#!/bin/sh # # openvpn.sh - load tun/tap driver and start OpenVPN daemon # # (C) Copyright 2005 - 2008 by Matthias Andree # based on suggestions by Matthias Grimm and Dirk Gouders # with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev # and Vasil Dimov # # $FreeBSD$ # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or (at your option) any later # version. # # This program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more # details. # # You should have received a copy of the GNU General Public License along with # this program; if not, write to the Free Software Foundation, Inc., 51 Franklin # Street, Fifth Floor, Boston, MA 02110-1301, USA. # PROVIDE: openvpn # REQUIRE: DAEMON # KEYWORD: shutdown # ----------------------------------------------------------------------------- # # This script supports running multiple instances of openvpn. # To run additional instance link this script to something like # % ln -s openvpn openvpn_foo # and define additional openvpn_foo_* variables in one of # /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo # # Below NAME should be substituted with the name of this script. By default # it is openvpn, so read as openvpn_enable. If you linked the script to # openvpn_foo, then read as openvpn_foo_enable etc. # # The following variables are supported (defaults are shown). # You can place them in any of # /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME # # NAME_enable="NO" # set to YES to enable openvpn # NAME_if="" # driver(s) to load, set to "tun", "tap" or "tun tap" # # # optional: # NAME_flags="" # additional command line arguments # NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf" # --config file # NAME_dir="%%PREFIX%%/etc/openvpn" # --cd directory # # You also need to set NAME_configfile and NAME_dir, if the configuration # file and directory where keys and certificates reside differ from the above # settings. # # Note that we deliberately refrain from unloading drivers. # # For further documentation, please see openvpn(8). # . %%RC_SUBR%% case "$0" in /etc/rc*) # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown), # so get the name of the script from $_file name=$(basename "$_file" .sh) ;; *) name=$(basename "$0" .sh) ;; esac rcvar=$(set_rcvar) prefix="%%PREFIX%%" openvpn_precmd() { for i in $interfaces ; do # FreeBSD <= 5.4 does not know kldstat's -m option # FreeBSD >= 6.0 does not add debug.* sysctl information # in the default build - we check both to keep things simple if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 \ && ! kldstat -m if_${i} >/dev/null 2>&1 ; then if ! kldload if_${i} ; then warn "Could not load $i module." return 1 fi fi done return 0 } stop_postcmd() { rm -f "$pidfile" || warn "Could not remove $pidfile." } # support SIGHUP to reparse configuration file extra_commands="reload" # pidfile pidfile="/var/run/${name}.pid" # command and arguments command="%%PREFIX%%/sbin/openvpn" # run this first start_precmd="openvpn_precmd" # and this last stop_postcmd="stop_postcmd" load_rc_config ${name} eval ": \${${name}_enable:=\"NO\"}" eval ": \${${name}_flags:=\"\"}" eval ": \${${name}_if:=\"\"}" eval ": \${${name}_configfile:=\"${prefix}/etc/openvpn/${name}.conf\"}" eval ": \${${name}_dir:=\"${prefix}/etc/openvpn\"}" configfile="$(eval echo \${${name}_configfile})" dir="$(eval echo \${${name}_dir})" interfaces="$(eval echo \${${name}_if})" required_files=${configfile} command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile}" run_rc_command "$1"