4
# Required-Start: $network
5
# Required-Stop: $network
7
# Default-Stop: 0 1 2 6
8
# Short-Description: This shell script takes care of starting and stopping OpenVPN.
9
# Description: OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port.
12
# Contributed to the OpenVPN project by
13
# Douglas Keller <doug@voidstar.dyndns.org>
16
# Modified for SuSE by
17
# Frank Plohmann <openvpn@franks-planet.de>
19
# Please feel free to contact me if you have problems or suggestions
23
# copy this file to /etc/rc.d/init.d/openvpn
24
# use the runlevel editor in Yast to add it to runlevel 3 and/or 5
25
# shell> mkdir /etc/openvpn
26
# make .conf or .sh files in /etc/openvpn (see below)
29
# use also Yast and the runlevel editor to uninstall
33
# I have created an /etc/init.d init script and enhanced openvpn.spec to
34
# automatically register the init script. Once the RPM is installed you
35
# can start and stop OpenVPN with "service openvpn start" and "service
38
# The init script does the following:
40
# - Starts an openvpn process for each .conf file it finds in
43
# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
44
# it before starting openvpn (useful for doing openvpn --mktun...).
46
# - In addition to start/stop you can do:
48
# /etc/init.d/openvpn reload - SIGHUP
49
# /etc/init.d/openvpn reopen - SIGUSR1
50
# /etc/init.d/openvpn status - SIGUSR2
52
# Modifications 2003.05.02
53
# * Changed == to = for sh compliance (Bishop Clark).
54
# * If condrestart|reload|reopen|status, check that we were
55
# actually started (James Yonan).
56
# * Added lock, piddir, and work variables (James Yonan).
57
# * If start is attempted twice, without an intervening stop, or
58
# if start is attempted when previous start was not properly
59
# shut down, then kill any previously started processes, before
60
# commencing new start operation (James Yonan).
61
# * Do a better job of flagging errors on start, and properly
62
# returning success or failure status to caller (James Yonan).
64
# Modifications 2003.08.24
65
# * Converted the script for SuSE Linux distribution.
66
# Tested with version 8.2 (Frank Plohmann).
67
# - removed "chkconfig" header
69
# - changed installation notes
70
# - corrected path to openvpn binary
71
# - removes sourcing "functions"
72
# - removed sourcing "network"
73
# - removed network checking. it seemed not to work with SuSE.
74
# - added sourcing "rc.status", comments and "rc_reset" command
75
# - removed "succes; echo" and "failure; echo" lines
76
# - added "rc_status" lines at the end of each section
77
# - changed "service" to "/etc/init.d/" in "In addition to start/stop"
80
# Modifications 2005.04.04
81
# * Added openvpn-startup and openvpn-shutdown script calls (James Yonan).
84
# Location of openvpn binary
85
openvpn="/usr/sbin/openvpn"
88
lock="/var/lock/subsys/openvpn"
91
piddir="/var/run/openvpn"
93
# Our working directory
99
# Shell functions sourced from /etc/rc.status:
100
# rc_check check and set local and overall rc status
101
# rc_status check and set local and overall rc status
102
# rc_status -v ditto but be verbose in local rc status
103
# rc_status -v -r ditto and clear the local rc status
104
# rc_failed set local and overall rc status to failed
105
# rc_reset clear local rc status (overall remains)
106
# rc_exit exit appropriate to overall rc status
108
# rc_status check and set local and overall rc status
109
# rc_status -v ditto but be verbose in local rc status
110
# rc_status -v -r ditto and clear the local rc status
111
# rc_failed set local and overall rc status to failed
112
# rc_reset clear local rc status (overall remains)
113
# rc_exit exit appropriate to overall rc status
115
# First reset status of this service
118
[ -f $openvpn ] || exit 0
120
# See how we were called.
123
echo -n $"Starting openvpn: "
125
/sbin/modprobe tun >/dev/null 2>&1
127
# From a security perspective, I think it makes
128
# sense to remove this, and have users who need
129
# it explictly enable in their --up scripts or
132
#echo 1 > /proc/sys/net/ipv4/ip_forward
134
# Run startup script, if defined
135
if [ -f $work/openvpn-startup ]; then
136
$work/openvpn-startup
139
if [ ! -d $piddir ]; then
143
if [ -f $lock ]; then
144
# we were not shut down correctly
145
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
146
if [ -s $pidf ]; then
147
kill `cat $pidf` >/dev/null 2>&1
158
# Start every .conf in $work and run .sh if exists
161
for c in `/bin/ls *.conf 2>/dev/null`; do
163
if [ -f "$bn.sh" ]; then
166
rm -f $piddir/$bn.pid
167
$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
175
if [ $successes = 1 ]; then
182
echo -n $"Shutting down openvpn: "
183
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
184
if [ -s $pidf ]; then
185
kill `cat $pidf` >/dev/null 2>&1
190
# Run shutdown script, if defined
191
if [ -f $work/openvpn-shutdown ]; then
192
$work/openvpn-shutdown
207
if [ -f $lock ]; then
208
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
209
if [ -s $pidf ]; then
210
kill -HUP `cat $pidf` >/dev/null 2>&1
214
echo "openvpn: service not started"
221
if [ -f $lock ]; then
222
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
223
if [ -s $pidf ]; then
224
kill -USR1 `cat $pidf` >/dev/null 2>&1
228
echo "openvpn: service not started"
235
if [ -f $lock ]; then
245
if [ -f $lock ]; then
246
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
247
if [ -s $pidf ]; then
248
kill -USR2 `cat $pidf` >/dev/null 2>&1
251
echo "Status written to /var/log/messages"
253
echo "openvpn: service not started"
260
echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"