Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 140865 - Need a vpn virtual for init system.
Summary: Need a vpn virtual for init system.
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on: 46897
Blocks:
  Show dependency tree
 
Reported: 2006-07-17 21:06 UTC by brianw
Modified: 2009-10-01 09:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Allow RC_NEED and RC_USE to overlay init depends (x,1.54 KB, patch)
2006-07-20 09:08 UTC, Roy Marples (RETIRED)
Details | Diff
Allow RC_NEED and RC_USE to overlay init depends (x,1.15 KB, patch)
2006-07-20 09:17 UTC, Roy Marples (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description brianw 2006-07-17 21:06:01 UTC
Is there a way that any vpn app in portage can PROVIDE "vnet" (or some other) virtual, so that other init's can use the virtual for the depend function?

I use openvpn on my wifi segment. My router only allows input on the openvpn port and no forwarding. I have openvpn redirecting all traffic through the vpn. I also use nfs over the openvpn link. If I have both openvpn and nfsmount in the same runlevel, nfsmount always tries to start first. I have to hack the init's and such to get it to work correctly.

If there was a virtual provided by openvpn, the nfsmount init could have that in it's use line for the depend function. Therefore allowing for graceful nfs mounts/umounts depending on the state of the openvpn init.

This is related to this bug report: http://bugs.gentoo.org/show_bug.cgi?id=97800 I already posted tp that bug, but I suspect it may be orphaned.

Thanks.
Comment 1 SpanKY gentoo-dev 2006-07-19 19:14:43 UTC
not a baselayout issue, you'll need to get the vpn guys to update their init.d scripts
Comment 2 Roy Marples (RETIRED) gentoo-dev 2006-07-19 23:37:05 UTC
(In reply to comment #1)
> not a baselayout issue, you'll need to get the vpn guys to update their init.d
> scripts
> 

Well, it currently is a baselayout issue as you could have >1 vpn client installed as afaik vpn software needs to be the same end to end.

Also openvpn init script can be multiplexed like our net scripts for >1 vpn setup and our dependency system only allows us to provide "vpn" or "vpnnet" by one init script.
Comment 3 Roy Marples (RETIRED) gentoo-dev 2006-07-20 08:06:54 UTC
How about we allow conf.d/nfsmount to set RC_NEED="openvpn" and RC_USE="foo bar" ?

Basically moving towards a system of user defined dependencies that overlay our init script dependencies.
Comment 4 Roy Marples (RETIRED) gentoo-dev 2006-07-20 09:08:09 UTC
Created attachment 92317 [details, diff]
Allow RC_NEED and RC_USE to overlay init depends

Patch should apply against baselayout-1.12.1

Reporter, please test and report back
Comment 5 Roy Marples (RETIRED) gentoo-dev 2006-07-20 09:17:55 UTC
Created attachment 92319 [details, diff]
Allow RC_NEED and RC_USE to overlay init depends

This one doesn't alter the config load order - heh.
Comment 6 brianw 2006-07-30 13:38:50 UTC
Where does one set the RC_NEED and RC_USE overlay info? In /etc/conf.d/rc ? I also think this is not the way to go. The way openvpn init scripts work may break it. For each openvpn conf file one has, they make a link to /etc/init.d/openvpn.<filename in /etc/openvpn/> . For example, I use one openvpn conf file called /etc/openvpn/wan-cmpd1.conf. To control that connection i have a file called /etc/init.d/openvpn.wan-cmpd1 which is a symbolic link to /etc/init.d/openvpn.

In my humble opinion we need something similar to the net init scripts. You have an option in /etc/conf.d/rc that makes it so vnet is not considered up until any vpn init in the current runlevel is started. Am I making any sense here?

I will test the patch and report back.

BrianW
Comment 7 Roy Marples (RETIRED) gentoo-dev 2006-07-30 16:31:43 UTC
(In reply to comment #6)
> Where does one set the RC_NEED and RC_USE overlay info? In /etc/conf.d/rc ? I
> also think this is not the way to go. The way openvpn init scripts work may
> break it. For each openvpn conf file one has, they make a link to
> /etc/init.d/openvpn.<filename in /etc/openvpn/> . For example, I use one
> openvpn conf file called /etc/openvpn/wan-cmpd1.conf. To control that
> connection i have a file called /etc/init.d/openvpn.wan-cmpd1 which is a
> symbolic link to /etc/init.d/openvpn.

So those settings would go in /etc/conf.d/wan-cmpd1.conf then.

> In my humble opinion we need something similar to the net init scripts. You
> have an option in /etc/conf.d/rc that makes it so vnet is not considered up
> until any vpn init in the current runlevel is started. Am I making any sense
> here?

Not a good idea - for example a local dns resolver would need to depend on net and yet openvpn would depend on dns .....

But we do need something more flexible yes.
Comment 8 Roy Marples (RETIRED) gentoo-dev 2006-08-17 09:01:27 UTC
This is fixed in baselayout-1.12.4
Comment 9 Navid Zamani 2009-10-01 09:29:37 UTC
Hey, I wanted do add that a vpn virtual does actually not make much sense. Because any sane person does not want to have any service start with just the net virtual, or change every net-requiring service to require vpn.
I did it with a much better solution: I removed the “provide net” from *everything*, but added a “provide dmz” for net.eth0 (my use case). then I added a “provide net” to openvpn (or in my case: net.br0 which uses openvpn.vpn). tadaa, now i don’t have to change anything else, and it works as expected.