1#!/bin/sh 2 3# Copyright (c) 2005-2010 OpenVPN Technologies, Inc. 4# Licensed under the GPL version 2 5 6# First version by Jesse Adelman 7# someone at boldandbusted dink com 8# http://www.boldandbusted.com/ 9 10# PURPOSE: This script automatically removes the /etc/resolv.conf entries previously 11# set by the companion script "client.up". 12 13# INSTALL NOTES: 14# Place this in /etc/openvpn/client.down 15# Then, add the following to your /etc/openvpn/<clientconfig>.conf: 16# client 17# up /etc/openvpn/client.up 18# down /etc/openvpn/client.down 19# Next, "chmod a+x /etc/openvpn/client.down" 20 21# USAGE NOTES: 22# Note that this script is best served with the companion "client.up" 23# script. 24 25# Tested under Debian lenny with OpenVPN 2.1_rc11 26# It should work with any UNIX with a POSIX sh, /etc/resolv.conf or resolvconf 27 28# This runs with the context of the OpenVPN UID/GID 29# at the time of execution. This generally means that 30# the client "up" script will run fine, but the "down" script 31# will require the use of the OpenVPN "down-root" plugin 32# which is in the plugins/ directory of the OpenVPN source tree 33 34# A horrid work around, from a security perspective, 35# is to run OpenVPN as root. THIS IS NOT RECOMMENDED. You have 36# been WARNED. 37PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin 38 39if type resolvconf >/dev/null 2>&1; then 40 resolvconf -d "${1}" -f 41elif [ -e /etc/resolv.conf.ovpnsave ] ; then 42 # cp + rm rather than mv in case it's a symlink 43 cp /etc/resolv.conf.ovpnsave /etc/resolv.conf 44 rm -f /etc/resolv.conf.ovpnsave 45fi 46 47exit 0 48