aboutsummaryrefslogtreecommitdiffstats
path: root/security/openvpn/files/openvpn.sh.in
blob: 6e88286ad51c73e696c8fafcf803e8041bdea311 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/bin/sh
#
# openvpn.sh - load tun/tap driver and start OpenVPN daemon
#
# (C) Copyright 2005 - 2008, 2010 by Matthias Andree
# based on suggestions by Matthias Grimm and Dirk Gouders
# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev
# and Vasil Dimov
# softrestart feature suggested by Nick Hibma
#
# $FreeBSD$
# 
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
# Street, Fifth Floor, Boston, MA 02110-1301, USA.

# PROVIDE: openvpn
# REQUIRE: DAEMON
# KEYWORD: shutdown

# -----------------------------------------------------------------------------
#
# This script supports running multiple instances of openvpn.
# To run additional instances link this script to something like
# % ln -s openvpn openvpn_foo
# and define additional openvpn_foo_* variables in one of
# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo
#
# Below NAME should be substituted with the name of this script. By default
# it is openvpn, so read as openvpn_enable. If you linked the script to
# openvpn_foo, then read as openvpn_foo_enable etc.
#
# The following variables are supported (defaults are shown).
# You can place them in any of
# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME
#
# NAME_enable="NO"  # set to YES to enable openvpn
# NAME_if=      # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# NAME_flags=               # additional command line arguments
# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf"    # --config file
# NAME_dir="%%PREFIX%%/etc/openvpn" # --cd directory
#
# You also need to set NAME_configfile and NAME_dir, if the configuration
# file and directory where keys and certificates reside differ from the above
# settings.
#
# Note that we deliberately refrain from unloading drivers.
#
# For further documentation, please see openvpn(8).
#

. /etc/rc.subr

case "$0" in
/etc/rc*)
    # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown),
    # so get the name of the script from $_file
    name="$_file"
    ;;
*)
    name="$0"
    ;;
esac

name="${name##*/}"

rcvar=$(set_rcvar)

openvpn_precmd()
{
    for i in $interfaces ; do
        if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 ; then
            if ! kldload if_${i} ; then
                warn "Could not load $i module."
                return 1
            fi
        fi
    done
    return 0
}

stop_postcmd()
{
    rm -f "$pidfile" || warn "Could not remove $pidfile."
}

softrestart()
{
    sig_reload=USR1 run_rc_command reload
    exit $?
}

# reload: support SIGHUP to reparse configuration file
# softrestart: support SIGUSR1 to reconnect without superuser privileges
extra_commands="reload softrestart"
softrestart_cmd="softrestart"

# pidfile
pidfile="/var/run/${name}.pid"

# command and arguments
command="%%PREFIX%%/sbin/openvpn"

# run this first
start_precmd="openvpn_precmd"
# and this last
stop_postcmd="stop_postcmd"

load_rc_config ${name}

eval ": \${${name}_enable:=\"NO\"}"
eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}"
eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}"

configfile="$(eval echo \${${name}_configfile})"
dir="$(eval echo \${${name}_dir})"
interfaces="$(eval echo \${${name}_if})"

required_files=${configfile}
command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile}"

run_rc_command "$1"