Update of /cvsroot/leaf/src/The_UnNamed_One/apps/openvpn
In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv15949/apps/openvpn
Added Files:
buildtool.cfg buildtool.mk openvpn-2.0.9.tar.gz
openvpn.default openvpn.ifdown openvpn.ifup openvpn.init
Log Message:
initial import
--- NEW FILE: openvpn.ifup ---
#!/bin/sh
OPENVPN=/etc/init.d/openvpn
if [ ! -x $OPENVPN ]; then
exit 0
fi
if [ -n "$IF_OPENVPN" ]; then
$OPENVPN start $IF_OPENVPN
fi
--- NEW FILE: openvpn.ifdown ---
#!/bin/sh
OPENVPN=/etc/init.d/openvpn
if [ ! -x $OPENVPN ]; then
exit 0
fi
if [ -n "$IF_OPENVPN" ]; then
$OPENVPN stop $IF_OPENVPN
fi
--- NEW FILE: openvpn.default ---
# This is the configuration file for /etc/init.d/openvpn
#
# Start only these VPNs automatically via init script.
# Allowed values are "all", "none" or space separated list of
# names of the VPNs. If empty, "all" is assumed.
#
#AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="client server"
#
# Refresh interval (in seconds) of default status files
# located in /var/run/openvpn.$NAME.status
# Defaults to 10, 0 disables status file generation
#
#STATUSREFRESH=10
#STATUSREFRESH=0
--- NEW FILE: openvpn-2.0.9.tar.gz ---
(This appears to be a binary file; contents omitted.)
--- NEW FILE: buildtool.mk ---
include $(MASTERMAKEFILE)
# setup for openvpn 2.0
# based on the setup for 1.6 with enhancements for 2.0
# and changes by Charles Duffy
OPENVPN_DIR:=openvpn-2.0.9
OPENVPN_TARGET_DIR:=$(BT_BUILD_DIR)/openvpn
$(OPENVPN_DIR)/.source:
zcat $(OPENVPN_SOURCE) | tar -xvf -
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-ca
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-dh
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-inter
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-key
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-key-pass
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-key-server
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-req
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/build-req-pass
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/clean-all
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/list-crl
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/make-crl
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/revoke-crt
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,' $(OPENVPN_DIR)/easy-rsa/vars
perl -i -p -e 's,^export D=.*$$,export D=/etc/openvpn,'
$(OPENVPN_DIR)/easy-rsa/vars
perl -i -p -e 's,^export KEY_CONFIG.*$$,export
KEY_CONFIG=/etc/easyrsa/openssl.cnf,' $(OPENVPN_DIR)/easy-rsa/vars
perl -i -p -e 's,group nobody,group nogroup,'
$(OPENVPN_DIR)/sample-config-files/server.conf
perl -i -p -e 's,group nobody,group nogroup,'
$(OPENVPN_DIR)/sample-config-files/client.conf
perl -i -p -e 's,status openvpn-status.log,status
/var/log/openvpn-status.log,' $(OPENVPN_DIR)/sample-config-files/server.conf
perl -i -p -e 's,ifconfig-pool-persist ipp.txt,ifconfig-pool-persist
/var/lib/openvpn-ipp.txt,' $(OPENVPN_DIR)/sample-config-files/server.conf
touch $(OPENVPN_DIR)/.source
$(OPENVPN_DIR)/.build: $(OPENVPN_DIR)/.source
mkdir -p $(OPENVPN_TARGET_DIR)/etc/openvpn
mkdir -p $(OPENVPN_TARGET_DIR)/etc/init.d
mkdir -p $(OPENVPN_TARGET_DIR)/etc/default
mkdir -p $(OPENVPN_TARGET_DIR)/etc/network/if-up.d
mkdir -p $(OPENVPN_TARGET_DIR)/etc/network/if-down.d
mkdir -p $(OPENVPN_TARGET_DIR)/usr/sbin
# Build a version without lzo support
(cd $(OPENVPN_DIR); \
rm -rf config.cache; \
CFLAGS="$(BT_COPT_FLAGS)" \
CC=$(TARGET_CC) \
LD=$(TARGET_LD) \
./configure \
--with-ssl-headers=$(BT_STAGING_DIR)/usr/include \
--with-ssl-lib=$(BT_STAGING_DIR)/usr/lib \
--disable-dependency-tracking \
--enable-ssl \
--enable-iproute2 \
--with-iproute-path=/sbin/ip \
--includedir=$(BT_STAGING_DIR)/include \
--disable-lzo \
--disable-pthread \
--prefix=/usr \
--disable-socks \
--disable-http \
--disable-debug \
--enable-small \
--libdir=$(BT_STAGING_DIR)/lib );
make CC=$(TARGET_CC) -C $(OPENVPN_DIR)
$(BT_STRIP) $(BT_STRIP_BINOPS) $(OPENVPN_DIR)/openvpn
make DESTDIR=$(OPENVPN_TARGET_DIR) -C $(OPENVPN_DIR) install
cp $(OPENVPN_DIR)/sample-config-files/server.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/
cp $(OPENVPN_DIR)/sample-config-files/client.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/
cp openvpn.init $(OPENVPN_TARGET_DIR)/etc/init.d/openvpn
cp openvpn.default $(OPENVPN_TARGET_DIR)/etc/default/openvpn
cp openvpn.ifup
$(OPENVPN_TARGET_DIR)/etc/network/if-up.d/openvpn
cp openvpn.ifdown
$(OPENVPN_TARGET_DIR)/etc/network/if-down.d/openvpn
rm $(OPENVPN_DIR)/openvpn
# make sure lzo is disabled in the sample config
perl -i -p -e 's,^comp-lzo,;comp-lzo,'
$(OPENVPN_TARGET_DIR)/etc/openvpn/server.conf
perl -i -p -e 's,^comp-lzo,;comp-lzo,'
$(OPENVPN_TARGET_DIR)/etc/openvpn/client.conf
cp $(OPENVPN_DIR)/easy-rsa/build-ca
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/build-dh
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/build-inter
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/build-key
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/build-key-pass
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/build-req
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/build-key-server
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/build-req-pass
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/clean-all
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/openssl.cnf
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/list-crl
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/make-crl
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/revoke-crt
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/vars $(OPENVPN_TARGET_DIR)/usr/sbin/
# clean up for the next round
make CC=$(TARGET_CC) -C $(OPENVPN_DIR) clean
# Build a version with lzo support
(cd $(OPENVPN_DIR); \
rm -rf config.cache; \
CFLAGS="$(BT_COPT_FLAGS)" \
CC=$(TARGET_CC) \
LD=$(TARGET_LD) \
./configure \
--with-ssl-headers=$(BT_STAGING_DIR)/usr/include \
--with-ssl-lib=$(BT_STAGING_DIR)/usr/lib \
--disable-dependency-tracking \
--enable-ssl \
--enable-iproute2 \
--with-iproute-path=/sbin/ip \
--with-lzo-headers=$(BT_STAGING_DIR)/usr/include \
--with-lzo-lib=$(BT_STAGING_DIR)/usr/lib \
--includedir=$(BT_STAGING_DIR)/include \
--disable-pthread \
--prefix=/usr \
--disable-socks \
--disable-http \
--disable-debug \
--enable-small \
--libdir=$(BT_STAGING_DIR)/lib );
make CC=$(TARGET_CC) -C $(OPENVPN_DIR)
$(BT_STRIP) $(BT_STRIP_BINOPTS) $(OPENVPN_DIR)/openvpn
cp $(OPENVPN_DIR)/sample-config-files/server.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/server.lzo.conf
cp $(OPENVPN_DIR)/sample-config-files/client.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/client.lzo.conf
mv $(OPENVPN_DIR)/openvpn
$(OPENVPN_TARGET_DIR)/usr/sbin/openvpn_lzo
cp -a $(OPENVPN_TARGET_DIR)/* $(BT_STAGING_DIR)
touch $(OPENVPN_DIR)/.build
source: $(OPENVPN_DIR)/.source
build: $(OPENVPN_DIR)/.build
clean:
-rm $(OPENVPN_DIR)/.build
make -C $(OPENVPN_DIR) clean
rm -rf $(OPENVPN_TARGET_DIR)
srcclean:
rm -rf $(OPENVPN_DIR)
rm -rf $(BT_STAGING_DIR)/etc/openvpn
rm -f $(BT_STAGING_DIR)/etc/init.d/openvpn
rm -f $(BT_STAGING_DIR)/etc/default/openvpn
rm -f $(BT_STAGING_DIR)/etc/network/if-up.d/openvpn
rm -f $(BT_STAGING_DIR)/etc/network/if-down.d/openvpn
rm -f $(BT_STAGING_DIR)/usr/sbin/openvpn
rm -f $(BT_STAGING_DIR)/usr/sbin/openvpn_lzo
--- NEW FILE: buildtool.cfg ---
<File buildtool.mk>
Server = cvs-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn-2.0.9.tar.gz>
Server = cvs-sourceforge
envname = OPENVPN_SOURCE
directory = openvpn
revision = HEAD
</File>
<File openvpn.init>
Server = cvs-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn.default>
Server = cvs-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn.ifup>
Server = cvs-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn.ifdown>
Server = cvs-sourceforge
directory = openvpn
revision = HEAD
</File>
<Package>
<openvpn>
Version = 2.0.9
Revision = 3
Help <<EOF
Robust and highly flexible tunneling application
that uses all of the encryption, authentication, and
certification features
of the OpenSSL library to securely tunnel IP networks
over a single UDP port.
This version supports iproute2, so there is no need for
the route or ifconfig
binaries. Simply specify the "ifconfig" and "route"
options as described in
the OpenVPN docs, and the correct iproute2 commands
will be generated.
See: http://www.openvpn.net
Requires: libcrpto.lrp libssl.lrp
LEAF package by __PACKAGER__, __BUILDDATE__
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = etc/openvpn
Type = local
</File>
<File>
Filename = etc/openvpn/server.conf
Source = etc/openvpn/server.conf
Type = binary
</File>
<File>
Filename = etc/openvpn/client.conf
Source = etc/openvpn/client.conf
Type = binary
</File>
<File>
Filename = etc/default/openvpn
Source = etc/default/openvpn
Type = binary
Type = conf
Type = local
Description = openvpn daemon configuration
</File>
<File>
Filename = etc/openvpn/*.conf
Type = conf
</File>
<File>
Filename = usr/sbin/openvpn
Source = usr/sbin/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/init.d/openvpn
Source = etc/init.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-up.d/openvpn
Source = etc/network/if-up.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-down.d/openvpn
Source = etc/network/if-down.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/lib/openvpn
Type = directory
</File>
</Contents>
</openvpn>
<openvpnz>
Version = 2.0.9
Revision = 3
Help <<EOF
Robust and highly flexible tunneling application
that uses all of the encryption, authentication, and
certification features
of the OpenSSL library to securely tunnel IP networks
over a single UDP port.
It uses the Marcus Franz Xaver Johannes Oberhumer's LZO
library for
compression.
This version supports iproute2, so there is no need for
the route or ifconfig
binaries. Simply specify the "ifconfig" and "route"
options as described in
the OpenVPN docs, and the correct iproute2 commands
will be generated.
See: http://www.openvpn.net
Requires: libcrpto.lrp libssl.lrp liblzo.lrp
LEAF package by __PACKAGER__, __BUILDDATE__
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = etc/openvpn
Type = local
</File>
<File>
Filename = etc/openvpn/server.conf
Source = etc/openvpn/server.lzo.conf
Type = binary
</File>
<File>
Filename = etc/openvpn/client.conf
Source = etc/openvpn/client.lzo.conf
Type = binary
</File>
<File>
Filename = etc/default/openvpn
Source = etc/default/openvpn
Type = binary
Type = conf
Type = local
Description = openvpn daemon configuration
</File>
<File>
Filename = etc/openvpn/*.conf
Type = conf
</File>
<File>
Filename = usr/sbin/openvpn
Source = usr/sbin/openvpn_lzo
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/init.d/openvpn
Source = etc/init.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-up.d/openvpn
Source = etc/network/if-up.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-down.d/openvpn
Source = etc/network/if-down.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/lib/openvpn
Type = directory
</File>
</Contents>
</openvpnz>
<easyrsa>
Version = 2.0.9
Revision = 1
Help <<EOF
This is a small RSA key management package, based on
the openssl command line
tool, that can be found in the easy-rsa subdirectory
See: http://www.openvpn.net
Requires: openssl.lrp
LEAF package by __PACKAGER__, __BUILDDATE__
INSTALL
1. Edit /etc/easyrse/vars.
2. Set KEY_CONFIG to point to the openssl.cnf file
included in this distribution (/etc/ssl/openssl.cnf).
3. Set KEY_DIR to point to a directory which will
contain all keys, certificates, etc. This
directory need not exist, and if it does,
it will be deleted with rm -rf, so BE
CAREFUL how you set KEY_DIR.
4. (Optional) Edit other fields in vars
per your site data. You may want to
increase KEY_SIZE to 2048 if you are
paranoid and don't mind slower key
processing, but certainly 1024 is
fine for testing purposes. KEY_SIZE
must be compatible across both peers
participating in a secure SSL/TLS
connection.
5 . /etc/easyrsa/vars
note that ". vars" will not work, even if you are
in the right directory
6. clean-all
7. As you create certificates, keys, and
certificate signing requests, understand that
only .key files should be kept confidential.
.crt and .csr files can be sent over insecure
channels such as plaintext email.
8. You should never need to copy a .key file
between computers. Normally each computer
will have its own certificate/key pair.
BUILD YOUR OWN ROOT CERTIFICATE AUTHORITY (CA)
CERTIFICATE/KEY
1. build-ca
2. ca.crt and ca.key will be built in your KEY_DIR
directory
BUILD AN INTERMEDIATE CERTIFICATE AUTHORITY
CERTIFICATE/KEY
1. build-inter inter
2. inter.crt and inter.key will be built in your KEY_DIR
directory and signed with your root certificate.
BUILD DIFFIE-HELLMAN PARAMETERS (necessary for
the server end of a SSL/TLS connection).
1. build-dh
BUILD A CERTIFICATE SIGNING REQUEST (If
you want to sign your certificate with a root
certificate controlled by another individual
or organization, or residing on a different machine).
1. Get ca.crt (the root certificate) from your
certificate authority. Though this
transfer can be over an insecure channel, to prevent
man-in-the-middle attacks you must confirm that
ca.crt was not tampered with. Large CAs solve this
problem by hardwiring their root certificates into
popular web browsers. A simple way to verify a root
CA is to call the issuer on the telephone and confirm
that the md5sum or sha1sum signatures on the ca.crt
files match (such as with the command: "md5sum
ca.crt").
2. Choose a name for your certificate such as your
computer
name. In our example we will use "deception".
3. build-req deception
4. You can ignore most of the fields, but set
"Common Name" to something unique such as your
computer's host name. Leave all password
fields blank, unless you want your private key
to be protected by password. Using a password
is not required -- it will make your key more secure
but also more inconvenient to use, because you will
need to supply your password anytime the key is used.
NOTE: if you are using a password, use
./build-req-pass
instead of ./build-req
5. Your key will be written to $KEY_DIR/deception.key
6. Your certificate signing request will be written to
to $KEY_DIR/deception.csr
7. Email deception.csr to the individual or organization
which controls the root certificate. This can be
done over an insecure channel.
8. After the .csr file is signed by the root certificate
authority, you will receive a file deception.crt
(your certificate). Place deception.crt in your
KEY_DIR directory.
9. The combined files of deception.crt, deception.key,
and ca.crt can now be used to secure one end of
an SSL/TLS connection.
SIGN A CERTIFICATE SIGNING REQUEST
1. sign-req deception
2. deception.crt will be built in your KEY_DIR
directory using deception.csr and your root CA
file as input.
BUILD AND SIGN A CERTIFICATE SIGNING REQUEST
USING A LOCALLY INSTALLED ROOT CERTIFICATE/KEY -- this
script generates and signs a certificate in one step,
but it requires that the generated certificate and
private
key files be copied to the destination host over a
secure channel.
1. build-key deception (no password protection)
2. OR build-key-pass deception (with password
protection)
3. deception.crt and deception.key will be built in your
KEY_DIR directory, and deception.crt will be signed
by your root CA.
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = usr/sbin/build-ca
Source = usr/sbin/build-ca
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-dh
Source = usr/sbin/build-dh
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-inter
Source = usr/sbin/build-inter
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-key
Source = usr/sbin/build-key
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-key-server
Source = usr/sbin/build-key-server
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-key-pass
Source = usr/sbin/build-key-pass
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-req
Source = usr/sbin/build-req
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-req-pass
Source = usr/sbin/build-req-pass
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/clean-all
Source = usr/sbin/clean-all
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/list-crl
Source = usr/sbin/list-crl
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/make-crl
Source = usr/sbin/make-crl
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/revoke-crt
Source = usr/sbin/revoke-crt
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/easyrsa/vars
Source = usr/sbin/vars
Type = binary
Type = local
Type = conf
Permissions = 644
</File>
<File>
Filename = etc/easyrsa/openssl.cnf
Source = usr/sbin/openssl.cnf
Type = binary
Type = local
Type = conf
Permissions = 644
</File>
</Contents>
</easyrsa>
</Package>
--- NEW FILE: openvpn.init ---
#!/bin/sh -e
#
# Original version by Robert Leslie
# <[EMAIL PROTECTED]>, edited by iwj and cs
# Modified for openvpn by Alberto Gonzalez Iniesta <[EMAIL PROTECTED]>
# Modified for restarting / starting / stopping single tunnels by Richard
Mueller <[EMAIL PROTECTED]>
RCDLINKS="0,K20 1,K20 2,S20 3,S20 4,S20 5,S20 6,K20"
DAEMON=/usr/sbin/openvpn
DESC="virtual private network daemon"
CONFIG_DIR=/etc/openvpn
test -x $DAEMON || exit 0
test -d $CONFIG_DIR || exit 0
# Source defaults file; edit that file to configure this script.
AUTOSTART="all"
STATUSREFRESH=10
if test -e /etc/default/openvpn ; then
. /etc/default/openvpn
fi
start_vpn () {
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
# daemon already given in config file
DAEMONARG=
else
# need to daemonize
DAEMONARG="--daemon ovpn-$NAME"
fi
if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
# status file already given in config file
STATUSARG=""
elif test $STATUSREFRESH -eq 0 ; then
# default status file disabled in /etc/default/openvpn
STATUSARG=""
else
# prepare default status file
STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH"
fi
echo -n " $NAME"
STATUS="OK"
$DAEMON --writepid /var/run/openvpn.$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS="FAILED"
echo -n "($STATUS)"
}
stop_vpn () {
kill `cat $PIDFILE` || true
rm $PIDFILE
rm -f /var/run/openvpn.$NAME.status 2> /dev/null
}
case "$1" in
start)
echo -n "Starting $DESC:"
# autostart VPNs
if test -z "$2" ; then
# check if automatic startup is disabled by AUTOSTART=none
if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
echo " Autostart disabled."
exit 0
fi
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# all VPNs shall be started automatically
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
start_vpn
done
else
# start only specified VPNs
for NAME in $AUTOSTART ; do
if test -e $CONFIG_DIR/$NAME.conf ; then
start_vpn
else
echo -n " (failure: No such VPN: $NAME)"
fi
done
fi
#start VPNs from command line
else
while shift ; do
[ -z "$1" ] && break
if test -e $CONFIG_DIR/$1.conf ; then
NAME=$1
start_vpn
else
echo -n " (failure: No such VPN: $1)"
fi
done
fi
echo "."
;;
stop)
echo -n "Stopping $DESC:"
if test -z "$2" ; then
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
echo -n " $NAME"
done
else
while shift ; do
[ -z "$1" ] && break
if test -e /var/run/openvpn.$1.pid ; then
PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null`
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
echo -n " $NAME"
else
echo -n " (failure: No such VPN is running: $1)"
fi
done
fi
echo "."
;;
# We only 'reload' for running VPNs. New ones will only start with 'start' or
'restart'.
reload|force-reload)
echo -n "Reloading $DESC:"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
# If openvpn if running under a different user than root we'll need to restart
if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then
stop_vpn
sleep 1
start_vpn
echo -n "(restarted)"
else
kill -HUP `cat $PIDFILE` || true
echo -n " $NAME"
fi
done
echo "."
;;
restart)
shift
$0 stop [EMAIL PROTECTED]
sleep 1
$0 start [EMAIL PROTECTED]
;;
cond-restart)
echo -n "Restarting $DESC:"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
sleep 1
start_vpn
done
echo "."
;;
*)
echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart}" >&2
exit 1
;;
esac
exit 0
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
