Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 259305 Details for
Bug 309385
net-misc/openvpn-2.1_rc15 wont allow usage of bridge in default setting
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
patching openvpn files to add and remove tap device to bridge
openvpn.patch (text/plain), 5.30 KB, created by
niv
on 2011-01-08 18:22:32 UTC
(
hide
)
Description:
patching openvpn files to add and remove tap device to bridge
Filename:
MIME Type:
Creator:
niv
Created:
2011-01-08 18:22:32 UTC
Size:
5.30 KB
patch
obsolete
>--- /etc/openvpn/init.d/openvpn.orig 2010-12-18 04:10:29.000000000 +0200 >+++ /etc/openvpn/init.d/openvpn 2011-01-08 01:32:22.000000000 +0200 >@@ -12,7 +12,12 @@ > VPNCONF="${VPNDIR}/${VPN}.conf" > > depend() { >- need localmount net >+# grep -q "^[ ]*dev[ ].*tap0" "${VPNCONF}" >+# if [ $? -eq 0 ] ; then >+# need localmount net.tap0 >+# else >+# need localmount net >+# fi > use dns > after bootmisc > } >@@ -66,24 +71,19 @@ > > checkconfig || return 1 > >- local args="" reenter=${RE_ENTER:-no} >+ local args=("") >+ local reenter=${RE_ENTER:-no} > # If the config file does not specify the cd option, we do > # But if we specify it, we override the config option which we do not want > if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then >- args="${args} --cd ${VPNDIR}" >+ args+=( --cd ${VPNDIR}) > fi >- > # We mark the service as inactive and then start it. > # When we get an authenticated packet from the peer then we run our script > # which configures our DNS if any and marks us as up. > if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ > grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then >- reenter="yes" >- args="${args} --up-delay --up-restart" >- args="${args} --script-security 2" >- args="${args} --up /etc/openvpn/up.sh" >- args="${args} --down-pre --down /etc/openvpn/down.sh" >- >+ reener="yes" > # Warn about setting scripts as we override them > if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then > ewarn "WARNING: You have defined your own up/down scripts" >@@ -102,17 +102,23 @@ > fi > else > # So we're a server. Run as openvpn unless otherwise specified >- grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" >- grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" >+ grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args+=( --user openvpn) >+ grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args+=( --group openvpn) > fi > >+#common settings: >+ args+=(--up-delay --up-restart) >+ args+=(--script-security 2) >+ args+=( --up /etc/openvpn/up.sh ${SVCNAME}) >+ args+=( --down-pre --down /etc/openvpn/down.sh ${SVCNAME}) >+ > # Ensure that our scripts get the PEER_DNS variable >- [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" >+ [ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS}) > > [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" > start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ > -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ >- --setenv SVCNAME "${SVCNAME}" ${args} >+ --setenv SVCNAME "${SVCNAME}" "${args[@]}" > eend $? "Check your logs to see why startup failed" > } > >@@ -127,6 +133,15 @@ > ebegin "Stopping ${SVCNAME}" > start-stop-daemon --stop --quiet \ > --exec /usr/sbin/openvpn --pidfile "${VPNPID}" >+ #remove device from bridge >+ IFACE=$(sed -n 's/[[:space:]]*dev[[:space:]]*//p' ${VPNCONF}) >+ #IFACE="$( awk '/^\ *dev/ { print $2 }' ${VPNCONF} )" >+ BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null|sed 's/.*\///' ) >+ if [ "${BRIDGE}" != " "] ; then >+ einfo "BRIDGE : $BRIDGE IFACE: $IFACE" >+ /sbin/brctl delif ${BRIDGE} ${IFACE} >+ ifconfig ${IFACE} 0.0.0.0 >+ fi > eend $? > } > >--- /etc/openvpn/up.sh.orig 2010-12-18 04:18:58.000000000 +0200 >+++ /etc/openvpn/up.sh 2011-01-08 01:32:07.000000000 +0200 >@@ -18,7 +18,17 @@ > # This however, will break compatibility with Debians resolvconf > # A possible workaround would be to just list multiple domain lines > # and try and let resolvconf handle it >+# Niv Vaizer: Shell script in tap is called: >+#cmd tap_dev tap_mtu link_mtu ifconfig_local_ip ifconfig_netmask [ init | restart ] >+set -x >+ >+_is_bridge() >+{ >+ [ -d /sys/class/net/"${1:-${IFACE}}"/bridge ] >+ return $? >+} > >+#start original > if [ "${PEER_DNS}" != "no" ]; then > NS= > DOMAIN= >@@ -59,7 +69,22 @@ > fi > fi > fi >- >+#end origianl >+# in case openvpn is in bridge mode bridge it to the apropriate bridge >+if [ $# -eq 7 ] ;then >+ SVCNAME=$1 >+ IFACE=$2 >+ VPNDIR=${VPNDIR:-/etc/openvpn} >+ VPN=${SVCNAME#*.} >+ VPNCONF="${VPNDIR}/${VPN}.conf" >+ . /etc/conf.d/$SVCNAME >+ grep -q "^[[:space:]]*dev[[:space:]].*${IFACE}" "${VPNCONF}" || exit 1 >+ if [ -e /sys/class/net/${IFACE} -a -e /sys/class/net/"${BRIDGE}"/bridge ]; then >+ [ -d /sys/class/net/"${IFACE}"/brport ] && /sbin/brctl delif ${BRIDGE} ${IFACE} >+ /sbin/brctl addif ${BRIDGE} ${IFACE} >+ fi >+fi >+#start original > # Below section is Gentoo specific > # Quick summary - our init scripts are re-entrant and set the SVCNAME env var > # as we could have >1 openvpn service >--- /etc/openvpn/down.sh.orig 2010-11-24 03:25:45.000000000 +0200 >+++ /etc/openvpn/down.sh 2011-01-08 01:32:01.000000000 +0200 >@@ -2,7 +2,23 @@ > # Copyright (c) 2006-2007 Gentoo Foundation > # Distributed under the terms of the GNU General Public License v2 > # Contributed by Roy Marples (uberlord@gentoo.org) >- >+set -x >+if [ $# -eq 7 ] ;then >+ SVCNAME=$1 >+ IFACE=$2 >+ VPNDIR=${VPNDIR:-/etc/openvpn} >+ VPN=${SVCNAME#*.} >+ VPNCONF="${VPNDIR}/${VPN}.conf" >+ . /etc/conf.d/$SVCNAME >+ grep -q "^[[:space:]]*dev[[:space:]].*${IFACE}" "${VPNCONF}" || exit 1 >+ IFACE_BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null|sed 's/.*\///' ) >+ if [ ${IFACE_BRIDGE} -eq ${BRIDGE} ] ; then >+ /sbin/brctl delif ${BRIDGE} ${IFACE} >+ ifconfig ${IFACE} 0.0.0.0 >+ fi >+fi >+ >+# start original > # If we have a service specific script, run this now > if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then > /etc/openvpn/"${SVCNAME}"-down.sh "$@"
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 309385
:
255269
|
255273
|
255275
|
259305
|
259416