Attachment #255273 for bug #309385




VPNCONF="${VPNDIR}/${VPN}.conf"

depend() {
	grep -q "^[ 	]*dev[ 	].*tap0" "${VPNCONF}"
	if [ $? -eq 0 ] ; then
	need localmount net.tap0
	else
	need localmount net
	fi
	use dns
	after bootmisc
}


	checkconfig || return 1

	local args=("")
	local reenter=${RE_ENTER:-no}
	# If the config file does not specify the cd option, we do
	# But if we specify it, we override the config option which we do not want
	if ! grep -q "^[ 	]*cd[ 	].*" "${VPNCONF}" ; then
		args+=( --cd ${VPNDIR})
	fi
	
	# We mark the service as inactive and then start it.
	# When we get an authenticated packet from the peer then we run our script
	# which configures our DNS if any and marks us as up.
	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
	grep -q "^[ 	]*remote[ 	].*" "${VPNCONF}" ; then
		reener="yes"
		args+=( --up-delay --up-restart)
		args+=(--script-security 2)
		args+=( --up /etc/openvpn/up.sh)
		args+=( --down-pre --down /etc/openvpn/down.sh)

		# Warn about setting scripts as we override them
		##if grep -Eq "^[ 	]*(up|down)[ 	].*" "${VPNCONF}" ; then
		##	ewarn "WARNING: You have defined your own up/down scripts"
		##	ewarn "As you're running as a client, we now force Gentoo specific"
		##	ewarn "scripts to be run for up and down events."
		##	ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
		##	ewarn "where you can put your own code."
		##fi

		# Warn about the inability to change ip/route/dns information when
		# dropping privs

			ewarn "or DNS configuration."
		fi
	else
		args+=( --up-restart )
		args+=( --script-security 2 )
		args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" )
		args+=( --down-pre --down /etc/openvpn/down.sh )
		# So we're a server. Run as openvpn unless otherwise specified
		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args+=( --user openvpn)
		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args+=( --group openvpn)
	fi

	# Ensure that our scripts get the PEER_DNS variable
	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})

	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
		--setenv SVCNAME "${SVCNAME}" "${args[@]}"
	eend $? "Check your logs to see why startup failed"
}


	ebegin "Stopping ${SVCNAME}"
	start-stop-daemon --stop --quiet \
		--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
	#IFACE=`cat "${VPNCONF}" | sed -e "s/^[     ]*dev[  ].*/&/p"|cut -d" " -f2`
	IFACE="tap0"
	if [ -d /sys/class/net/${IFACE}/brport/bridge ] ; then
		BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'`
		#if a part of bridge , take it out and give the device a temp IP
		if [ -e /sys/class/net/${IFACE}/brport/port_id ] ; then
			/sbin/brctl delif ${BRIDGE} ${IFACE} 
			ifconfig ${IFACE} 0.0.0.0
		fi
	fi

	eend $?
}


Return to bug 309385

Lines 12-18 Link Here

(-)/root/init.d.openvpn.orig (-20 / +39 lines)
12	VPNCONF="${VPNDIR}/${VPN}.conf"	12	VPNCONF="${VPNDIR}/${VPN}.conf"
13		13
14	depend() {	14	depend() {
		15	grep -q "^[ ]dev[ ].tap0" "${VPNCONF}"
		16	if [ $? -eq 0 ] ; then
		17	need localmount net.tap0
		18	else
15	need localmount net	19	need localmount net
		20	fi
16	use dns	21	use dns
17	after bootmisc	22	after bootmisc
18	}	23	}
Lines 66-97 Link Here
66		71
67	checkconfig \|\| return 1	72	checkconfig \|\| return 1
68		73
69	local args="" reenter=${RE_ENTER:-no}	74	local args=("")
		75	local reenter=${RE_ENTER:-no}
70	# If the config file does not specify the cd option, we do	76	# If the config file does not specify the cd option, we do
71	# But if we specify it, we override the config option which we do not want	77	# But if we specify it, we override the config option which we do not want
72	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then	78	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then
73	args="${args} --cd ${VPNDIR}"	79	args+=( --cd ${VPNDIR})
74	fi	80	fi
75
76	# We mark the service as inactive and then start it.	81	# We mark the service as inactive and then start it.
77	# When we get an authenticated packet from the peer then we run our script	82	# When we get an authenticated packet from the peer then we run our script
78	# which configures our DNS if any and marks us as up.	83	# which configures our DNS if any and marks us as up.
79	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \	84	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
80	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then	85	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then
81	reenter="yes"	86	reener="yes"
82	args="${args} --up-delay --up-restart"	87	args+=( --up-delay --up-restart)
83	args="${args} --script-security 2"	88	args+=(--script-security 2)
84	args="${args} --up /etc/openvpn/up.sh"	89	args+=( --up /etc/openvpn/up.sh)
85	args="${args} --down-pre --down /etc/openvpn/down.sh"	90	args+=( --down-pre --down /etc/openvpn/down.sh)
86
87	# Warn about setting scripts as we override them	91	# Warn about setting scripts as we override them
88	if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then	92	##if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then
89	ewarn "WARNING: You have defined your own up/down scripts"	93	## ewarn "WARNING: You have defined your own up/down scripts"
90	ewarn "As you're running as a client, we now force Gentoo specific"	94	## ewarn "As you're running as a client, we now force Gentoo specific"
91	ewarn "scripts to be run for up and down events."	95	## ewarn "scripts to be run for up and down events."
92	ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"	96	## ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
93	ewarn "where you can put your own code."	97	## ewarn "where you can put your own code."
94	fi	98	##fi
95		99
96	# Warn about the inability to change ip/route/dns information when	100	# Warn about the inability to change ip/route/dns information when
97	# dropping privs	101	# dropping privs
Lines 101-118 Link Here
101	ewarn "or DNS configuration."	105	ewarn "or DNS configuration."
102	fi	106	fi
103	else	107	else
		108	args+=( --up-restart )
		109	args+=( --script-security 2 )
		110	args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" )
		111	args+=( --down-pre --down /etc/openvpn/down.sh )
104	# So we're a server. Run as openvpn unless otherwise specified	112	# So we're a server. Run as openvpn unless otherwise specified
105	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args="${args} --user openvpn"	113	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args+=( --user openvpn)
106	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args="${args} --group openvpn"	114	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args+=( --group openvpn)
107	fi	115	fi
108		116
109	# Ensure that our scripts get the PEER_DNS variable	117	# Ensure that our scripts get the PEER_DNS variable
110	[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"	118	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})
111		119
112	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"	120	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
113	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \	121	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
114	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \	122	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
115	--setenv SVCNAME "${SVCNAME}" ${args}	123	--setenv SVCNAME "${SVCNAME}" "${args[@]}"
116	eend $? "Check your logs to see why startup failed"	124	eend $? "Check your logs to see why startup failed"
117	}	125	}
118		126
Lines 127-132 Link Here
127	ebegin "Stopping ${SVCNAME}"	135	ebegin "Stopping ${SVCNAME}"
128	start-stop-daemon --stop --quiet \	136	start-stop-daemon --stop --quiet \
129	--exec /usr/sbin/openvpn --pidfile "${VPNPID}"	137	--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
		138	#IFACE=`cat "${VPNCONF}" \| sed -e "s/^[ ]dev[ ]./&/p"\|cut -d" " -f2`
		139	IFACE="tap0"
		140	if [ -d /sys/class/net/${IFACE}/brport/bridge ] ; then
		141	BRIDGE=`ls -l /sys/class/net/${IFACE}/brport/bridge \|sed 's\|.*/\|\|'`
		142	#if a part of bridge , take it out and give the device a temp IP
		143	if [ -e /sys/class/net/${IFACE}/brport/port_id ] ; then
		144	/sbin/brctl delif ${BRIDGE} ${IFACE}
		145	ifconfig ${IFACE} 0.0.0.0
		146	fi
		147	fi
		148
130	eend $?	149	eend $?
131	}	150	}
132		151