Lines 12-18
Link Here
|
12 |
VPNCONF="${VPNDIR}/${VPN}.conf" |
12 |
VPNCONF="${VPNDIR}/${VPN}.conf" |
13 |
|
13 |
|
14 |
depend() { |
14 |
depend() { |
|
|
15 |
grep -q "^[ ]*dev[ ].*tap0" "${VPNCONF}" |
16 |
if [ $? -eq 0 ] ; then |
17 |
need localmount net.tap0 |
18 |
else |
15 |
need localmount net |
19 |
need localmount net |
|
|
20 |
fi |
16 |
use dns |
21 |
use dns |
17 |
after bootmisc |
22 |
after bootmisc |
18 |
} |
23 |
} |
Lines 66-97
Link Here
|
66 |
|
71 |
|
67 |
checkconfig || return 1 |
72 |
checkconfig || return 1 |
68 |
|
73 |
|
69 |
local args="" reenter=${RE_ENTER:-no} |
74 |
local args=("") |
|
|
75 |
local reenter=${RE_ENTER:-no} |
70 |
# If the config file does not specify the cd option, we do |
76 |
# If the config file does not specify the cd option, we do |
71 |
# But if we specify it, we override the config option which we do not want |
77 |
# But if we specify it, we override the config option which we do not want |
72 |
if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then |
78 |
if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then |
73 |
args="${args} --cd ${VPNDIR}" |
79 |
args+=( --cd ${VPNDIR}) |
74 |
fi |
80 |
fi |
75 |
|
|
|
76 |
# We mark the service as inactive and then start it. |
81 |
# We mark the service as inactive and then start it. |
77 |
# When we get an authenticated packet from the peer then we run our script |
82 |
# When we get an authenticated packet from the peer then we run our script |
78 |
# which configures our DNS if any and marks us as up. |
83 |
# which configures our DNS if any and marks us as up. |
79 |
if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ |
84 |
if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ |
80 |
grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then |
85 |
grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then |
81 |
reenter="yes" |
86 |
reener="yes" |
82 |
args="${args} --up-delay --up-restart" |
87 |
args+=( --up-delay --up-restart) |
83 |
args="${args} --script-security 2" |
88 |
args+=(--script-security 2) |
84 |
args="${args} --up /etc/openvpn/up.sh" |
89 |
args+=( --up /etc/openvpn/up.sh) |
85 |
args="${args} --down-pre --down /etc/openvpn/down.sh" |
90 |
args+=( --down-pre --down /etc/openvpn/down.sh) |
86 |
|
|
|
87 |
# Warn about setting scripts as we override them |
91 |
# Warn about setting scripts as we override them |
88 |
if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then |
92 |
##if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then |
89 |
ewarn "WARNING: You have defined your own up/down scripts" |
93 |
## ewarn "WARNING: You have defined your own up/down scripts" |
90 |
ewarn "As you're running as a client, we now force Gentoo specific" |
94 |
## ewarn "As you're running as a client, we now force Gentoo specific" |
91 |
ewarn "scripts to be run for up and down events." |
95 |
## ewarn "scripts to be run for up and down events." |
92 |
ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" |
96 |
## ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" |
93 |
ewarn "where you can put your own code." |
97 |
## ewarn "where you can put your own code." |
94 |
fi |
98 |
##fi |
95 |
|
99 |
|
96 |
# Warn about the inability to change ip/route/dns information when |
100 |
# Warn about the inability to change ip/route/dns information when |
97 |
# dropping privs |
101 |
# dropping privs |
Lines 101-118
Link Here
|
101 |
ewarn "or DNS configuration." |
105 |
ewarn "or DNS configuration." |
102 |
fi |
106 |
fi |
103 |
else |
107 |
else |
|
|
108 |
args+=( --up-restart ) |
109 |
args+=( --script-security 2 ) |
110 |
args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" ) |
111 |
args+=( --down-pre --down /etc/openvpn/down.sh ) |
104 |
# So we're a server. Run as openvpn unless otherwise specified |
112 |
# So we're a server. Run as openvpn unless otherwise specified |
105 |
grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" |
113 |
grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args+=( --user openvpn) |
106 |
grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" |
114 |
grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args+=( --group openvpn) |
107 |
fi |
115 |
fi |
108 |
|
116 |
|
109 |
# Ensure that our scripts get the PEER_DNS variable |
117 |
# Ensure that our scripts get the PEER_DNS variable |
110 |
[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" |
118 |
[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS}) |
111 |
|
119 |
|
112 |
[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" |
120 |
[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" |
113 |
start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ |
121 |
start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ |
114 |
-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ |
122 |
-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ |
115 |
--setenv SVCNAME "${SVCNAME}" ${args} |
123 |
--setenv SVCNAME "${SVCNAME}" "${args[@]}" |
116 |
eend $? "Check your logs to see why startup failed" |
124 |
eend $? "Check your logs to see why startup failed" |
117 |
} |
125 |
} |
118 |
|
126 |
|
Lines 127-132
Link Here
|
127 |
ebegin "Stopping ${SVCNAME}" |
135 |
ebegin "Stopping ${SVCNAME}" |
128 |
start-stop-daemon --stop --quiet \ |
136 |
start-stop-daemon --stop --quiet \ |
129 |
--exec /usr/sbin/openvpn --pidfile "${VPNPID}" |
137 |
--exec /usr/sbin/openvpn --pidfile "${VPNPID}" |
|
|
138 |
#IFACE=`cat "${VPNCONF}" | sed -e "s/^[ ]*dev[ ].*/&/p"|cut -d" " -f2` |
139 |
IFACE="tap0" |
140 |
if [ -d /sys/class/net/${IFACE}/brport/bridge ] ; then |
141 |
BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'` |
142 |
#if a part of bridge , take it out and give the device a temp IP |
143 |
if [ -e /sys/class/net/${IFACE}/brport/port_id ] ; then |
144 |
/sbin/brctl delif ${BRIDGE} ${IFACE} |
145 |
ifconfig ${IFACE} 0.0.0.0 |
146 |
fi |
147 |
fi |
148 |
|
130 |
eend $? |
149 |
eend $? |
131 |
} |
150 |
} |
132 |
|
151 |
|