big svn cleanup
[anytun.git] / src / openvpn / sample-scripts / openvpn.init
blob6c699ccaef57f9a5b5cec9856f08400d1d111785
1 #!/bin/sh
3 # openvpn This shell script takes care of starting and stopping
4 # openvpn on RedHat or other chkconfig-based system.
6 # chkconfig: 345 24 76
8 # description: OpenVPN is a robust and highly flexible tunneling application that
9 # uses all of the encryption, authentication, and certification features
10 # of the OpenSSL library to securely tunnel IP networks over a single
11 # UDP port.
14 # Contributed to the OpenVPN project by
15 # Douglas Keller <doug@voidstar.dyndns.org>
16 # 2002.05.15
18 # To install:
19 # copy this file to /etc/rc.d/init.d/openvpn
20 # shell> chkconfig --add openvpn
21 # shell> mkdir /etc/openvpn
22 # make .conf or .sh files in /etc/openvpn (see below)
24 # To uninstall:
25 # run: chkconfig --del openvpn
27 # Author's Notes:
29 # I have created an /etc/init.d init script and enhanced openvpn.spec to
30 # automatically register the init script. Once the RPM is installed you
31 # can start and stop OpenVPN with "service openvpn start" and "service
32 # openvpn stop".
34 # The init script does the following:
36 # - Starts an openvpn process for each .conf file it finds in
37 # /etc/openvpn.
39 # - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
40 # it before starting openvpn (useful for doing openvpn --mktun...).
42 # - In addition to start/stop you can do:
44 # service openvpn reload - SIGHUP
45 # service openvpn reopen - SIGUSR1
46 # service openvpn status - SIGUSR2
48 # Modifications:
50 # 2003.05.02
51 # * Changed == to = for sh compliance (Bishop Clark).
52 # * If condrestart|reload|reopen|status, check that we were
53 # actually started (James Yonan).
54 # * Added lock, piddir, and work variables (James Yonan).
55 # * If start is attempted twice, without an intervening stop, or
56 # if start is attempted when previous start was not properly
57 # shut down, then kill any previously started processes, before
58 # commencing new start operation (James Yonan).
59 # * Do a better job of flagging errors on start, and properly
60 # returning success or failure status to caller (James Yonan).
62 # 2005.04.04
63 # * Added openvpn-startup and openvpn-shutdown script calls
64 # (James Yonan).
67 # Location of openvpn binary
68 openvpn=""
69 openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
70 for location in $openvpn_locations
72 if [ -f "$location" ]
73 then
74 openvpn=$location
76 done
78 # Lockfile
79 lock="/var/lock/subsys/openvpn"
81 # PID directory
82 piddir="/var/run/openvpn"
84 # Our working directory
85 work=/etc/openvpn
87 # Source function library.
88 . /etc/rc.d/init.d/functions
90 # Source networking configuration.
91 . /etc/sysconfig/network
93 # Check that networking is up.
94 if [ ${NETWORKING} = "no" ]
95 then
96 echo "Networking is down"
97 exit 0
100 # Check that binary exists
101 if ! [ -f $openvpn ]
102 then
103 echo "openvpn binary not found"
104 exit 0
107 # See how we were called.
108 case "$1" in
109 start)
110 echo -n $"Starting openvpn: "
112 /sbin/modprobe tun >/dev/null 2>&1
114 # From a security perspective, I think it makes
115 # sense to remove this, and have users who need
116 # it explictly enable in their --up scripts or
117 # firewall setups.
119 #echo 1 > /proc/sys/net/ipv4/ip_forward
121 # Run startup script, if defined
122 if [ -f $work/openvpn-startup ]; then
123 $work/openvpn-startup
126 if [ ! -d $piddir ]; then
127 mkdir $piddir
130 if [ -f $lock ]; then
131 # we were not shut down correctly
132 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
133 if [ -s $pidf ]; then
134 kill `cat $pidf` >/dev/null 2>&1
136 rm -f $pidf
137 done
138 rm -f $lock
139 sleep 2
142 rm -f $piddir/*.pid
143 cd $work
145 # Start every .conf in $work and run .sh if exists
146 errors=0
147 successes=0
148 for c in `/bin/ls *.conf 2>/dev/null`; do
149 bn=${c%%.conf}
150 if [ -f "$bn.sh" ]; then
151 . $bn.sh
153 rm -f $piddir/$bn.pid
154 $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
155 if [ $? = 0 ]; then
156 successes=1
157 else
158 errors=1
160 done
162 if [ $errors = 1 ]; then
163 failure; echo
164 else
165 success; echo
168 if [ $successes = 1 ]; then
169 touch $lock
172 stop)
173 echo -n $"Shutting down openvpn: "
174 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
175 if [ -s $pidf ]; then
176 kill `cat $pidf` >/dev/null 2>&1
178 rm -f $pidf
179 done
181 # Run shutdown script, if defined
182 if [ -f $work/openvpn-shutdown ]; then
183 $work/openvpn-shutdown
186 success; echo
187 rm -f $lock
189 restart)
190 $0 stop
191 sleep 2
192 $0 start
194 reload)
195 if [ -f $lock ]; then
196 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
197 if [ -s $pidf ]; then
198 kill -HUP `cat $pidf` >/dev/null 2>&1
200 done
201 else
202 echo "openvpn: service not started"
203 exit 1
206 reopen)
207 if [ -f $lock ]; then
208 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
209 if [ -s $pidf ]; then
210 kill -USR1 `cat $pidf` >/dev/null 2>&1
212 done
213 else
214 echo "openvpn: service not started"
215 exit 1
218 condrestart)
219 if [ -f $lock ]; then
220 $0 stop
221 # avoid race
222 sleep 2
223 $0 start
226 status)
227 if [ -f $lock ]; then
228 for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
229 if [ -s $pidf ]; then
230 kill -USR2 `cat $pidf` >/dev/null 2>&1
232 done
233 echo "Status written to /var/log/messages"
234 else
235 echo "openvpn: service not started"
236 exit 1
240 echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
241 exit 1
243 esac
244 exit 0