X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Fnetwork%2Fservices%2Fopenvpn%2Ffiles%2Fopenvpn.init;h=a560b89ff243cbd37c430cfdac4216cdb8c443c6;hb=8fe9940db66517679f09fa1d2f6f79229b6a8361;hp=c58f005f3651433278f5d7bb9d99999bb43f281c;hpb=416ce374c031979ddd5e2f376ea6f88232f66178;p=openwrt%2Fstaging%2Fdedeckeh.git diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init index c58f005f36..a560b89ff2 100644 --- a/package/network/services/openvpn/files/openvpn.init +++ b/package/network/services/openvpn/files/openvpn.init @@ -1,27 +1,30 @@ #!/bin/sh /etc/rc.common -# Copyright (C) 2008-2011 OpenWrt.org +# Copyright (C) 2008-2013 OpenWrt.org # Copyright (C) 2008 Jo-Philipp Wich # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. -START=95 +START=90 +STOP=10 -SERVICE_DAEMONIZE=1 -SERVICE_WRITE_PID=1 - -EXTRA_COMMANDS="up down" +USE_PROCD=1 +PROG=/usr/sbin/openvpn LIST_SEP=" " +UCI_STARTED= +UCI_DISABLED= + append_param() { - local v="$1" + local s="$1" + local v="$2" case "$v" in *_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; *_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; *_*) v=${v%%_*}-${v#*_} ;; esac - ARGS="$ARGS --$v" + echo -n "$v" >> "/var/etc/openvpn-$s.conf" return 0 } @@ -29,7 +32,7 @@ append_bools() { local p; local v; local s="$1"; shift for p in $*; do config_get_bool v "$s" "$p" - [ "$v" == 1 ] && append_param "$p" + [ "$v" = 1 ] && append_param "$s" "$p" && echo >> "/var/etc/openvpn-$s.conf" done } @@ -39,116 +42,133 @@ append_params() { config_get v "$s" "$p" IFS="$LIST_SEP" for v in $v; do - [ -n "$v" ] && append_param "$p" && ARGS="$ARGS $v" + [ -n "$v" ] && [ "$p" != "push" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf" + [ -n "$v" ] && [ "$p" == "push" ] && append_param "$s" "$p" && echo " \"$v\"" >> "/var/etc/openvpn-$s.conf" done unset IFS done } +append_list() { + local p; local v; local s="$1"; shift + + list_cb_append() { + v="${v}:$1" + } + + for p in $*; do + unset v + config_list_foreach "$s" "$p" list_cb_append + [ -n "$v" ] && append_param "$s" "$p" && echo " ${v:1}" >> "/var/etc/openvpn-$s.conf" + done +} + section_enabled() { config_get_bool enable "$1" 'enable' 0 config_get_bool enabled "$1" 'enabled' 0 [ $enable -gt 0 ] || [ $enabled -gt 0 ] } +openvpn_add_instance() { + local name="$1" + local dir="$2" + local conf="$3" + local security="$4" + + procd_open_instance "$name" + procd_set_param command "$PROG" \ + --syslog "openvpn($name)" \ + --status "/var/run/openvpn.$name.status" \ + --cd "$dir" \ + --config "$conf" \ + --up "/usr/libexec/openvpn-hotplug up $name" \ + --down "/usr/libexec/openvpn-hotplug down $name" \ + --script-security "${security:-2}" + procd_set_param file "$dir/$conf" + procd_set_param term_timeout 15 + procd_set_param respawn + procd_append_param respawn 3600 + procd_append_param respawn 5 + procd_append_param respawn -1 + procd_close_instance +} + start_instance() { local s="$1" - section_enabled "$s" || return 1 - - ARGS="" - - # append flags - append_bools "$s" \ - auth_nocache auth_retry auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \ - client_to_client comp_lzo comp_noadapt disable \ - disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \ - ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \ - management_query_passwords management_signal mktun mlock mtu_test multihome mute_replay_warnings \ - nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \ - persist_remote_ip persist_tun ping_timer_rem pull push_reset \ - remote_random rmtun route_noexec route_nopull single_session socks_proxy_retry \ - suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \ - tun_ipv6 up_delay up_restart username_as_common_name - - # append params - append_params "$s" \ - cd askpass auth auth_user_pass auth_user_pass_verify bcast_buffers ca cert \ - chroot cipher client_config_dir client_connect client_disconnect config connect_freq \ - connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \ - echo engine explicit_exit_notify fragment group hand_window hash_size \ - http_proxy http_proxy_option http_proxy_timeout ifconfig ifconfig_pool \ - ifconfig_pool_persist ifconfig_push inactive ipchange iroute keepalive \ - key key_method keysize learn_address link_mtu lladdr local log log_append \ - lport management management_log_cache max_clients \ - max_routes_per_client mode mssfix mtu_disc mute nice ns_cert_type ping \ - ping_exit ping_restart pkcs12 plugin port port_share prng proto rcvbuf \ - redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \ - reneg_bytes reneg_pkts reneg_sec \ - replay_persist replay_window resolv_retry route route_delay route_gateway \ - route_metric route_up rport script_security secret server server_bridge setenv shaper sndbuf \ - socks_proxy status status_version syslog tcp_queue_limit tls_auth \ - tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ - tun_mtu tun_mtu_extra txqueuelen user verb down push up - - - SERVICE_PID_FILE="/var/run/openvpn-$s.pid" - service_start /usr/sbin/openvpn --syslog "openvpn($s)" --writepid "$SERVICE_PID_FILE" $ARGS -} + config_get config "$s" config + config="${config:+$(readlink -f "$config")}" -stop_instance() { - local s="$1" + section_enabled "$s" || { + append UCI_DISABLED "$config" "$LIST_SEP" + return 1 + } - section_enabled "$s" || return 1 + local script_security + config_get script_security "$s" script_security - SERVICE_PID_FILE="/var/run/openvpn-$s.pid" - service_stop /usr/sbin/openvpn -} + [ ! -d "/var/run" ] && mkdir -p "/var/run" -reload_instance() { - local s="$1" + if [ ! -z "$config" ]; then + append UCI_STARTED "$config" "$LIST_SEP" + openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security" + return + fi - section_enabled "$s" || return 1 + [ ! -d "/var/etc" ] && mkdir -p "/var/etc" + [ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf" - SERVICE_PID_FILE="/var/run/openvpn-$s.pid" - service_reload /usr/sbin/openvpn -} + append_bools "$s" $OPENVPN_BOOLS + append_params "$s" $OPENVPN_PARAMS + append_list "$s" $OPENVPN_LIST -start() { - config_load 'openvpn' - config_foreach start_instance 'openvpn' + openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security" } -stop() { - config_load 'openvpn' - config_foreach stop_instance 'openvpn' -} +start_service() { + local instance="$1" + local instance_found=0 + + config_cb() { + local type="$1" + local name="$2" + if [ "$type" = "openvpn" ]; then + if [ -n "$instance" -a "$instance" = "$name" ]; then + instance_found=1 + fi + fi + } -reload() { + . /usr/share/openvpn/openvpn.options config_load 'openvpn' - config_foreach reload_instance 'openvpn' -} -up() { - local exists - local instance - config_load 'openvpn' - for instance in "$@"; do - config_get exists "$instance" 'TYPE' - if [ "$exists" == "openvpn" ]; then - start_instance "$instance" - fi - done + if [ -n "$instance" ]; then + [ "$instance_found" -gt 0 ] || return + start_instance "$instance" + else + config_foreach start_instance 'openvpn' + + local path name + for path in /etc/openvpn/*.conf; do + if [ -f "$path" ]; then + name="${path##*/}"; name="${name%.conf}" + + # don't start configs again that are already started by uci + if echo "$UCI_STARTED" | grep -qxF "$path"; then + continue + + # don't start configs which are set to disabled in uci + elif echo "$UCI_DISABLED" | grep -qxF "$path"; then + logger -t openvpn "$name.conf is disabled in /etc/config/openvpn" + continue + fi + + openvpn_add_instance "$name" "${path%/*}" "$path" + fi + done + fi } -down() { - local exists - local instance - config_load 'openvpn' - for instance in "$@"; do - config_get exists "$instance" 'TYPE' - if [ "$exists" == "openvpn" ]; then - stop_instance "$instance" - fi - done +service_triggers() { + procd_add_reload_trigger openvpn }