How to Start OpenVPN?

Calvin Hendryx-Parker calvin at sixfeetup.com
Tue Jun 28 00:07:17 GMT 2005 

Here is a copy of the one I have modified to work.

Calvin
-- 
S i x  F e e t  U p  |  "Nowhere to go but open-source"
Silicon Valley: +1 (650) 401-8579  |  Midwest: +1 (317) 861-5948
Toll-Free: 1-866-SIX-FEET
mailto:calvin at sixfeetup.com
http://www.sixfeetup.com  |  Zope Hosting from $19.95/month
-------------- next part --------------
#!/bin/sh
#
# openvpn       This shell script takes care of starting and stopping
#               openvpn on FreeBSD
#
# description: OpenVPN is a robust and highly flexible tunneling application that
#              uses all of the encryption, authentication, and certification features
#              of the OpenSSL library to securely tunnel IP networks over a single
#              UDP port.
#

# Contributed to the OpenVPN project by
# Douglas Keller <doug at voidstar.dyndns.org>
# 2002.05.15
# FreeBSD version by Mikhail Levin <m_levin_99 at yahoo.com>
# 2005.01.20

# The init script does the following:
#
# - Starts an openvpn process for each .conf file it finds in
#   /usr/local/etc/openvpn/config
#
# - If /usr/local/etc/openvpn/config/xxx.sh exists for a xxx.conf file then it executes
#   it before starting openvpn (useful for doing openvpn --mktun...).
#
# - In addition to start/stop you can do:
#
#   /usr/local/etc/rc.d/openvpn.sh reload - SIGHUP
#   /usr/local/etc/rc.d/openvpn.sh reopen - SIGUSR1
#   /usr/local/etc/rc.d/openvpn.sh status - SIGUSR2

# Modifications 2003.05.02
#   * Changed == to = for sh compliance (Bishop Clark).
#   * If condrestart|reload|reopen|status, check that we were
#     actually started (James Yonan).
#   * Added lock, piddir, and work variables (James Yonan).
#   * If start is attempted twice, without an intervening stop, or
#     if start is attempted when previous start was not properly
#     shut down, then kill any previously started processes, before
#     commencing new start operation (James Yonan).
#   * Do a better job of flagging errors on start, and properly
#     returning success or failure status to caller (James Yonan).

# Location of openvpn binary
openvpn="/usr/local/sbin/openvpn"

# Lockfile
lock="/var/run/lock.openvpn"

# PID directory
piddir="/var/run"

# Our working directory
work=/usr/local/etc/openvpn/config

# Check that binary exists
if ! [ -f  $openvpn ] 
then
  echo 'openvpn binary not found'
  exit 0
fi

# See how we were called.
case "$1" in

 start)
  echo -n 'Starting openvpn: '

  echo -n 'if_tap '
  kldload if_tap
  echo ''

  if [ -f $lock ]
  then
   echo -n '(we were not shut down correctly) '

   for pidf in `/bin/ls $piddir/openvpn.*.pid 2>/dev/null`
   do
    if [ -s $pidf ]
    then
     kill `cat $pidf` >/dev/null 2>&1
    fi
    rm -f $pidf
   done

   rm -f $lock
   sleep 2
  fi

  rm -f $piddir/openvpn.*.pid
  cd $work

  # Start every .conf in $work and run .sh if exists

  errors=0
  successes=0

  for c in `/bin/ls *.conf 2>/dev/null`
  do
   bn=${c%%.conf}
   if [ -f "$bn.sh" ]
   then
    . $bn.sh
   fi

   rm -f $piddir/openvpn.$bn.pid
   $openvpn --daemon --writepid $piddir/openvpn.$bn.pid --config $c --cd $work
   if [ $? = 0 ]
   then
    successes=1
   else
    errors=1
   fi
  done
  
  if [ $errors = 1 ]
  then
   echo 'failure'
  else
   echo 'success'
  fi

  if [ $successes = 1 ]
  then
   touch $lock
  fi
  ;;

 stop)
  echo -n 'Shutting down openvpn: '

  for pidf in `/bin/ls $piddir/openvpn.*.pid 2>/dev/null`
  do
   if [ -s $pidf ]
   then
    kill `cat $pidf` >/dev/null 2>&1
   fi
   rm -f $pidf
  done
  echo -n 'success'
  rm -f $lock
  echo -n ' if_tap'
  kldunload if_tap
  echo ''
  ;;

 restart)
  $0 stop
  sleep 2
  $0 start
  ;;

 reload)
  if [ -f $lock ]
  then
   for pidf in `/bin/ls $piddir/openvpn.*.pid 2>/dev/null`
   do
    if [ -s $pidf ]
    then
     kill -HUP `cat $pidf` >/dev/null 2>&1
    fi
   done
  else
   echo 'openvpn: service not started'
   exit 1
  fi
  ;;

 reopen)
  if [ -f $lock ]
  then
   for pidf in `/bin/ls $piddir/openvpn.*.pid 2>/dev/null`
   do
    if [ -s $pidf ]
    then
     kill -USR1 `cat $pidf` >/dev/null 2>&1
    fi
    done
  else
   echo 'openvpn: service not started'
   exit 1
  fi
  ;;

 condrestart)
  if [ -f $lock ]
  then
   $0 stop
   # avoid race
   sleep 2
   $0 start
  fi
  ;;

 status)
  if [ -f $lock ]
  then
   for pidf in `/bin/ls $piddir/openvpn.*.pid 2>/dev/null`
   do
    if [ -s $pidf ]
    then
     kill -USR2 `cat $pidf` >/dev/null 2>&1
    fi
   done
   echo 'Status written to /var/log/messages'
   tail -n 3 /var/log/messages
  else
   echo 'openvpn: service not started'
   exit 1
  fi
  ;;

 *)
  echo 'Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}'
  exit 1
  ;;

esac

exit 0

More information about the freebsd-questions mailing list