summaryrefslogtreecommitdiff
path: root/suse/openvpn.init
diff options
context:
space:
mode:
Diffstat (limited to 'suse/openvpn.init')
-rw-r--r--suse/openvpn.init264
1 files changed, 264 insertions, 0 deletions
diff --git a/suse/openvpn.init b/suse/openvpn.init
new file mode 100644
index 0000000..8f1060a
--- /dev/null
+++ b/suse/openvpn.init
@@ -0,0 +1,264 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: openvpn
+# Required-Start: $network
+# Required-Stop: $network
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Short-Description: This shell script takes care of starting and stopping OpenVPN.
+# Description: OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port.
+### END INIT INFO
+
+# Contributed to the OpenVPN project by
+# Douglas Keller <doug@voidstar.dyndns.org>
+# 2002.05.15
+
+# Modified for SuSE by
+# Frank Plohmann <openvpn@franks-planet.de>
+# 2003.08.24
+# Please feel free to contact me if you have problems or suggestions
+# using this script.
+
+# To install:
+# copy this file to /etc/rc.d/init.d/openvpn
+# use the runlevel editor in Yast to add it to runlevel 3 and/or 5
+# shell> mkdir /etc/openvpn
+# make .conf or .sh files in /etc/openvpn (see below)
+
+# To uninstall:
+# use also Yast and the runlevel editor to uninstall
+
+# Author's Notes:
+#
+# I have created an /etc/init.d init script and enhanced openvpn.spec to
+# automatically register the init script. Once the RPM is installed you
+# can start and stop OpenVPN with "service openvpn start" and "service
+# openvpn stop".
+#
+# The init script does the following:
+#
+# - Starts an openvpn process for each .conf file it finds in
+# /etc/openvpn.
+#
+# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
+# it before starting openvpn (useful for doing openvpn --mktun...).
+#
+# - In addition to start/stop you can do:
+#
+# /etc/init.d/openvpn reload - SIGHUP
+# /etc/init.d/openvpn reopen - SIGUSR1
+# /etc/init.d/openvpn status - SIGUSR2
+
+# Modifications 2003.05.02
+# * Changed == to = for sh compliance (Bishop Clark).
+# * If condrestart|reload|reopen|status, check that we were
+# actually started (James Yonan).
+# * Added lock, piddir, and work variables (James Yonan).
+# * If start is attempted twice, without an intervening stop, or
+# if start is attempted when previous start was not properly
+# shut down, then kill any previously started processes, before
+# commencing new start operation (James Yonan).
+# * Do a better job of flagging errors on start, and properly
+# returning success or failure status to caller (James Yonan).
+#
+# Modifications 2003.08.24
+# * Converted the script for SuSE Linux distribution.
+# Tested with version 8.2 (Frank Plohmann).
+# - removed "chkconfig" header
+# - added Yast header
+# - changed installation notes
+# - corrected path to openvpn binary
+# - removes sourcing "functions"
+# - removed sourcing "network"
+# - removed network checking. it seemed not to work with SuSE.
+# - added sourcing "rc.status", comments and "rc_reset" command
+# - removed "succes; echo" and "failure; echo" lines
+# - added "rc_status" lines at the end of each section
+# - changed "service" to "/etc/init.d/" in "In addition to start/stop"
+# section above.
+#
+# Modifications 2005.04.04
+# * Added openvpn-startup and openvpn-shutdown script calls (James Yonan).
+#
+
+# Location of openvpn binary
+openvpn="/usr/local/sbin/openvpn"
+
+# Lockfile
+lock="/var/lock/subsys/openvpn"
+
+# PID directory
+piddir="/var/run/openvpn"
+
+# Our working directory
+work=/etc/openvpn
+
+# Source rc functions
+. /etc/rc.status
+
+# Shell functions sourced from /etc/rc.status:
+# rc_check check and set local and overall rc status
+# rc_status check and set local and overall rc status
+# rc_status -v ditto but be verbose in local rc status
+# rc_status -v -r ditto and clear the local rc status
+# rc_failed set local and overall rc status to failed
+# rc_reset clear local rc status (overall remains)
+# rc_exit exit appropriate to overall rc status
+
+# rc_status check and set local and overall rc status
+# rc_status -v ditto but be verbose in local rc status
+# rc_status -v -r ditto and clear the local rc status
+# rc_failed set local and overall rc status to failed
+# rc_reset clear local rc status (overall remains)
+# rc_exit exit appropriate to overall rc status
+
+# First reset status of this service
+rc_reset
+
+[ -f $openvpn ] || exit 0
+
+# See how we were called.
+case "$1" in
+ start)
+ echo -n $"Starting openvpn: "
+
+ /sbin/modprobe tun >/dev/null 2>&1
+
+ # From a security perspective, I think it makes
+ # sense to remove this, and have users who need
+ # it explictly enable in their --up scripts or
+ # firewall setups.
+
+ #echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # Run startup script, if defined
+ if [ -f $work/openvpn-startup ]; then
+ $work/openvpn-startup
+ fi
+
+ if [ ! -d $piddir ]; then
+ mkdir $piddir
+ fi
+
+ if [ -f $lock ]; then
+ # we were not shut down correctly
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill `cat $pidf` >/dev/null 2>&1
+ fi
+ rm -f $pidf
+ done
+ rm -f $lock
+ sleep 2
+ fi
+
+ rm -f $piddir/*.pid
+ cd $work
+
+ # Start every .conf in $work and run .sh if exists
+ errors=0
+ successes=0
+ for c in `/bin/ls *.conf 2>/dev/null`; do
+ bn=${c%%.conf}
+ if [ -f "$bn.sh" ]; then
+ . $bn.sh
+ fi
+ rm -f $piddir/$bn.pid
+ $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
+ if [ $? = 0 ]; then
+ successes=1
+ else
+ errors=1
+ fi
+ done
+
+ if [ $successes = 1 ]; then
+ touch $lock
+ fi
+
+ rc_status -v
+ ;;
+ stop)
+ echo -n $"Shutting down openvpn: "
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill `cat $pidf` >/dev/null 2>&1
+ fi
+ rm -f $pidf
+ done
+
+ # Run shutdown script, if defined
+ if [ -f $work/openvpn-shutdown ]; then
+ $work/openvpn-shutdown
+ fi
+
+ rm -f $lock
+
+ rc_status -v
+ ;;
+ restart)
+ $0 stop
+ sleep 2
+ $0 start
+
+ rc_status
+ ;;
+ reload)
+ if [ -f $lock ]; then
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill -HUP `cat $pidf` >/dev/null 2>&1
+ fi
+ done
+ else
+ echo "openvpn: service not started"
+ exit 1
+ fi
+
+ rc_status -v
+ ;;
+ reopen)
+ if [ -f $lock ]; then
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill -USR1 `cat $pidf` >/dev/null 2>&1
+ fi
+ done
+ else
+ echo "openvpn: service not started"
+ exit 1
+ fi
+
+ rc_status -v
+ ;;
+ condrestart)
+ if [ -f $lock ]; then
+ $0 stop
+ # avoid race
+ sleep 2
+ $0 start
+ fi
+
+ rc_status
+ ;;
+ status)
+ if [ -f $lock ]; then
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill -USR2 `cat $pidf` >/dev/null 2>&1
+ fi
+ done
+ echo "Status written to /var/log/messages"
+ else
+ echo "openvpn: service not started"
+ exit 1
+ fi
+
+ rc_status -v
+ ;;
+ *)
+ echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
+ exit 1
+esac
+
+exit 0