Attachment #255269 for bug #309385




VPNCONF="${VPNDIR}/${VPN}.conf"

depend() {
	grep -q "^[ 	]*dev[ 	].*tap0" "${VPNCONF}"
	if [ $? -eq 0 ] ; then
	need localmount net.tap0
	else
	need localmount net
	fi
	use dns
	after bootmisc
}


	checkconfig || return 1

	local args=("")
	local reenter=${RE_ENTER:-no}
	# If the config file does not specify the cd option, we do
	# But if we specify it, we override the config option which we do not want
	if ! grep -q "^[ 	]*cd[ 	].*" "${VPNCONF}" ; then
		args+=( --cd ${VPNDIR})
	fi
	
	# We mark the service as inactive and then start it.
	# When we get an authenticated packet from the peer then we run our script
	# which configures our DNS if any and marks us as up.
	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
	grep -q "^[ 	]*remote[ 	].*" "${VPNCONF}" ; then
		reener="yes"
		args+=( --up-delay --up-restart)
		args+=(--script-security 2)
		args+=( --up /etc/openvpn/up.sh)
		args+=( --down-pre --down /etc/openvpn/down.sh)

		# Warn about setting scripts as we override them
		##if grep -Eq "^[ 	]*(up|down)[ 	].*" "${VPNCONF}" ; then
		##	ewarn "WARNING: You have defined your own up/down scripts"
		##	ewarn "As you're running as a client, we now force Gentoo specific"
		##	ewarn "scripts to be run for up and down events."
		##	ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
		##	ewarn "where you can put your own code."
		##fi

		# Warn about the inability to change ip/route/dns information when
		# dropping privs

			ewarn "or DNS configuration."
		fi
	else
		args+=( --up-restart )
		args+=( --script-security 2 )
		args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" )
		args+=( --down-pre --down /etc/openvpn/down.sh )
		# So we're a server. Run as openvpn unless otherwise specified
		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args+=( --user openvpn)
		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args+=( --group openvpn)
	fi

	# Ensure that our scripts get the PEER_DNS variable
	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})

	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
		--setenv SVCNAME "${SVCNAME}" "${args[@]}"
	eend $? "Check your logs to see why startup failed"
}


Lines 18-23 Link Here

(-)/etc/openvpn/up.sh (+19 lines)
18	# This however, will break compatibility with Debians resolvconf	18	# This however, will break compatibility with Debians resolvconf
19	# A possible workaround would be to just list multiple domain lines	19	# A possible workaround would be to just list multiple domain lines
20	# and try and let resolvconf handle it	20	# and try and let resolvconf handle it
		21	set -x
		22	SVCNAME=$1
		23	IFACE=$2
		24	[ -d /sys/class/net/${IFACE}/brport/bridge ]&& BRIDGE=`ls -l /sys/class/net/${IFACE}/brport/bridge \|sed 's\|.*/\|\|'`
		25	VPNDIR=${VPNDIR:-/etc/openvpn}
		26	. /etc/conf.d/$SVCNAME
		27	VPN=${SVCNAME#*.}
		28	if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
		29	VPNPID="/var/run/openvpn.${VPN}.pid"
		30	else
		31	VPNPID="/var/run/openvpn.pid"
		32	fi
		33	VPNCONF="${VPNDIR}/${VPN}.conf"
		34
21		35
22	if [ "${PEER_DNS}" != "no" ]; then	36	if [ "${PEER_DNS}" != "no" ]; then
23	NS=	37	NS=
Lines 60-65 Link Here
60	fi	74	fi
61	fi	75	fi
62		76
		77	# in case openvpn is in bridge mode bridge it to the apropriate bridge
		78	if grep -q "^[ ]dev[ ].tap0" "${VPNCONF}"; then
		79	echo "found tap0 ${VPNCONF} bridge: ${BRIDGE} device: ${IFACE}">>/tmp/openvpn.niv.log
		80	[ -e /sys/class/net/${IFACE}/brport/port_id ] \|\| /sbin/brctl addif ${BRIDGE} ${IFACE}
		81	fi
63	# Below section is Gentoo specific	82	# Below section is Gentoo specific
64	# Quick summary - our init scripts are re-entrant and set the SVCNAME env var	83	# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
65	# as we could have >1 openvpn service	84	# as we could have >1 openvpn service

Return to bug 309385

Lines 12-18 Link Here

(-)/etc/init.d/openvpn (-20 / +28 lines)
12	VPNCONF="${VPNDIR}/${VPN}.conf"	12	VPNCONF="${VPNDIR}/${VPN}.conf"
13		13
14	depend() {	14	depend() {
		15	grep -q "^[ ]dev[ ].tap0" "${VPNCONF}"
		16	if [ $? -eq 0 ] ; then
		17	need localmount net.tap0
		18	else
15	need localmount net	19	need localmount net
		20	fi
16	use dns	21	use dns
17	after bootmisc	22	after bootmisc
18	}	23	}
Lines 66-97 Link Here
66		71
67	checkconfig \|\| return 1	72	checkconfig \|\| return 1
68		73
69	local args="" reenter=${RE_ENTER:-no}	74	local args=("")
		75	local reenter=${RE_ENTER:-no}
70	# If the config file does not specify the cd option, we do	76	# If the config file does not specify the cd option, we do
71	# But if we specify it, we override the config option which we do not want	77	# But if we specify it, we override the config option which we do not want
72	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then	78	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then
73	args="${args} --cd ${VPNDIR}"	79	args+=( --cd ${VPNDIR})
74	fi	80	fi
75
76	# We mark the service as inactive and then start it.	81	# We mark the service as inactive and then start it.
77	# When we get an authenticated packet from the peer then we run our script	82	# When we get an authenticated packet from the peer then we run our script
78	# which configures our DNS if any and marks us as up.	83	# which configures our DNS if any and marks us as up.
79	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \	84	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
80	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then	85	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then
81	reenter="yes"	86	reener="yes"
82	args="${args} --up-delay --up-restart"	87	args+=( --up-delay --up-restart)
83	args="${args} --script-security 2"	88	args+=(--script-security 2)
84	args="${args} --up /etc/openvpn/up.sh"	89	args+=( --up /etc/openvpn/up.sh)
85	args="${args} --down-pre --down /etc/openvpn/down.sh"	90	args+=( --down-pre --down /etc/openvpn/down.sh)
86
87	# Warn about setting scripts as we override them	91	# Warn about setting scripts as we override them
88	if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then	92	##if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then
89	ewarn "WARNING: You have defined your own up/down scripts"	93	## ewarn "WARNING: You have defined your own up/down scripts"
90	ewarn "As you're running as a client, we now force Gentoo specific"	94	## ewarn "As you're running as a client, we now force Gentoo specific"
91	ewarn "scripts to be run for up and down events."	95	## ewarn "scripts to be run for up and down events."
92	ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"	96	## ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
93	ewarn "where you can put your own code."	97	## ewarn "where you can put your own code."
94	fi	98	##fi
95		99
96	# Warn about the inability to change ip/route/dns information when	100	# Warn about the inability to change ip/route/dns information when
97	# dropping privs	101	# dropping privs
Lines 101-118 Link Here
101	ewarn "or DNS configuration."	105	ewarn "or DNS configuration."
102	fi	106	fi
103	else	107	else
		108	args+=( --up-restart )
		109	args+=( --script-security 2 )
		110	args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" )
		111	args+=( --down-pre --down /etc/openvpn/down.sh )
104	# So we're a server. Run as openvpn unless otherwise specified	112	# So we're a server. Run as openvpn unless otherwise specified
105	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args="${args} --user openvpn"	113	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args+=( --user openvpn)
106	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args="${args} --group openvpn"	114	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args+=( --group openvpn)
107	fi	115	fi
108		116
109	# Ensure that our scripts get the PEER_DNS variable	117	# Ensure that our scripts get the PEER_DNS variable
110	[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"	118	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})
111		119
112	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"	120	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
113	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \	121	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
114	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \	122	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
115	--setenv SVCNAME "${SVCNAME}" ${args}	123	--setenv SVCNAME "${SVCNAME}" "${args[@]}"
116	eend $? "Check your logs to see why startup failed"	124	eend $? "Check your logs to see why startup failed"
117	}	125	}
118		126