diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2018-07-14 11:29:25 -0700 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2018-07-14 11:29:25 -0700 |
commit | bc5b277f319034a56029998ba05570dd12da8a42 (patch) | |
tree | 5dbe6cf8cb912a9fa89a4a0004d1ae5058deb505 | |
download | openvpn-openrc-bc5b277f319034a56029998ba05570dd12da8a42.tar.xz |
Initial commit
-rw-r--r-- | PKGBUILD | 41 | ||||
-rw-r--r-- | openvpn.confd | 20 | ||||
-rwxr-xr-x | openvpn.initd | 133 |
3 files changed, 194 insertions, 0 deletions
diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 0000000..943ee07 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,41 @@ +# Maintainer: artoo <artoo@artixlinux.org> + +_url="https://raw.githubusercontent.com/gentoo/gentoo/master" + +pkgname=openvpn-openrc +pkgver=20180712 +pkgrel=3 +pkgdesc="OpenRC openvpn init script" +arch=('any') +url="https://github.com/artix-linux/packages" +license=('GPL2') +groups=('openrc-system') +depends=('openrc' 'openvpn') +backup=('etc/init.d/openvpn' + 'etc/conf.d/openvpn') +source=("openvpn.initd" + "openvpn.confd") +sha256sums=('2187ce996f4d7b7409fdb097746a1ea678da6476adcaa3e6d019fe81ed09b4d9' + 'b5693448584560e09caf0b5631b8c2137f13a028365083a20fcf0db6afc33c03') + +pkgver() { + date +%Y%m%d +} + +_inst_initd(){ + install -Dm755 ${srcdir}/$1.initd ${pkgdir}/etc/init.d/$1 + + sed -e 's|/var/run|/run|g' \ + -e 's|#!/sbin/openrc-run|#!/usr/bin/openrc-run|g' \ + -e 's|/usr/sbin|/usr/bin|g' \ + -i ${pkgdir}/etc/init.d/$1 +} + +_inst_confd(){ + install -Dm755 ${srcdir}/$1.confd ${pkgdir}/etc/conf.d/$1 +} + +package() { + _inst_initd 'openvpn' + _inst_confd 'openvpn' +} diff --git a/openvpn.confd b/openvpn.confd new file mode 100644 index 0000000..f4cefeb --- /dev/null +++ b/openvpn.confd @@ -0,0 +1,20 @@ +# OpenVPN automatically creates an /etc/resolv.conf (or sends it to +# resolvconf) if given DNS information by the OpenVPN server. +# Set PEER_DNS="no" to stop this. +PEER_DNS="no" + +# OpenVPN can run in many modes. Most people will want the init script +# to automatically detect the mode and try and apply a good default +# configuration and setup scripts. However, there are cases where the +# OpenVPN configuration looks like a client, but it's really a peer or +# something else. DETECT_CLIENT controls this behaviour. +DETECT_CLIENT="no" + +# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn +# init script (ie, it first becomes "inactive" and the script then starts the +# script again to make it "started") then you can state this below. +# In other words, unless you understand service dependencies and are a +# competent shell scripter, don't set this. +RE_ENTER="no" + +VPN="" diff --git a/openvpn.initd b/openvpn.initd new file mode 100755 index 0000000..3568a9f --- /dev/null +++ b/openvpn.initd @@ -0,0 +1,133 @@ +#!/usr/bin/openrc-run +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPNDIR=${VPNDIR:-/etc/openvpn} +#VPN=${SVCNAME#*.} +if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then + VPNPID="/run/openvpn.${VPN}.pid" +else + VPNPID="/run/openvpn.pid" +fi +VPNCONF="${VPNDIR}/${VPN}.conf" + +depend() { + need localmount net + use dns + after bootmisc +} + +checkconfig() { + # Linux has good dynamic tun/tap creation + if [ $(uname -s) = "Linux" ] ; then + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available" \ + "in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi + return 0 + fi + + # Other OS's don't, so we rely on a pre-configured interface + # per vpn instance + local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}") + if [ -z ${ifname} ] ; then + eerror "You need to specify the interface that this openvpn" \ + "instance should use" \ + "by using the dev option in ${VPNCONF}" + return 1 + fi + + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + # Try and create it + echo > /dev/"${ifname}" >/dev/null + fi + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + eerror "${VPNCONF} requires interface ${ifname}" \ + "but that does not exist" + return 1 + fi +} + +start() { + # If we are re-called by the openvpn gentoo-up.sh script + # then we don't actually want to start openvpn + [ "${IN_BACKGROUND}" = "true" ] && return 0 + + ebegin "Starting ${SVCNAME}" + + checkconfig || return 1 + + local args="" reenter=${RE_ENTER:-no} + # If the config file does not specify the cd option, we do + # But if we specify it, we override the config option which we do not want + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then + args="${args} --cd ${VPNDIR}" + fi + + # We mark the service as inactive and then start it. + # When we get an authenticated packet from the peer then we run our script + # which configures our DNS if any and marks us as up. + if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ + grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then + reenter="yes" + args="${args} --up-delay --up-restart" + args="${args} --script-security 2" + args="${args} --up /etc/openvpn/up.sh" + args="${args} --down-pre --down /etc/openvpn/down.sh" + + # Warn about setting scripts as we override them + if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You have defined your own up/down scripts" + ewarn "As you're running as a client, we now force Gentoo specific" + ewarn "scripts to be run for up and down events." + ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" + ewarn "where you can put your own code." + fi + + # Warn about the inability to change ip/route/dns information when + # dropping privs + if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You are dropping root privileges!" + ewarn "As such openvpn may not be able to change ip, routing" + ewarn "or DNS configuration." + fi + else + # So we're a server. Run as openvpn unless otherwise specified + grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" + grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" + fi + + # Ensure that our scripts get the PEER_DNS variable + [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" + + [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" + start-stop-daemon --start --exec /usr/bin/openvpn --pidfile "${VPNPID}" \ + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ + --setenv SVCNAME "${SVCNAME}" ${args} + eend $? "Check your logs to see why startup failed" +} + +stop() { + # If we are re-called by the openvpn gentoo-down.sh script + # then we don't actually want to stop openvpn + if [ "${IN_BACKGROUND}" = "true" ] ; then + mark_service_inactive "${SVCNAME}" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet \ + --exec /usr/bin/openvpn --pidfile "${VPNPID}" + eend $? +} + +# vim: set ts=4 : |