Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 255275 Details for
Bug 309385
net-misc/openvpn-2.1_rc15 wont allow usage of bridge in default setting
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openvpn init.d and up.sh patch to allow auto adding to bridge
openvpn.patch (text/plain), 5.50 KB, created by
niv
on 2010-11-24 01:28:18 UTC
(
hide
)
Description:
openvpn init.d and up.sh patch to allow auto adding to bridge
Filename:
MIME Type:
Creator:
niv
Created:
2010-11-24 01:28:18 UTC
Size:
5.50 KB
patch
obsolete
>--- /root/init.d.openvpn.orig 2010-11-24 03:09:21.000000000 +0200 >+++ /root/init.d.openvpn 2010-11-24 03:19:30.000000000 +0200 >@@ -12,7 +12,12 @@ > VPNCONF="${VPNDIR}/${VPN}.conf" > > depend() { >+ grep -q "^[ ]*dev[ ].*tap0" "${VPNCONF}" >+ if [ $? -eq 0 ] ; then >+ need localmount net.tap0 >+ else > need localmount net >+ fi > use dns > after bootmisc > } >@@ -66,24 +71,23 @@ > > checkconfig || return 1 > >- local args="" reenter=${RE_ENTER:-no} >+ local args=("") >+ local reenter=${RE_ENTER:-no} > # If the config file does not specify the cd option, we do > # But if we specify it, we override the config option which we do not want > if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then >- args="${args} --cd ${VPNDIR}" >+ args+=( --cd ${VPNDIR}) > fi >- > # We mark the service as inactive and then start it. > # When we get an authenticated packet from the peer then we run our script > # which configures our DNS if any and marks us as up. > if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ > grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then >- reenter="yes" >- args="${args} --up-delay --up-restart" >- args="${args} --script-security 2" >- args="${args} --up /etc/openvpn/up.sh" >- args="${args} --down-pre --down /etc/openvpn/down.sh" >- >+ reener="yes" >+ args+=( --up-delay --up-restart) >+ args+=(--script-security 2) >+ args+=( --up /etc/openvpn/up.sh) >+ args+=( --down-pre --down /etc/openvpn/down.sh) > # Warn about setting scripts as we override them > if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then > ewarn "WARNING: You have defined your own up/down scripts" >@@ -101,18 +105,22 @@ > ewarn "or DNS configuration." > fi > else >+ args+=( --up-restart ) >+ args+=( --script-security 2 ) >+ args+=( --up "/etc/openvpn/up.sh ${SVCNAME}" ) >+ args+=( --down-pre --down /etc/openvpn/down.sh ) > # So we're a server. Run as openvpn unless otherwise specified >- grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" >- grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" >+ grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args+=( --user openvpn) >+ grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args+=( --group openvpn) > fi > > # Ensure that our scripts get the PEER_DNS variable >- [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" >+ [ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS}) > > [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" > start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ > -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ >- --setenv SVCNAME "${SVCNAME}" ${args} >+ --setenv SVCNAME "${SVCNAME}" "${args[@]}" > eend $? "Check your logs to see why startup failed" > } > >@@ -127,6 +135,17 @@ > ebegin "Stopping ${SVCNAME}" > start-stop-daemon --stop --quiet \ > --exec /usr/sbin/openvpn --pidfile "${VPNPID}" >+ #IFACE=`cat "${VPNCONF}" | sed -e "s/^[ ]*dev[ ].*/&/p"|cut -d" " -f2` >+ IFACE="tap0" >+ if [ -d /sys/class/net/${IFACE}/brport/bridge ] ; then >+ BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'` >+ #if a part of bridge , take it out and give the device a temp IP >+ if [ -e /sys/class/net/${IFACE}/brport/port_id ] ; then >+ /sbin/brctl delif ${BRIDGE} ${IFACE} >+ ifconfig ${IFACE} 0.0.0.0 >+ fi >+ fi >+ > eend $? > } > >--- /root/openvpn/up.sh.orig 2010-11-24 03:09:21.000000000 +0200 >+++ /root/openvpn/up.sh 2010-11-24 03:03:14.000000000 +0200 >@@ -18,6 +18,21 @@ > # This however, will break compatibility with Debians resolvconf > # A possible workaround would be to just list multiple domain lines > # and try and let resolvconf handle it >+set -x >+if [ $# -eq 7 ] ;then >+SVCNAME=$1 >+IFACE=$2 >+. /etc/conf.d/$SVCNAME >+[ -d /sys/class/*net*/${IFACE}/brport/bridge ]&& BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'` >+VPNDIR=${VPNDIR:-/etc/openvpn} >+VPN=${SVCNAME#*.} >+if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then >+ VPNPID="/var/run/openvpn.${VPN}.pid" >+ else >+ VPNPID="/var/run/openvpn.pid" >+ fi >+ VPNCONF="${VPNDIR}/${VPN}.conf" >+fi > > if [ "${PEER_DNS}" != "no" ]; then > NS= >@@ -60,6 +75,11 @@ > fi > fi > >+# in case openvpn is in bridge mode bridge it to the apropriate bridge >+if grep -q "^[ ]*dev[ ].*tap0" "${VPNCONF}"; then >+ echo "found tap0 ${VPNCONF} bridge: ${BRIDGE} device: ${IFACE}">>/tmp/openvpn.niv.log >+ [ -e /sys/class/*net*/${IFACE}/brport/port_id ] || /sbin/brctl addif ${BRIDGE} ${IFACE} >+fi > # Below section is Gentoo specific > # Quick summary - our init scripts are re-entrant and set the SVCNAME env var > # as we could have >1 openvpn service >--- /root/openvpn/down.sh.orig 2010-11-24 03:25:45.000000000 +0200 >+++ /root/openvpn/down.sh 2010-11-24 03:03:22.000000000 +0200 >@@ -2,6 +2,22 @@ > # Copyright (c) 2006-2007 Gentoo Foundation > # Distributed under the terms of the GNU General Public License v2 > # Contributed by Roy Marples (uberlord@gentoo.org) >+if [ $# -eq 7 ] ; then >+SVCNAME=$1 >+IFACE=$2 >+[ -d /sys/class/*net*/${IFACE}/brport/bridge ]&& BRIDGE=`ls -l /sys/class/*net*/${IFACE}/brport/bridge |sed 's|.*/||'` >+VPNDIR=${VPNDIR:-/etc/openvpn} >+. /etc/conf.d/$SVCNAME >+VPN=${SVCNAME#*.} >+if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then >+ VPNPID="/var/run/openvpn.${VPN}.pid" >+else >+ VPNPID="/var/run/openvpn.pid" >+fi >+VPNCONF="${VPNDIR}/${VPN}.conf" >+fi >+#if a part of bridge , take it out and give the device a temp IP >+[ -e /sys/class/*net*/${IFACE}/brport/port_id ] && /sbin/brctl delif ${BRIDGE} ${IFACE} && ifconfig ${IFACE} 0.0.0.0 > > # If we have a service specific script, run this now > if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=255275">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 309385
:
255269
|
255273
|
255275
|
259305
|
259416
