1#!/bin/sh 2# 3# openvpn This shell script takes care of starting and stopping 4# openvpn on RedHat or other chkconfig-based system. 5# 6# chkconfig: 345 24 76 7# 8# description: OpenVPN is a robust and highly flexible tunneling application \ 9# that uses all of the encryption, authentication, and \ 10# certification features of the OpenSSL library to securely \ 11# tunnel IP networks over a single UDP port. 12# 13 14# Contributed to the OpenVPN project by 15# Douglas Keller <doug@voidstar.dyndns.org> 16# 2002.05.15 17 18# To install: 19# copy this file to /etc/rc.d/init.d/openvpn 20# shell> chkconfig --add openvpn 21# shell> mkdir /etc/openvpn 22# make .conf or .sh files in /etc/openvpn (see below) 23 24# To uninstall: 25# run: chkconfig --del openvpn 26 27# Author's Notes: 28# 29# I have created an /etc/init.d init script and enhanced openvpn.spec to 30# automatically register the init script. Once the RPM is installed you 31# can start and stop OpenVPN with "service openvpn start" and "service 32# openvpn stop". 33# 34# The init script does the following: 35# 36# - Starts an openvpn process for each .conf file it finds in 37# /etc/openvpn. 38# 39# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes 40# it before starting openvpn (useful for doing openvpn --mktun...). 41# 42# - In addition to start/stop you can do: 43# 44# service openvpn reload - SIGHUP 45# service openvpn reopen - SIGUSR1 46# service openvpn status - SIGUSR2 47# 48# Modifications: 49# 50# 2003.05.02 51# * Changed == to = for sh compliance (Bishop Clark). 52# * If condrestart|reload|reopen|status, check that we were 53# actually started (James Yonan). 54# * Added lock, piddir, and work variables (James Yonan). 55# * If start is attempted twice, without an intervening stop, or 56# if start is attempted when previous start was not properly 57# shut down, then kill any previously started processes, before 58# commencing new start operation (James Yonan). 59# * Do a better job of flagging errors on start, and properly 60# returning success or failure status to caller (James Yonan). 61# 62# 2005.04.04 63# * Added openvpn-startup and openvpn-shutdown script calls 64# (James Yonan). 65# 66 67# Location of openvpn binary 68openvpn="" 69openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn" 70for location in $openvpn_locations 71do 72 if [ -f "$location" ] 73 then 74 openvpn=$location 75 fi 76done 77 78# Lockfile 79lock="/var/lock/subsys/openvpn" 80 81# PID directory 82piddir="/var/run/openvpn" 83 84# Our working directory 85work=/etc/openvpn 86 87# Source function library. 88. /etc/rc.d/init.d/functions 89 90# Source networking configuration. 91. /etc/sysconfig/network 92 93# Check that networking is up. 94if [ ${NETWORKING} = "no" ] 95then 96 echo "Networking is down" 97 exit 0 98fi 99 100# Check that binary exists 101if ! [ -f $openvpn ] 102then 103 echo "openvpn binary not found" 104 exit 0 105fi 106 107# See how we were called. 108case "$1" in 109 start) 110 echo -n $"Starting openvpn: " 111 112 /sbin/modprobe tun >/dev/null 2>&1 113 114 # From a security perspective, I think it makes 115 # sense to remove this, and have users who need 116 # it explictly enable in their --up scripts or 117 # firewall setups. 118 119 #echo 1 > /proc/sys/net/ipv4/ip_forward 120 121 # Run startup script, if defined 122 if [ -f $work/openvpn-startup ]; then 123 $work/openvpn-startup 124 fi 125 126 if [ ! -d $piddir ]; then 127 mkdir $piddir 128 fi 129 130 if [ -f $lock ]; then 131 # we were not shut down correctly 132 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do 133 if [ -s $pidf ]; then 134 kill `cat $pidf` >/dev/null 2>&1 135 fi 136 rm -f $pidf 137 done 138 rm -f $lock 139 sleep 2 140 fi 141 142 rm -f $piddir/*.pid 143 cd $work 144 145 # Start every .conf in $work and run .sh if exists 146 errors=0 147 successes=0 148 for c in `/bin/ls *.conf 2>/dev/null`; do 149 bn=${c%%.conf} 150 if [ -f "$bn.sh" ]; then 151 . $bn.sh 152 fi 153 rm -f $piddir/$bn.pid 154 $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work 155 if [ $? = 0 ]; then 156 successes=1 157 else 158 errors=1 159 fi 160 done 161 162 if [ $errors = 1 ]; then 163 failure; echo 164 else 165 success; echo 166 fi 167 168 if [ $successes = 1 ]; then 169 touch $lock 170 fi 171 ;; 172 stop) 173 echo -n $"Shutting down openvpn: " 174 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do 175 if [ -s $pidf ]; then 176 kill `cat $pidf` >/dev/null 2>&1 177 fi 178 rm -f $pidf 179 done 180 181 # Run shutdown script, if defined 182 if [ -f $work/openvpn-shutdown ]; then 183 $work/openvpn-shutdown 184 fi 185 186 success; echo 187 rm -f $lock 188 ;; 189 restart) 190 $0 stop 191 sleep 2 192 $0 start 193 ;; 194 reload) 195 if [ -f $lock ]; then 196 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do 197 if [ -s $pidf ]; then 198 kill -HUP `cat $pidf` >/dev/null 2>&1 199 fi 200 done 201 else 202 echo "openvpn: service not started" 203 exit 1 204 fi 205 ;; 206 reopen) 207 if [ -f $lock ]; then 208 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do 209 if [ -s $pidf ]; then 210 kill -USR1 `cat $pidf` >/dev/null 2>&1 211 fi 212 done 213 else 214 echo "openvpn: service not started" 215 exit 1 216 fi 217 ;; 218 condrestart) 219 if [ -f $lock ]; then 220 $0 stop 221 # avoid race 222 sleep 2 223 $0 start 224 fi 225 ;; 226 status) 227 if [ -f $lock ]; then 228 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do 229 if [ -s $pidf ]; then 230 kill -USR2 `cat $pidf` >/dev/null 2>&1 231 fi 232 done 233 echo "Status written to /var/log/messages" 234 else 235 echo "openvpn: service not started" 236 exit 1 237 fi 238 ;; 239 *) 240 echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}" 241 exit 1 242 ;; 243esac 244exit 0 245