Attachment #255275 for bug #309385




VPNCONF="${VPNDIR}/${VPN}.conf"

depend() {
	grep -q "^[ 	]*dev[ 	].*tap0" "${VPNCONF}"
	if [ $? -eq 0 ] ; then
	need localmount net.tap0
	else
	need localmount net
	fi
	use dns
	after bootmisc
}


	checkconfig || return 1

	local args=("")
	local reenter=${RE_ENTER:-no}
	# If the config file does not specify the cd option, we do
	# But if we specify it, we override the config option which we do not want
	if ! grep -q "^[ 	]*cd[ 	].*" "${VPNCONF}" ; then
		args+=( --cd ${VPNDIR})
	fi
	
	# We mark the service as inactive and then start it.
	# When we get an authenticated packet from the peer then we run our script
	# which configures our DNS if any and marks us as up.
	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
	grep -q "^[ 	]*remote[ 	].*" "${VPNCONF}" ; then
		reener="yes"
		args+=( --up-delay --up-restart)
		args+=(--script-security 2)
		args+=( --up /etc/openvpn/up.sh)
		args+=( --down-pre --down /etc/openvpn/down.sh)

		# Warn about setting scripts as we override them
		if grep -Eq "^[ 	]*(up|down)[ 	].*" "${VPNCONF}" ; then
			ewarn "WARNING: You have defined your own up/down scripts"

			ewarn "or DNS configuration."
		fi
	else
		args+=( --up-restart )
		args+=( --script-security 2 )
		args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" )
		args+=( --down-pre --down /etc/openvpn/down.sh )
		# So we're a server. Run as openvpn unless otherwise specified
		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args+=( --user openvpn)
		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args+=( --group openvpn)
	fi

	# Ensure that our scripts get the PEER_DNS variable
	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})

	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
		--setenv SVCNAME "${SVCNAME}" "${args[@]}"
	eend $? "Check your logs to see why startup failed"
}


	ebegin "Stopping ${SVCNAME}"
	start-stop-daemon --stop --quiet \
		--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
	#IFACE=`cat "${VPNCONF}" | sed -e "s/^[     ]*dev[  ].*/&/p"|cut -d" " -f2`
	IFACE="tap0"
	if [ -d /sys/class/net/${IFACE}/brport/bridge ] ; then
		BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'`
		#if a part of bridge , take it out and give the device a temp IP
		if [ -e /sys/class/net/${IFACE}/brport/port_id ] ; then
			/sbin/brctl delif ${BRIDGE} ${IFACE} 
			ifconfig ${IFACE} 0.0.0.0
		fi
	fi

	eend $?
}


Lines 18-23 Link Here

(-)/root/openvpn/up.sh.orig (+20 lines)
18	# This however, will break compatibility with Debians resolvconf	18	# This however, will break compatibility with Debians resolvconf
19	# A possible workaround would be to just list multiple domain lines	19	# A possible workaround would be to just list multiple domain lines
20	# and try and let resolvconf handle it	20	# and try and let resolvconf handle it
		21	set -x
		22	if [ $# -eq 7 ] ;then
		23	SVCNAME=$1
		24	IFACE=$2
		25	. /etc/conf.d/$SVCNAME
		26	[ -d /sys/class/net/${IFACE}/brport/bridge ]&& BRIDGE=`ls -l /sys/class/net/${IFACE}/brport/bridge \|sed 's\|.*/\|\|'`
		27	VPNDIR=${VPNDIR:-/etc/openvpn}
		28	VPN=${SVCNAME#*.}
		29	if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
		30	VPNPID="/var/run/openvpn.${VPN}.pid"
		31	else
		32	VPNPID="/var/run/openvpn.pid"
		33	fi
		34	VPNCONF="${VPNDIR}/${VPN}.conf"
		35	fi
21		36
22	if [ "${PEER_DNS}" != "no" ]; then	37	if [ "${PEER_DNS}" != "no" ]; then
23	NS=	38	NS=
Lines 60-65 Link Here
60	fi	75	fi
61	fi	76	fi
62		77
		78	# in case openvpn is in bridge mode bridge it to the apropriate bridge
		79	if grep -q "^[ ]dev[ ].tap0" "${VPNCONF}"; then
		80	echo "found tap0 ${VPNCONF} bridge: ${BRIDGE} device: ${IFACE}">>/tmp/openvpn.niv.log
		81	[ -e /sys/class/net/${IFACE}/brport/port_id ] \|\| /sbin/brctl addif ${BRIDGE} ${IFACE}
		82	fi
63	# Below section is Gentoo specific	83	# Below section is Gentoo specific
64	# Quick summary - our init scripts are re-entrant and set the SVCNAME env var	84	# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
65	# as we could have >1 openvpn service	85	# as we could have >1 openvpn service




# Copyright (c) 2006-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# Contributed by Roy Marples (uberlord@gentoo.org)
if [ $# -eq 7 ] ; then
SVCNAME=$1
IFACE=$2
[ -d /sys/class/*net*/${IFACE}/brport/bridge ]&& BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'`
VPNDIR=${VPNDIR:-/etc/openvpn}
. /etc/conf.d/$SVCNAME
VPN=${SVCNAME#*.}
if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
        VPNPID="/var/run/openvpn.${VPN}.pid"
else
	VPNPID="/var/run/openvpn.pid"
fi
VPNCONF="${VPNDIR}/${VPN}.conf"
fi
#if a part of bridge , take it out and give the device a temp IP
[ -e /sys/class/*net*/${IFACE}/brport/port_id ] && /sbin/brctl delif ${BRIDGE} ${IFACE} && ifconfig ${IFACE} 0.0.0.0

# If we have a service specific script, run this now
if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then

Return to bug 309385

Lines 12-18 Link Here

(-)/root/init.d.openvpn.orig (-13 / +32 lines)
12	VPNCONF="${VPNDIR}/${VPN}.conf"	12	VPNCONF="${VPNDIR}/${VPN}.conf"
13		13
14	depend() {	14	depend() {
		15	grep -q "^[ ]dev[ ].tap0" "${VPNCONF}"
		16	if [ $? -eq 0 ] ; then
		17	need localmount net.tap0
		18	else
15	need localmount net	19	need localmount net
		20	fi
16	use dns	21	use dns
17	after bootmisc	22	after bootmisc
18	}	23	}
Lines 66-89 Link Here
66		71
67	checkconfig \|\| return 1	72	checkconfig \|\| return 1
68		73
69	local args="" reenter=${RE_ENTER:-no}	74	local args=("")
		75	local reenter=${RE_ENTER:-no}
70	# If the config file does not specify the cd option, we do	76	# If the config file does not specify the cd option, we do
71	# But if we specify it, we override the config option which we do not want	77	# But if we specify it, we override the config option which we do not want
72	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then	78	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then
73	args="${args} --cd ${VPNDIR}"	79	args+=( --cd ${VPNDIR})
74	fi	80	fi
75
76	# We mark the service as inactive and then start it.	81	# We mark the service as inactive and then start it.
77	# When we get an authenticated packet from the peer then we run our script	82	# When we get an authenticated packet from the peer then we run our script
78	# which configures our DNS if any and marks us as up.	83	# which configures our DNS if any and marks us as up.
79	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \	84	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
80	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then	85	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then
81	reenter="yes"	86	reener="yes"
82	args="${args} --up-delay --up-restart"	87	args+=( --up-delay --up-restart)
83	args="${args} --script-security 2"	88	args+=(--script-security 2)
84	args="${args} --up /etc/openvpn/up.sh"	89	args+=( --up /etc/openvpn/up.sh)
85	args="${args} --down-pre --down /etc/openvpn/down.sh"	90	args+=( --down-pre --down /etc/openvpn/down.sh)
86
87	# Warn about setting scripts as we override them	91	# Warn about setting scripts as we override them
88	if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then	92	if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then
89	ewarn "WARNING: You have defined your own up/down scripts"	93	ewarn "WARNING: You have defined your own up/down scripts"
Lines 101-118 Link Here
101	ewarn "or DNS configuration."	105	ewarn "or DNS configuration."
102	fi	106	fi
103	else	107	else
		108	args+=( --up-restart )
		109	args+=( --script-security 2 )
		110	args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" )
		111	args+=( --down-pre --down /etc/openvpn/down.sh )
104	# So we're a server. Run as openvpn unless otherwise specified	112	# So we're a server. Run as openvpn unless otherwise specified
105	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args="${args} --user openvpn"	113	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args+=( --user openvpn)
106	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args="${args} --group openvpn"	114	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args+=( --group openvpn)
107	fi	115	fi
108		116
109	# Ensure that our scripts get the PEER_DNS variable	117	# Ensure that our scripts get the PEER_DNS variable
110	[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"	118	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})
111		119
112	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"	120	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
113	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \	121	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
114	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \	122	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
115	--setenv SVCNAME "${SVCNAME}" ${args}	123	--setenv SVCNAME "${SVCNAME}" "${args[@]}"
116	eend $? "Check your logs to see why startup failed"	124	eend $? "Check your logs to see why startup failed"
117	}	125	}
118		126
Lines 127-132 Link Here
127	ebegin "Stopping ${SVCNAME}"	135	ebegin "Stopping ${SVCNAME}"
128	start-stop-daemon --stop --quiet \	136	start-stop-daemon --stop --quiet \
129	--exec /usr/sbin/openvpn --pidfile "${VPNPID}"	137	--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
		138	#IFACE=`cat "${VPNCONF}" \| sed -e "s/^[ ]dev[ ]./&/p"\|cut -d" " -f2`
		139	IFACE="tap0"
		140	if [ -d /sys/class/net/${IFACE}/brport/bridge ] ; then
		141	BRIDGE=`ls -l /sys/class/net/${IFACE}/brport/bridge \|sed 's\|.*/\|\|'`
		142	#if a part of bridge , take it out and give the device a temp IP
		143	if [ -e /sys/class/net/${IFACE}/brport/port_id ] ; then
		144	/sbin/brctl delif ${BRIDGE} ${IFACE}
		145	ifconfig ${IFACE} 0.0.0.0
		146	fi
		147	fi
		148
130	eend $?	149	eend $?
131	}	150	}
132		151

Lines 2-7 Link Here

(-)/root/openvpn/down.sh.orig (+16 lines)
2	# Copyright (c) 2006-2007 Gentoo Foundation	2	# Copyright (c) 2006-2007 Gentoo Foundation
3	# Distributed under the terms of the GNU General Public License v2	3	# Distributed under the terms of the GNU General Public License v2
4	# Contributed by Roy Marples (uberlord@gentoo.org)	4	# Contributed by Roy Marples (uberlord@gentoo.org)
		5	if [ $# -eq 7 ] ; then
		6	SVCNAME=$1
		7	IFACE=$2
		8	[ -d /sys/class/net/${IFACE}/brport/bridge ]&& BRIDGE=`ls -l /sys/class/net/${IFACE}/brport/bridge \|sed 's\|.*/\|\|'`
		9	VPNDIR=${VPNDIR:-/etc/openvpn}
		10	. /etc/conf.d/$SVCNAME
		11	VPN=${SVCNAME#*.}
		12	if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
		13	VPNPID="/var/run/openvpn.${VPN}.pid"
		14	else
		15	VPNPID="/var/run/openvpn.pid"
		16	fi
		17	VPNCONF="${VPNDIR}/${VPN}.conf"
		18	fi
		19	#if a part of bridge , take it out and give the device a temp IP
		20	[ -e /sys/class/net/${IFACE}/brport/port_id ] && /sbin/brctl delif ${BRIDGE} ${IFACE} && ifconfig ${IFACE} 0.0.0.0
5		21
6	# If we have a service specific script, run this now	22	# If we have a service specific script, run this now
7	if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then	23	if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then