Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 255269 Details for
Bug 309385
net-misc/openvpn-2.1_rc15 wont allow usage of bridge in default setting
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openvpn init.d and up.sh patch to allow auto adding to bridge
openvpn.patch (text/plain), 4.60 KB, created by
niv
on 2010-11-23 23:44:39 UTC
(
hide
)
Description:
openvpn init.d and up.sh patch to allow auto adding to bridge
Filename:
MIME Type:
Creator:
niv
Created:
2010-11-23 23:44:39 UTC
Size:
4.60 KB
patch
obsolete
>--- /etc/init.d/openvpn 2010-11-24 01:35:24.000000000 +0200 >+++ /etc/init.d.openvpn 2010-11-24 01:31:57.000000000 +0200 >@@ -12,7 +12,12 @@ > VPNCONF="${VPNDIR}/${VPN}.conf" > > depend() { >+ grep -q "^[ ]*dev[ ].*tap0" "${VPNCONF}" >+ if [ $? -eq 0 ] ; then >+ need localmount net.tap0 >+ else > need localmount net >+ fi > use dns > after bootmisc > } >@@ -66,32 +71,31 @@ > > checkconfig || return 1 > >- local args="" reenter=${RE_ENTER:-no} >+ local args=("") >+ local reenter=${RE_ENTER:-no} > # If the config file does not specify the cd option, we do > # But if we specify it, we override the config option which we do not want > if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then >- args="${args} --cd ${VPNDIR}" >+ args+=( --cd ${VPNDIR}) > fi >- > # We mark the service as inactive and then start it. > # When we get an authenticated packet from the peer then we run our script > # which configures our DNS if any and marks us as up. > if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ > grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then >- reenter="yes" >- args="${args} --up-delay --up-restart" >- args="${args} --script-security 2" >- args="${args} --up /etc/openvpn/up.sh" >- args="${args} --down-pre --down /etc/openvpn/down.sh" >- >+ reener="yes" >+ args+=( --up-delay --up-restart) >+ args+=(--script-security 2) >+ args+=( --up /etc/openvpn/up.sh) >+ args+=( --down-pre --down /etc/openvpn/down.sh) > # Warn about setting scripts as we override them >- if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then >- ewarn "WARNING: You have defined your own up/down scripts" >- ewarn "As you're running as a client, we now force Gentoo specific" >- ewarn "scripts to be run for up and down events." >- ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" >- ewarn "where you can put your own code." >- fi >+ ##if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then >+ ## ewarn "WARNING: You have defined your own up/down scripts" >+ ## ewarn "As you're running as a client, we now force Gentoo specific" >+ ## ewarn "scripts to be run for up and down events." >+ ## ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" >+ ## ewarn "where you can put your own code." >+ ##fi > > # Warn about the inability to change ip/route/dns information when > # dropping privs >@@ -101,18 +105,22 @@ > ewarn "or DNS configuration." > fi > else >+ args+=( --up-restart ) >+ args+=( --script-security 2 ) >+ args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" ) >+ args+=( --down-pre --down /etc/openvpn/down.sh ) > # So we're a server. Run as openvpn unless otherwise specified >- grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" >- grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" >+ grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args+=( --user openvpn) >+ grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args+=( --group openvpn) > fi > > # Ensure that our scripts get the PEER_DNS variable >- [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" >+ [ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS}) > > [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" > start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ > -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ >- --setenv SVCNAME "${SVCNAME}" ${args} >+ --setenv SVCNAME "${SVCNAME}" "${args[@]}" > eend $? "Check your logs to see why startup failed" > } > >--- /etc/openvpn/up.sh 2010-11-24 01:35:24.000000000 +0200 >+++ /etc/openvpn/up.sh 2010-11-24 01:32:14.000000000 +0200 >@@ -18,6 +18,20 @@ > # This however, will break compatibility with Debians resolvconf > # A possible workaround would be to just list multiple domain lines > # and try and let resolvconf handle it >+set -x >+SVCNAME=$1 >+IFACE=$2 >+[ -d /sys/class/*net*/${IFACE}/brport/bridge ]&& BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'` >+VPNDIR=${VPNDIR:-/etc/openvpn} >+. /etc/conf.d/$SVCNAME >+VPN=${SVCNAME#*.} >+if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then >+ VPNPID="/var/run/openvpn.${VPN}.pid" >+ else >+ VPNPID="/var/run/openvpn.pid" >+ fi >+ VPNCONF="${VPNDIR}/${VPN}.conf" >+ > > if [ "${PEER_DNS}" != "no" ]; then > NS= >@@ -60,6 +74,11 @@ > fi > fi > >+# in case openvpn is in bridge mode bridge it to the apropriate bridge >+if grep -q "^[ ]*dev[ ].*tap0" "${VPNCONF}"; then >+ echo "found tap0 ${VPNCONF} bridge: ${BRIDGE} device: ${IFACE}">>/tmp/openvpn.niv.log >+ [ -e /sys/class/*net*/${IFACE}/brport/port_id ] || /sbin/brctl addif ${BRIDGE} ${IFACE} >+fi > # Below section is Gentoo specific > # Quick summary - our init scripts are re-entrant and set the SVCNAME env var > # as we could have >1 openvpn service
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=255269">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 309385
:
255269
|
255273
|
255275
|
259305
|
259416
