3
# openvpn This shell script takes care of starting and stopping
4
# openvpn on RedHat or other chkconfig-based system.
8
# description: OpenVPN is a robust and highly flexible tunneling application \
9
# that uses all of the encryption, authentication, and \
10
# certification features of the OpenSSL library to securely \
11
# tunnel IP networks over a single UDP port.
14
# Contributed to the OpenVPN project by
15
# Douglas Keller <doug@voidstar.dyndns.org>
19
# copy this file to /etc/rc.d/init.d/openvpn
20
# shell> chkconfig --add openvpn
21
# shell> mkdir /etc/openvpn
22
# make .conf or .sh files in /etc/openvpn (see below)
25
# run: chkconfig --del openvpn
29
# I have created an /etc/init.d init script and enhanced openvpn.spec to
30
# automatically register the init script. Once the RPM is installed you
31
# can start and stop OpenVPN with "service openvpn start" and "service
34
# The init script does the following:
36
# - Starts an openvpn process for each .conf file it finds in
39
# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
40
# it before starting openvpn (useful for doing openvpn --mktun...).
42
# - In addition to start/stop you can do:
44
# service openvpn reload - SIGHUP
45
# service openvpn reopen - SIGUSR1
46
# service openvpn status - SIGUSR2
51
# * Changed == to = for sh compliance (Bishop Clark).
52
# * If condrestart|reload|reopen|status, check that we were
53
# actually started (James Yonan).
54
# * Added lock, piddir, and work variables (James Yonan).
55
# * If start is attempted twice, without an intervening stop, or
56
# if start is attempted when previous start was not properly
57
# shut down, then kill any previously started processes, before
58
# commencing new start operation (James Yonan).
59
# * Do a better job of flagging errors on start, and properly
60
# returning success or failure status to caller (James Yonan).
63
# * Added openvpn-startup and openvpn-shutdown script calls
67
# Location of openvpn binary
69
openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
70
for location in $openvpn_locations
79
lock="/var/lock/subsys/openvpn"
82
piddir="/var/run/openvpn"
84
# Our working directory
87
# Source function library.
88
. /etc/rc.d/init.d/functions
90
# Source networking configuration.
91
. /etc/sysconfig/network
93
# Check that networking is up.
94
if [ ${NETWORKING} = "no" ]
96
echo "Networking is down"
100
# Check that binary exists
103
echo "openvpn binary not found"
107
# See how we were called.
110
echo -n $"Starting openvpn: "
112
/sbin/modprobe tun >/dev/null 2>&1
114
# From a security perspective, I think it makes
115
# sense to remove this, and have users who need
116
# it explictly enable in their --up scripts or
119
#echo 1 > /proc/sys/net/ipv4/ip_forward
121
# Run startup script, if defined
122
if [ -f $work/openvpn-startup ]; then
123
$work/openvpn-startup
126
if [ ! -d $piddir ]; then
130
if [ -f $lock ]; then
131
# we were not shut down correctly
132
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
133
if [ -s $pidf ]; then
134
kill `cat $pidf` >/dev/null 2>&1
145
# Start every .conf in $work and run .sh if exists
148
for c in `/bin/ls *.conf 2>/dev/null`; do
150
if [ -f "$bn.sh" ]; then
153
rm -f $piddir/$bn.pid
154
$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
162
if [ $errors = 1 ]; then
168
if [ $successes = 1 ]; then
173
echo -n $"Shutting down openvpn: "
174
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
175
if [ -s $pidf ]; then
176
kill `cat $pidf` >/dev/null 2>&1
181
# Run shutdown script, if defined
182
if [ -f $work/openvpn-shutdown ]; then
183
$work/openvpn-shutdown
195
if [ -f $lock ]; then
196
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
197
if [ -s $pidf ]; then
198
kill -HUP `cat $pidf` >/dev/null 2>&1
202
echo "openvpn: service not started"
207
if [ -f $lock ]; then
208
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
209
if [ -s $pidf ]; then
210
kill -USR1 `cat $pidf` >/dev/null 2>&1
214
echo "openvpn: service not started"
219
if [ -f $lock ]; then
227
if [ -f $lock ]; then
228
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
229
if [ -s $pidf ]; then
230
kill -USR2 `cat $pidf` >/dev/null 2>&1
233
echo "Status written to /var/log/messages"
235
echo "openvpn: service not started"
240
echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"