conf in $work and run .sh if exists
160 
	errors=0
161 
	successes=0
162 
	for c in `/bin/ls *.conf 2>/dev/null`; do
163 
	    bn=${c%%.conf}
164 
	    if [ -f "$bn.sh" ]; then
165 
		. ./$bn.sh
166 
	    fi
167 
	    rm -f $piddir/$bn.pid
168 
            # Handle backward compatibility, see Red Hat Bugzilla ID #458594
169 
            script_security=''
170 
            if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then
171 
                script_security="--script-security 2"
172 
            fi
173 
	    $openvpn --daemon --writepid $piddir/$bn.pid --cd $work --config $c $script_security
174 
	    if [ $? = 0 ]; then
175 
		successes=1
176 
	    else
177 
		errors=1
178 
	    fi
179 
	done
180 
 
181 
	if [ $errors = 1 ]; then
182 
	    failure; echo
183 
	else
184 
	    success; echo
185 
	fi
186 
 
187 
	if [ $successes = 1 ]; then
188 
	    touch $lock
189 
	fi
190 
	;;
191 
  stop)
192 
	echo -n $"Shutting down openvpn: "
193 
	for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
194 
	  if [ -s $pidf ]; then
195 
	    kill `cat $pidf` >/dev/null 2>&1
196 
	  fi
197 
	  rm -f $pidf
198 
	done
199 
 
200 
	# Run shutdown script, if defined
201 
	if [ -f $work/openvpn-shutdown ]; then
202 
	    $work/openvpn-shutdown
203 
	fi
204 
 
205 
	success; echo
206 
	rm -f $lock
207 
	;;
208 
  restart)
209 
	$0 stop
210 
	sleep 2
211 
	$0 start
212 
	;;
213 
  reload)
214 
	if [ -f $lock ]; then
215 
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
216 
		if [ -s $pidf ]; then
217 
		    kill -HUP `cat $pidf` >/dev/null 2>&1
218 
		fi
219 
	    done
220 
	else
221 
	    echo "openvpn: service not started"
222 
	    exit 1
223 
	fi
224 
	;;
225 
  reopen)
226 
	if [ -f $lock ]; then
227 
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
228 
		if [ -s $pidf ]; then
229 
		    kill -USR1 `cat $pidf` >/dev/null 2>&1
230 
		fi
231 
	    done
232 
	else
233 
	    echo "openvpn: service not started"
234 
	    exit 1
235 
	fi
236 
	;;
237 
  condrestart)
238 
	if [ -f $lock ]; then
239 
	    $0 stop
240 
	    # avoid race
241 
	    sleep 2
242 
	    $0 start
243 
	fi
244 
	;;
245 
  status)
246 
	if [ -f $lock ]; then
247 
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
248 
		if [ -s $pidf ]; then
249 
		    kill -USR2 `cat $pidf` >/dev/null 2>&1
250 
		fi
251 
	    done
252 
	    echo "Status written to /var/log/messages"
253 
	else
254 
	    echo "openvpn: service not started"
255 
	    exit 1
256 
	fi
257 
        ;;
258 
  *)
259 
	echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
260 
	exit 1
261 
	;;
262 
esac
263 
exit 0