Add OpenVPN support files
This commit is contained in:
Roy Marples
parent
d651155b61
commit
f434007b98
8
support/openvpn/README
Normal file
8
support/openvpn/README
Normal file
@ -0,0 +1,8 @@
|
||||
These handy scripts setup any dns information that OpenVPN may push.
|
||||
They also handle the interaction with OpenRC so that the OpenVPN service
|
||||
can become "inactive". This means that when it starts, it goes inactive and
|
||||
OpenRC continues on its merry way booting the system. When OpenVPN connects
|
||||
to an endpoint it then re-starts the OpenVPN service and starts up any
|
||||
services that depend on us. A similar thing happens when we shut down.
|
||||
|
||||
Of course, this is all optional.
|
||||
49
support/openvpn/down.sh
Executable file
49
support/openvpn/down.sh
Executable file
@ -0,0 +1,49 @@
|
||||
#!/bin/sh
|
||||
# Copyright 2007 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
|
||||
# If we have a service specific script, run this now
|
||||
[ -x "${SVCNAME}"-down.sh ] && "${SVCNAME}"-down.sh
|
||||
|
||||
# Restore resolv.conf to how it was
|
||||
if type resolvconf >/dev/null 2>&1; then
|
||||
resolvconf -d "${dev}"
|
||||
elif [ -e /etc/resolv.conf-"${dev}".sv ]; then
|
||||
# Important that we copy instead of move incase resolv.conf is
|
||||
# a symlink and not an actual file
|
||||
cp -p /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
|
||||
rm -f /etc/resolv.conf-"${dev}".sv
|
||||
fi
|
||||
|
||||
# Re-enter the init script to stop any dependant services
|
||||
service=/etc/init.d/"${SVCNAME}"
|
||||
[ ! -x "${service}" ] && service=/usr/local/etc/init.d/"${SVCNAME}"
|
||||
if [ -x "${service}" ]; then
|
||||
if "${service}" --quiet status; then
|
||||
export IN_BACKGROUND=YES
|
||||
"${service}" --quiet stop
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
99
support/openvpn/up.sh
Executable file
99
support/openvpn/up.sh
Executable file
@ -0,0 +1,99 @@
|
||||
#!/bin/sh
|
||||
# Copyright 2007 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
|
||||
# Setup our resolv.conf
|
||||
# Vitally important that we use the domain entry in resolv.conf so we
|
||||
# can setup the nameservers are for the domain ONLY in resolvconf if
|
||||
# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc.
|
||||
# nscd/libc users will get the VPN nameservers before their other ones
|
||||
# and will use the first one that responds - maybe the LAN ones?
|
||||
# non resolvconf users just the the VPN resolv.conf
|
||||
|
||||
# FIXME:- if we have >1 domain, then we have to use search :/
|
||||
# We need to add a flag to resolvconf to say
|
||||
# "these nameservers should only be used for the listed search domains
|
||||
# if other global nameservers are present on other interfaces"
|
||||
# This however, will break compatibility with Debians resolvconf
|
||||
# A possible workaround would be to just list multiple domain lines
|
||||
# and try and let resolvconf handle it
|
||||
|
||||
PATH=$PATH:/usr/local/sbin
|
||||
|
||||
NS=
|
||||
DOMAIN=
|
||||
SEARCH=
|
||||
i=1
|
||||
while true; do
|
||||
eval opt=\$foreign_option_${i}
|
||||
[ -z "${opt}" ] && break
|
||||
if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ]; then
|
||||
if [ -z "${DOMAIN}" ]; then
|
||||
DOMAIN="${opt#dhcp-option DOMAIN *}"
|
||||
else
|
||||
SEARCH="${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
|
||||
fi
|
||||
elif [ "${opt}" != "${opt#dhcp-option DNS *}" ]; then
|
||||
NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
|
||||
fi
|
||||
i=$((${i} + 1))
|
||||
done
|
||||
|
||||
if [ -n "${NS}" ]; then
|
||||
DNS="# Generated by openvpn for interface ${dev}\n"
|
||||
if [ -n "${SEARCH}" ] ; then
|
||||
DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
|
||||
else
|
||||
DNS="${DNS}domain ${DOMAIN}\n"
|
||||
fi
|
||||
DNS="${DNS}${NS}"
|
||||
if type resolvconf >/dev/null 2>&1; then
|
||||
printf "${DNS}" | resolvconf -a "${dev}"
|
||||
else
|
||||
# Preserve the existing resolv.conf
|
||||
if [ -e /etc/resolv.conf ] ; then
|
||||
cp -p /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
|
||||
fi
|
||||
(umask 022; printf "${DNS}" > /etc/resolv.conf)
|
||||
fi
|
||||
fi
|
||||
|
||||
# Below section is OpenRC specific
|
||||
# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
|
||||
# as we could have >1 openvpn service
|
||||
|
||||
# If we have a service specific script, run this now
|
||||
[ -x "${SVCNAME}"-up.sh ] && "${SVCNAME}"-up.sh
|
||||
|
||||
# Re-enter the init script to start any dependant services
|
||||
service=/etc/init.d/"${SVCNAME}"
|
||||
[ ! -x "${service}" ] && service=/usr/local/etc/init.d/"${SVCNAME}"
|
||||
if [ -x "${service}" ]; then
|
||||
if ! "${service}" --quiet status; then
|
||||
export IN_BACKGROUND=true
|
||||
"${service}" --quiet start
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Loading…
Reference in New Issue
Block a user