Attachment #259416 for bug #309385




VPNCONF="${VPNDIR}/${VPN}.conf"

depend() {
#	grep -q "^[ 	]*dev[ 	].*tap0" "${VPNCONF}"
#	if [ $? -eq 0 ] ; then
#		need localmount net.tap0
#	else
#		need localmount net
#	fi
	use dns
	after bootmisc
}


	checkconfig || return 1

	local args=("")
	local reenter=${RE_ENTER:-no}
	# If the config file does not specify the cd option, we do
	# But if we specify it, we override the config option which we do not want
	if ! grep -q "^[ 	]*cd[ 	].*" "${VPNCONF}" ; then
		args+=( --cd ${VPNDIR})
	fi
	
	# We mark the service as inactive and then start it.
	# When we get an authenticated packet from the peer then we run our script
	# which configures our DNS if any and marks us as up.
	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
	grep -q "^[ 	]*remote[ 	].*" "${VPNCONF}" ; then
		reener="yes"
		args+=(--up-delay --up-restart)
		args="${args} --script-security 2"
		args="${args} --up /etc/openvpn/up.sh"
		args="${args} --down-pre --down /etc/openvpn/down.sh"

		# Warn about setting scripts as we override them
		if grep -Eq "^[ 	]*(up|down)[ 	].*" "${VPNCONF}" ; then
			ewarn "WARNING: You have defined your own up/down scripts"

		fi
	else
		# So we're a server. Run as openvpn unless otherwise specified
		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args+=( --user openvpn)
		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args+=( --group openvpn)
	fi

#common settings:
	args+=(--script-security 2)
	args+=(--up "/etc/openvpn/up.sh ${SVCNAME}")
	args+=(--down-pre --down "/etc/openvpn/down.sh ${SVCNAME}")

	# Ensure that our scripts get the PEER_DNS variable
	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})

	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
		--setenv SVCNAME "${SVCNAME}" "${args[@]}"
	eend $? "Check your logs to see why startup failed"
}


	ebegin "Stopping ${SVCNAME}"
	start-stop-daemon --stop --quiet \
		--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
	#remove device from bridge
	IFACE=$(sed -n 's/[[:space:]]*dev[[:space:]]*//p' ${VPNCONF})
	#IFACE="$( awk '/^\ *dev/ { print $2 }' ${VPNCONF} )"
	BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null|sed 's/.*\///' )
	if [ "${BRIDGE}" != " "] ; then
		einfo "BRIDGE : $BRIDGE IFACE: $IFACE"
		/sbin/brctl delif ${BRIDGE} ${IFACE}
		ifconfig ${IFACE} 0.0.0.0
	fi
	eend $?
}


Lines 18-24 Link Here

(-)/home/niv/dev/openvpnl2/openvpn/up.sh.orig (-1 / +26 lines)
18	# This however, will break compatibility with Debians resolvconf	18	# This however, will break compatibility with Debians resolvconf
19	# A possible workaround would be to just list multiple domain lines	19	# A possible workaround would be to just list multiple domain lines
20	# and try and let resolvconf handle it	20	# and try and let resolvconf handle it
		21	# Niv Vaizer: Shell script in tap is called:
		22	#cmd tap_dev tap_mtu link_mtu ifconfig_local_ip ifconfig_netmask [ init \| restart ]
		23	set -x
		24
		25	_is_bridge()
		26	{
		27	[ -d /sys/class/net/"${1:-${IFACE}}"/bridge ]
		28	return $?
		29	}
21		30
		31	#start original
22	if [ "${PEER_DNS}" != "no" ]; then	32	if [ "${PEER_DNS}" != "no" ]; then
23	NS=	33	NS=
24	DOMAIN=	34	DOMAIN=
Lines 59-65 Link Here
59	fi	69	fi
60	fi	70	fi
61	fi	71	fi
62		72	#end origianl
		73	# in case openvpn is in bridge mode bridge it to the apropriate bridge
		74	if [ $# -eq 7 ] ;then
		75	SVCNAME=$1
		76	IFACE=$2
		77	VPNDIR=${VPNDIR:-/etc/openvpn}
		78	VPN=${SVCNAME#*.}
		79	VPNCONF="${VPNDIR}/${VPN}.conf"
		80	. /etc/conf.d/$SVCNAME
		81	grep -q "^[[:space:]]dev[[:space:]].${IFACE}" "${VPNCONF}" \|\| exit 1
		82	if [ -e /sys/class/net/${IFACE} -a -e /sys/class/net/"${BRIDGE}"/bridge ]; then
		83	[ -d /sys/class/net/"${IFACE}"/brport ] && /sbin/brctl delif ${BRIDGE} ${IFACE}
		84	/sbin/brctl addif ${BRIDGE} ${IFACE}
		85	fi
		86	fi
		87	#start original
63	# Below section is Gentoo specific	88	# Below section is Gentoo specific
64	# Quick summary - our init scripts are re-entrant and set the SVCNAME env var	89	# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
65	# as we could have >1 openvpn service	90	# as we could have >1 openvpn service




# Copyright (c) 2006-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# Contributed by Roy Marples (uberlord@gentoo.org)
set -x
if [ $# -eq 7 ] ;then
	SVCNAME=$1
	IFACE=$2
	VPNDIR=${VPNDIR:-/etc/openvpn}
	VPN=${SVCNAME#*.}
	VPNCONF="${VPNDIR}/${VPN}.conf"
	. /etc/conf.d/$SVCNAME
	grep -q "^[[:space:]]*dev[[:space:]].*${IFACE}" "${VPNCONF}"  || exit 1
	IFACE_BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null|sed 's/.*\///' )
	if [ ${IFACE_BRIDGE} -eq ${BRIDGE} ] ; then
		/sbin/brctl delif ${BRIDGE} ${IFACE}
		ifconfig ${IFACE} 0.0.0.0
	fi
fi
	
# start original
# If we have a service specific script, run this now
if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
	/etc/openvpn/"${SVCNAME}"-down.sh "$@"

Return to bug 309385

Lines 12-18 Link Here

(-)/home/niv/dev/openvpnl2/openvpn/init.d.openvpn.orig (-14 / +29 lines)
12	VPNCONF="${VPNDIR}/${VPN}.conf"	12	VPNCONF="${VPNDIR}/${VPN}.conf"
13		13
14	depend() {	14	depend() {
15	need localmount net	15	# grep -q "^[ ]dev[ ].tap0" "${VPNCONF}"
		16	# if [ $? -eq 0 ] ; then
		17	# need localmount net.tap0
		18	# else
		19	# need localmount net
		20	# fi
16	use dns	21	use dns
17	after bootmisc	22	after bootmisc
18	}	23	}
Lines 66-89 Link Here
66		71
67	checkconfig \|\| return 1	72	checkconfig \|\| return 1
68		73
69	local args="" reenter=${RE_ENTER:-no}	74	local args=("")
		75	local reenter=${RE_ENTER:-no}
70	# If the config file does not specify the cd option, we do	76	# If the config file does not specify the cd option, we do
71	# But if we specify it, we override the config option which we do not want	77	# But if we specify it, we override the config option which we do not want
72	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then	78	if ! grep -q "^[ ]cd[ ]." "${VPNCONF}" ; then
73	args="${args} --cd ${VPNDIR}"	79	args+=( --cd ${VPNDIR})
74	fi	80	fi
75
76	# We mark the service as inactive and then start it.	81	# We mark the service as inactive and then start it.
77	# When we get an authenticated packet from the peer then we run our script	82	# When we get an authenticated packet from the peer then we run our script
78	# which configures our DNS if any and marks us as up.	83	# which configures our DNS if any and marks us as up.
79	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \	84	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
80	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then	85	grep -q "^[ ]remote[ ]." "${VPNCONF}" ; then
81	reenter="yes"	86	reener="yes"
82	args="${args} --up-delay --up-restart"	87	args+=(--up-delay --up-restart)
83	args="${args} --script-security 2"
84	args="${args} --up /etc/openvpn/up.sh"
85	args="${args} --down-pre --down /etc/openvpn/down.sh"
86
87	# Warn about setting scripts as we override them	88	# Warn about setting scripts as we override them
88	if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then	89	if grep -Eq "^[ ](up\|down)[ ]." "${VPNCONF}" ; then
89	ewarn "WARNING: You have defined your own up/down scripts"	90	ewarn "WARNING: You have defined your own up/down scripts"
Lines 102-118 Link Here
102	fi	103	fi
103	else	104	else
104	# So we're a server. Run as openvpn unless otherwise specified	105	# So we're a server. Run as openvpn unless otherwise specified
105	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args="${args} --user openvpn"	106	grep -q "^[ ]user[ ]." "${VPNCONF}" \|\| args+=( --user openvpn)
106	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args="${args} --group openvpn"	107	grep -q "^[ ]group[ ]." "${VPNCONF}" \|\| args+=( --group openvpn)
107	fi	108	fi
108		109
		110	#common settings:
		111	args+=(--script-security 2)
		112	args+=(--up "/etc/openvpn/up.sh ${SVCNAME}")
		113	args+=(--down-pre --down "/etc/openvpn/down.sh ${SVCNAME}")
		114
109	# Ensure that our scripts get the PEER_DNS variable	115	# Ensure that our scripts get the PEER_DNS variable
110	[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"	116	[ -n "${PEER_DNS}" ] && args+=( --setenv PEER_DNS ${PEER_DNS})
111		117
112	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"	118	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
113	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \	119	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
114	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \	120	-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
115	--setenv SVCNAME "${SVCNAME}" ${args}	121	--setenv SVCNAME "${SVCNAME}" "${args[@]}"
116	eend $? "Check your logs to see why startup failed"	122	eend $? "Check your logs to see why startup failed"
117	}	123	}
118		124
Lines 127-132 Link Here
127	ebegin "Stopping ${SVCNAME}"	133	ebegin "Stopping ${SVCNAME}"
128	start-stop-daemon --stop --quiet \	134	start-stop-daemon --stop --quiet \
129	--exec /usr/sbin/openvpn --pidfile "${VPNPID}"	135	--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
		136	#remove device from bridge
		137	IFACE=$(sed -n 's/[[:space:]]dev[[:space:]]//p' ${VPNCONF})
		138	#IFACE="$( awk '/^\ *dev/ { print $2 }' ${VPNCONF} )"
		139	BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null\|sed 's/.*\///' )
		140	if [ "${BRIDGE}" != " "] ; then
		141	einfo "BRIDGE : $BRIDGE IFACE: $IFACE"
		142	/sbin/brctl delif ${BRIDGE} ${IFACE}
		143	ifconfig ${IFACE} 0.0.0.0
		144	fi
130	eend $?	145	eend $?
131	}	146	}
132		147

Lines 2-8 Link Here

(-)/home/niv/dev/openvpnl2/openvpn/down.sh.orig (-1 / +17 lines)
2	# Copyright (c) 2006-2007 Gentoo Foundation	2	# Copyright (c) 2006-2007 Gentoo Foundation
3	# Distributed under the terms of the GNU General Public License v2	3	# Distributed under the terms of the GNU General Public License v2
4	# Contributed by Roy Marples (uberlord@gentoo.org)	4	# Contributed by Roy Marples (uberlord@gentoo.org)
5		5	set -x
		6	if [ $# -eq 7 ] ;then
		7	SVCNAME=$1
		8	IFACE=$2
		9	VPNDIR=${VPNDIR:-/etc/openvpn}
		10	VPN=${SVCNAME#*.}
		11	VPNCONF="${VPNDIR}/${VPN}.conf"
		12	. /etc/conf.d/$SVCNAME
		13	grep -q "^[[:space:]]dev[[:space:]].${IFACE}" "${VPNCONF}" \|\| exit 1
		14	IFACE_BRIDGE=$(ls -l /sys/class/net/${IFACE}/brport/bridge 2>/dev/null\|sed 's/.*\///' )
		15	if [ ${IFACE_BRIDGE} -eq ${BRIDGE} ] ; then
		16	/sbin/brctl delif ${BRIDGE} ${IFACE}
		17	ifconfig ${IFACE} 0.0.0.0
		18	fi
		19	fi
		20
		21	# start original
6	# If we have a service specific script, run this now	22	# If we have a service specific script, run this now
7	if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then	23	if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
8	/etc/openvpn/"${SVCNAME}"-down.sh "$@"	24	/etc/openvpn/"${SVCNAME}"-down.sh "$@"