Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/openvpn/files/openvpn.init
Florian Eckert 053e588162 openvpn: Added option to not start the native OpenVPN configurations on boot 
OpenVPN configurations that have a uci entry, the enable/enabled option can
be used to control whether the OpenVPN connection should be started at
system startup or not.

OpenVPN configurations that are located under '/etc/openvpn/' are always
started at system boot. To ensure that these connections can also be
started later, they must 'not' be started automatically during system boot.
This can be prevented with the following entry in the OpenVPN configuration.

config globals 'globals'
	option autostart '0'

These OpenVPN configurations can then be started later with the command.
'/etc/init.d/openvpn start <name>'

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2023-12-20 15:01:46 +01:00

285 lines
6.7 KiB
Bash
Raw Blame History

#!/bin/sh /etc/rc.common
# Copyright (C) 2008-2013 OpenWrt.org
# Copyright (C) 2008 Jo-Philipp Wich
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
START=90
STOP=10
USE_PROCD=1
PROG=/usr/sbin/openvpn
PATH_INSTANCE_DIR="/etc/openvpn"
LIST_SEP="
"
UCI_STARTED=
UCI_DISABLED=
append_param() {
local s="$1"
local v="$2"
case "$v" in
*_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
*_*) v=${v%%_*}-${v#*_} ;;
esac
echo -n "$v" >> "/var/etc/openvpn-$s.conf"
return 0
}
append_bools() {
local p; local v; local s="$1"; shift
for p in $*; do
config_get_bool v "$s" "$p"
[ "$v" = 1 ] && append_param "$s" "$p" && echo >> "/var/etc/openvpn-$s.conf"
done
}
append_params() {
local p; local v; local s="$1"; shift
for p in $*; do
config_get v "$s" "$p"
IFS="$LIST_SEP"
for v in $v; do
[ "$v" = "frames_only" ] && [ "$p" = "compress" ] && unset v && append_param "$s" "$p" && echo >> "/var/etc/openvpn-$s.conf"
[ -n "$v" ] && [ "$p" != "push" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf"
[ -n "$v" ] && [ "$p" = "push" ] && append_param "$s" "$p" && echo " \"$v\"" >> "/var/etc/openvpn-$s.conf"
done
unset IFS
done
}
append_list() {
local p; local v; local s="$1"; shift
list_cb_append() {
v="${v}:$1"
}
for p in $*; do
unset v
config_list_foreach "$s" "$p" list_cb_append
[ -n "$v" ] && append_param "$s" "$p" && echo " ${v:1}" >> "/var/etc/openvpn-$s.conf"
done
}
section_enabled() {
config_get_bool enable "$1" 'enable' 0
config_get_bool enabled "$1" 'enabled' 0
[ $enable -gt 0 ] || [ $enabled -gt 0 ]
}
create_temp_file() {
mkdir -p "$(dirname "$1")"
rm -f "$1"
touch "$1"
chown root "$1"
chmod 0600 "$1"
}
openvpn_get_dev() {
local dev dev_type
local name="$1"
local conf="$2"
# Do override only for configurations with config_file
config_get config_file "$name" config
[ -n "$config_file" ] || return
# Check there is someething to override
config_get dev "$name" dev
config_get dev_type "$name" dev_type
[ -n "$dev" ] || return
# If there is a no dev_type, try to guess it
if [ -z "$dev_type" ]; then
. /lib/functions/openvpn.sh
local odev odev_type
get_openvpn_option "$conf" odev dev
get_openvpn_option "$conf" odev_type dev-type
[ -n "$odev_type" ] || odev_type="$odev"
case "$odev_type" in
tun*) dev_type="tun" ;;
tap*) dev_type="tap" ;;
*) return;;
esac
fi
# Return overrides
echo "--dev-type $dev_type --dev $dev"
}
openvpn_get_credentials() {
local name="$1"
local ret=""
config_get cert_password "$name" cert_password
config_get password "$name" password
config_get username "$name" username
if [ -n "$cert_password" ]; then
create_temp_file /var/run/openvpn.$name.pass
echo "$cert_password" > /var/run/openvpn.$name.pass
ret=" --askpass /var/run/openvpn.$name.pass "
fi
if [ -n "$username" ]; then
create_temp_file /var/run/openvpn.$name.userpass
echo "$username" > /var/run/openvpn.$name.userpass
echo "$password" >> /var/run/openvpn.$name.userpass
ret=" --auth-user-pass /var/run/openvpn.$name.userpass "
fi
# Return overrides
echo "$ret"
}
openvpn_add_instance() {
local name="$1"
local dir="$2"
local conf=$(basename "$3")
local security="$4"
local up="$5"
local down="$6"
local client=$(grep -qEx "client|tls-client" "$dir/$conf" && echo 1)
procd_open_instance "$name"
procd_set_param command "$PROG" \
--syslog "openvpn($name)" \
--status "/var/run/openvpn.$name.status" \
--cd "$dir" \
--config "$conf" \
--up "/usr/libexec/openvpn-hotplug up $name" \
--down "/usr/libexec/openvpn-hotplug down $name" \
--route-up "/usr/libexec/openvpn-hotplug route-up $name" \
--route-pre-down "/usr/libexec/openvpn-hotplug route-pre-down $name" \
${client:+--ipchange "/usr/libexec/openvpn-hotplug ipchange $name"} \
${up:+--setenv user_up "$up"} \
${down:+--setenv user_down "$down"} \
--script-security "${security:-2}" \
$(openvpn_get_dev "$name" "$conf") \
$(openvpn_get_credentials "$name" "$conf")
procd_set_param file "$dir/$conf"
procd_set_param term_timeout 15
procd_set_param respawn
procd_append_param respawn 3600
procd_append_param respawn 5
procd_append_param respawn -1
procd_close_instance
}
start_uci_instance() {
local s="$1"
config_get config "$s" config
config="${config:+$(readlink -f "$config")}"
section_enabled "$s" || {
append UCI_DISABLED "$config" "$LIST_SEP"
return 1
}
local up down script_security
config_get up "$s" up
config_get down "$s" down
config_get script_security "$s" script_security
[ ! -d "/var/run" ] && mkdir -p "/var/run"
if [ ! -z "$config" ]; then
append UCI_STARTED "$config" "$LIST_SEP"
[ -n "$up" ] || get_openvpn_option "$config" up up
[ -n "$down" ] || get_openvpn_option "$config" down down
openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security" "$up" "$down"
return
fi
create_temp_file "/var/etc/openvpn-$s.conf"
append_bools "$s" $OPENVPN_BOOLS
append_params "$s" $OPENVPN_PARAMS
append_list "$s" $OPENVPN_LIST
openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security" "$up" "$down"
}
start_path_instances() {
local path name
for path in ${PATH_INSTANCE_DIR}/*.conf; do
[ -f "$path" ] && {
name="${path##*/}"
name="${name%.conf}"
start_path_instance "$name"
}
done
}
start_path_instance() {
local name="$1"
local path up down
path="${PATH_INSTANCE_DIR}/${name}.conf"
# don't start configs again that are already started by uci
if echo "$UCI_STARTED" | grep -qxF "$path"; then
logger -t openvpn "$name.conf already started"
return
fi
# don't start configs which are set to disabled in uci
if echo "$UCI_DISABLED" | grep -qxF "$path"; then
logger -t openvpn "$name.conf is disabled in /etc/config/openvpn"
return
fi
get_openvpn_option "$path" up up || up=""
get_openvpn_option "$path" down down || down=""
openvpn_add_instance "$name" "${path%/*}" "$path" "" "$up" "$down"
}
start_service() {
local instance="$1"
local instance_found=0
config_cb() {
local type="$1"
local name="$2"
if [ "$type" = "openvpn" ]; then
if [ -n "$instance" -a "$instance" = "$name" ]; then
instance_found=1
fi
fi
}
. /lib/functions/openvpn.sh
. /usr/share/openvpn/openvpn.options
config_load 'openvpn'
if [ -n "$instance" ]; then
if [ "$instance_found" -gt 0 ]; then
start_uci_instance "$instance"
else
start_path_instance "$instance"
fi
else
config_foreach start_uci_instance 'openvpn'
auto="$(uci_get openvpn globals autostart 1)"
if [ "$auto" = "1" ]; then
start_path_instances
else
logger -t openvpn "Autostart for configs in '$PATH_INSTANCE_DIR/*.conf' disabled"
fi
fi
}
service_triggers() {
procd_add_reload_trigger openvpn
}
Reference in a new issue View git blame Copy permalink