mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-13 00:10:21 +00:00
cdb25bcef3
If using a configuration file for OpenVPN, allow overriding name of the interface. The reason is that then people could use configuration file provided by VPN provider directly and override the name of the interface to include it in correct firewall zone without need to alter the configuration file. Signed-off-by: Michal Hrusecky <michal@hrusecky.net> (cherry picked from commit c93667358515ec078ef4ac96393623ac084e5c9e)
210 lines
4.7 KiB
Bash
210 lines
4.7 KiB
Bash
#!/bin/sh /etc/rc.common
|
|
# Copyright (C) 2008-2013 OpenWrt.org
|
|
# Copyright (C) 2008 Jo-Philipp Wich
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
|
|
START=90
|
|
STOP=10
|
|
|
|
USE_PROCD=1
|
|
PROG=/usr/sbin/openvpn
|
|
|
|
LIST_SEP="
|
|
"
|
|
|
|
UCI_STARTED=
|
|
UCI_DISABLED=
|
|
|
|
append_param() {
|
|
local s="$1"
|
|
local v="$2"
|
|
case "$v" in
|
|
*_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
|
|
*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
|
|
*_*) v=${v%%_*}-${v#*_} ;;
|
|
esac
|
|
echo -n "$v" >> "/var/etc/openvpn-$s.conf"
|
|
return 0
|
|
}
|
|
|
|
append_bools() {
|
|
local p; local v; local s="$1"; shift
|
|
for p in $*; do
|
|
config_get_bool v "$s" "$p"
|
|
[ "$v" = 1 ] && append_param "$s" "$p" && echo >> "/var/etc/openvpn-$s.conf"
|
|
done
|
|
}
|
|
|
|
append_params() {
|
|
local p; local v; local s="$1"; shift
|
|
for p in $*; do
|
|
config_get v "$s" "$p"
|
|
IFS="$LIST_SEP"
|
|
for v in $v; do
|
|
[ -n "$v" ] && [ "$p" != "push" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf"
|
|
[ -n "$v" ] && [ "$p" == "push" ] && append_param "$s" "$p" && echo " \"$v\"" >> "/var/etc/openvpn-$s.conf"
|
|
done
|
|
unset IFS
|
|
done
|
|
}
|
|
|
|
append_list() {
|
|
local p; local v; local s="$1"; shift
|
|
|
|
list_cb_append() {
|
|
v="${v}:$1"
|
|
}
|
|
|
|
for p in $*; do
|
|
unset v
|
|
config_list_foreach "$s" "$p" list_cb_append
|
|
[ -n "$v" ] && append_param "$s" "$p" && echo " ${v:1}" >> "/var/etc/openvpn-$s.conf"
|
|
done
|
|
}
|
|
|
|
section_enabled() {
|
|
config_get_bool enable "$1" 'enable' 0
|
|
config_get_bool enabled "$1" 'enabled' 0
|
|
[ $enable -gt 0 ] || [ $enabled -gt 0 ]
|
|
}
|
|
|
|
openvpn_get_dev() {
|
|
local dev dev_type
|
|
local name="$1"
|
|
local conf="$2"
|
|
|
|
# Do override only for configurations with config_file
|
|
config_get config_file "$name" config
|
|
[ -n "$config_file" ] || return
|
|
|
|
# Check there is someething to override
|
|
config_get dev "$name" dev
|
|
config_get dev_type "$name" dev_type
|
|
[ -n "$dev" ] || return
|
|
|
|
# If there is a no dev_type, try to guess it
|
|
if [ -z "$dev_type" ]; then
|
|
. /lib/functions/openvpn.sh
|
|
|
|
local odev odev_type
|
|
get_openvpn_option "$conf" odev dev
|
|
get_openvpn_option "$conf" odev_type dev-type
|
|
[ -n "$odev_type" ] || odev_type="$odev"
|
|
|
|
case "$odev_type" in
|
|
tun*) dev_type="tun" ;;
|
|
tap*) dev_type="tap" ;;
|
|
*) return;;
|
|
esac
|
|
fi
|
|
|
|
# Return overrides
|
|
echo "--dev-type $dev_type --dev $dev"
|
|
}
|
|
|
|
openvpn_add_instance() {
|
|
local name="$1"
|
|
local dir="$2"
|
|
local conf="$3"
|
|
local security="$4"
|
|
|
|
procd_open_instance "$name"
|
|
procd_set_param command "$PROG" \
|
|
--syslog "openvpn($name)" \
|
|
--status "/var/run/openvpn.$name.status" \
|
|
--cd "$dir" \
|
|
--config "$conf" \
|
|
--up "/usr/libexec/openvpn-hotplug up $name" \
|
|
--down "/usr/libexec/openvpn-hotplug down $name" \
|
|
--script-security "${security:-2}" \
|
|
$(openvpn_get_dev "$name" "$conf")
|
|
procd_set_param file "$dir/$conf"
|
|
procd_set_param term_timeout 15
|
|
procd_set_param respawn
|
|
procd_append_param respawn 3600
|
|
procd_append_param respawn 5
|
|
procd_append_param respawn -1
|
|
procd_close_instance
|
|
}
|
|
|
|
start_instance() {
|
|
local s="$1"
|
|
|
|
config_get config "$s" config
|
|
config="${config:+$(readlink -f "$config")}"
|
|
|
|
section_enabled "$s" || {
|
|
append UCI_DISABLED "$config" "$LIST_SEP"
|
|
return 1
|
|
}
|
|
|
|
local script_security
|
|
config_get script_security "$s" script_security
|
|
|
|
[ ! -d "/var/run" ] && mkdir -p "/var/run"
|
|
|
|
if [ ! -z "$config" ]; then
|
|
append UCI_STARTED "$config" "$LIST_SEP"
|
|
openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security"
|
|
return
|
|
fi
|
|
|
|
[ ! -d "/var/etc" ] && mkdir -p "/var/etc"
|
|
[ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf"
|
|
|
|
append_bools "$s" $OPENVPN_BOOLS
|
|
append_params "$s" $OPENVPN_PARAMS
|
|
append_list "$s" $OPENVPN_LIST
|
|
|
|
openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security"
|
|
}
|
|
|
|
start_service() {
|
|
local instance="$1"
|
|
local instance_found=0
|
|
|
|
config_cb() {
|
|
local type="$1"
|
|
local name="$2"
|
|
if [ "$type" = "openvpn" ]; then
|
|
if [ -n "$instance" -a "$instance" = "$name" ]; then
|
|
instance_found=1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
. /usr/share/openvpn/openvpn.options
|
|
config_load 'openvpn'
|
|
|
|
if [ -n "$instance" ]; then
|
|
[ "$instance_found" -gt 0 ] || return
|
|
start_instance "$instance"
|
|
else
|
|
config_foreach start_instance 'openvpn'
|
|
|
|
local path name
|
|
for path in /etc/openvpn/*.conf; do
|
|
if [ -f "$path" ]; then
|
|
name="${path##*/}"; name="${name%.conf}"
|
|
|
|
# don't start configs again that are already started by uci
|
|
if echo "$UCI_STARTED" | grep -qxF "$path"; then
|
|
continue
|
|
|
|
# don't start configs which are set to disabled in uci
|
|
elif echo "$UCI_DISABLED" | grep -qxF "$path"; then
|
|
logger -t openvpn "$name.conf is disabled in /etc/config/openvpn"
|
|
continue
|
|
fi
|
|
|
|
openvpn_add_instance "$name" "${path%/*}" "$path"
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
service_triggers() {
|
|
procd_add_reload_trigger openvpn
|
|
}
|