#!/bin/bash # # openvpn This shell script takes care of starting and stopping # openvpn # # description: OpenVPN is a robust and highly flexible tunneling \ # application that uses all of the encryption, \ # authentication, and certification features of the OpenSSL \ # library to securely tunnel IP networks over a single UDP \ # port. # # To install: # copy this file to /etc/rc.d/init.d/openvpn # for each /etc/openvpn/SERVICE.conf # shell> ln -s openvpn /etc/init.d/openvpn.SERVICE # Author's Notes: # # The init script does the following: # # - Starts an openvpn process using /etc/openvpn/SERVICE.conf # # - If /etc/openvpn/SERVICE.sh exists then it executes # it before starting openvpn (useful for doing openvpn --mktun...). # # - In addition to start/stop you can do: # # openvpn.SERVICE reload - SIGHUP # openvpn.SERVICE reopen - SIGUSR1 # openvpn.SERVICE status - SIGUSR2 # SVCNAME=$(basename $0) VPN="${SVCNAME#*.}" # Location of openvpn binary openvpn="/usr/sbin/openvpn" # Lockfile lock="/var/lock/openvpn.$VPN" # PID directory piddir="/var/run/openvpn" # PID file pidfile="/var/run/openvpn/$VPN.pid" # Our working directory work="/etc/openvpn" # Source function library. . /etc/rc.conf . /etc/rc.d/functions # Check that binary exists if ! [ -f $openvpn ] then echo "openvpn binary not found" exit 0 fi ESUCCESS=0 EFAIL=1 ELOCK=2 function start { /sbin/modprobe tun >/dev/null 2>&1 # Run startup script, if defined if [ -f $work/openvpn-startup ]; then $work/openvpn-startup fi if [ ! -d $piddir ]; then mkdir $piddir fi if [ -f $lock ]; then return $ELOCK fi rm -f $pidfile cd $work # Start $VPN.conf in $work and run .sh if exists if [ -f "$VPN.sh" ]; then . $VPN.sh fi $openvpn --daemon --writepid $piddir/$VPN.pid --config $VPN.conf --cd $work #$openvpn --writepid $piddir/$VPN.pid --config $VPN.conf --cd $work if [ $? = 0 ]; then touch $lock return $ESUCCESS; else return $EFAIL; fi } function stop { if [ -f $lock ] && [ -s $pidfile ]; then kill `cat $pidfile` >/dev/null 2>&1 if [ $? -ne 0 ]; then return $EFAIL fi rm -f $pidfile # Run shutdown script, if defined if [ -f $work/openvpn-shutdown ]; then $work/openvpn-shutdown fi rm -f $lock return $ESUCCESS fi return $EFAIL } # See how we were called. case "$1" in start) stat_busy "Starting $SVCNAME Daemon" start E=$? if [ $E -eq $ESUCCESS ];then add_daemon $SVCNAME stat_done elif [ $E -eq $ELOCK ];then printhl "Previous instance not properly stopped" stat_fail else stat_fail fi ;; stop) stat_busy "Stopping $SVCNAME Daemon" stop E=$? if [ $E -eq $ESUCCESS ];then rm_daemon $SVCNAME stat_done else stat_fail fi ;; restart) $0 stop sleep 3 $0 start ;; reload) stat_busy "$SVCNAME: Reloading configuration" if [ -f $lock ] && [ -s $pidfile ]; then kill -HUP `cat $pidfile` >/dev/null 2>&1 stat_done else print_hl "$SVCNAME: service not started" stat_fail fi ;; reopen) stat_busy "$SVCNAME: soft-restart" if [ -f $lock ] && [ -s $pidfile ]; then kill -USR1 `cat $pidfile` >/dev/null 2>&1 stat_done else printhl "$SVCNAME: service not started" stat_fail fi ;; status) if [ -f $lock ] && [ -s $pidfile ]; then kill -USR2 `cat $pidfile` >/dev/null 2>&1 echo "Status written to /var/log/openvpn/$VPN.log" else echo "$SVCNAME: service not started" fi ;; *) echo "Usage: $SVCNAME {start|stop|restart|reload|reopen|status}" ;; esac exit 0