Commit f80c232c authored by Carlo Landmeter's avatar Carlo Landmeter

main/openvpn: multiple changes like ipv6 and new initd

added ipv6 patch from: http://www.greenie.net/ipv6/openvpn.html
move easy-rsa into subpkg and depend on openssl
update init.d and conf.d from latest gentoo release
added up/down scripts from latest gentoo release

ref #618
parent 21bbd56f
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openvpn
pkgver=2.2.0
pkgrel=0
pkgrel=1
pkgdesc="A robust, and highly configurable VPN (Virtual Private Network)"
url="http://openvpn.sourceforge.net/"
arch="all"
license="custom"
subpackages="$pkgname-doc"
subpackages="$pkgname-doc $pkgname-easy-rsa:easy_rsa"
depends="iproute2"
makedepends="openssl-dev lzo-dev"
install=
source="http://swupdate.openvpn.net/community/releases/$pkgname-$pkgver.tar.gz
openvpn.initd
openvpn.confd
openvpn.up
openvpn.down
openvpn-2.2.0-ipv6-20110522-1.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
local i
cd "$_builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
build() {
cd "$_builddir"
./configure --prefix=/usr \
--mandir=/usr/share/man \
--sysconfdir=/etc/openvpn \
--enable-ssl \
--enable-crypto \
--disable-threads \
......@@ -39,20 +55,42 @@ package() {
install -d "$pkgdir"/usr/lib/$pkgname
cp plugin/*/*.so "$pkgdir"/usr/lib/$pkgname
# install easy-rsa
sed -i -e 's/--directory/-d/g; s/--mode=/-m/g' easy-rsa/2.0/Makefile
sed -i -e '1s|#!/bin/bash|#!/bin/sh|' easy-rsa/2.0/*
make -C easy-rsa/2.0 DESTDIR="$pkgdir" \
PREFIX=etc/openvpn/easy-rsa \
install
# install examples
mkdir -p "$pkgdir"/usr/share/doc/$pkgname/examples
cp -a sample-config-files "$pkgdir"/usr/share/doc/$pkgname/examples
install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
# install init.d
install -Dm755 ../openvpn.initd "$pkgdir"/etc/init.d/openvpn
# install init.d and conf.d
install -Dm755 "$srcdir"/openvpn.initd "$pkgdir"/etc/init.d/openvpn
install -Dm644 "$srcdir"/openvpn.confd "$pkgdir"/etc/conf.d/openvpn
# install up and down scripts
install -Dm755 "$srcdir"/openvpn.up "$pkgdir"/etc/openvpn/up.sh
install -Dm755 "$srcdir"/openvpn.down "$pkgdir"/etc/openvpn/down.sh
}
easy_rsa() {
pkgdesc="OpenVPN RSA key management"
# easy rsa can by usefull on systems
# which do not have openvpn installed
depends="openssl"
# install easy-rsa
cd "$_builddir"
sed -i -e 's/--directory/-d/g; s/--mode=/-m/g' easy-rsa/2.0/Makefile
sed -i -e '1s|#!/bin/bash|#!/bin/sh|' easy-rsa/2.0/*
make -C easy-rsa/2.0 DESTDIR="$subpkgdir" \
PREFIX=usr/share/doc/openvpn/easy-rsa \
install
}
doc() {
default_doc
}
md5sums="4f440603eac45fec7be218b87d570834 openvpn-2.2.0.tar.gz
020376f1e7ed6b4adbe20cf5ff774856 openvpn.initd"
ec99092827faa7226e9f548c2cd1d20c openvpn.initd
9eca88cac6294027ec1bb7be74185c3a openvpn.confd
dc72fecd1a1bcef937603057cd6574b1 openvpn.up
dc3ff0bae442b9aedd947b8ffda1687a openvpn.down
25172fa251672edc3f7a277b5d7f3f72 openvpn-2.2.0-ipv6-20110522-1.patch"
This diff is collapsed.
# OpenVPN automatically creates an /etc/resolv.conf (or sends it to
# resolvconf) if given DNS information by the OpenVPN server.
# Set PEER_DNS="no" to stop this.
PEER_DNS="yes"
# OpenVPN can run in many modes. Most people will want the init script
# to automatically detect the mode and try and apply a good default
# configuration and setup scripts. However, there are cases where the
# OpenVPN configuration looks like a client, but it's really a peer or
# something else. DETECT_CLIENT controls this behaviour.
DETECT_CLIENT="yes"
# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn
# init script (ie, it first becomes "inactive" and the script then starts the
# script again to make it "started") then you can state this below.
# In other words, unless you understand service dependencies and are a
# competent shell scripter, don't set this.
RE_ENTER="no"
#!/bin/sh
# Copyright (c) 2006-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# Contributed by Roy Marples (uberlord@gentoo.org)
# If we have a service specific script, run this now
if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
/etc/openvpn/"${SVCNAME}"-down.sh "$@"
fi
# Restore resolv.conf to how it was
if [ "${PEER_DNS}" != "no" ]; then
if [ -x /sbin/resolvconf ] ; then
/sbin/resolvconf -d "${dev}"
elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then
# Important that we copy instead of move incase resolv.conf is
# a symlink and not an actual file
cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
rm -f /etc/resolv.conf-"${dev}".sv
fi
fi
if [ -n "${SVCNAME}" ]; then
# Re-enter the init script to start any dependant services
if /etc/init.d/"${SVCNAME}" --quiet status ; then
export IN_BACKGROUND=true
/etc/init.d/"${SVCNAME}" --quiet stop
fi
fi
exit 0
# vim: ts=4 :
......@@ -2,9 +2,9 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
VPNDIR="/etc/openvpn"
VPN="${SVCNAME#*.}"
if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then
VPNDIR=${VPNDIR:-/etc/openvpn}
VPN=${SVCNAME#*.}
if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
VPNPID="/var/run/openvpn.${VPN}.pid"
else
VPNPID="/var/run/openvpn.pid"
......@@ -13,51 +13,121 @@ VPNCONF="${VPNDIR}/${VPN}.conf"
depend() {
need localmount net
before netmount
after bootmisc firewall
use dns
after bootmisc
}
checktundevice() {
if [ ! -e /dev/net/tun ]; then
if ! modprobe tun ; then
eerror "TUN/TAP support is not available in this kernel"
return 1
checkconfig() {
# Linux has good dynamic tun/tap creation
if [ $(uname -s) = "Linux" ] ; then
if [ ! -e /dev/net/tun ]; then
if ! modprobe tun ; then
eerror "TUN/TAP support is not available" \
"in this kernel"
return 1
fi
fi
if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
ebegin "Detected broken /dev/net/tun symlink, fixing..."
rm -f /dev/net/tun
ln -s /dev/misc/net/tun /dev/net/tun
eend $?
fi
return 0
fi
if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
ebegin "Detected broken /dev/net/tun symlink, fixing..."
rm -f /dev/net/tun
ln -s /dev/misc/net/tun /dev/net/tun
eend $?
# Other OS's don't, so we rely on a pre-configured interface
# per vpn instance
local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}")
if [ -z ${ifname} ] ; then
eerror "You need to specify the interface that this openvpn" \
"instance should use" \
"by using the dev option in ${VPNCONF}"
return 1
fi
if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
# Try and create it
echo > /dev/"${ifname}" >/dev/null
fi
if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
eerror "${VPNCONF} requires interface ${ifname}" \
"but that does not exist"
return 1
fi
}
start() {
# If we are re-called by the openvpn gentoo-up.sh script
# then we don't actually want to start openvpn
[ "${IN_BACKGROUND}" = "true" ] && return 0
ebegin "Starting ${SVCNAME}"
checktundevice || return 1
if [ ! -e "${VPNCONF}" ]; then
eend 1 "${VPNCONF} does not exist"
return 1
fi
checkconfig || return 1
local args=""
local args="" reenter=${RE_ENTER:-no}
# If the config file does not specify the cd option, we do
# But if we specify it, we override the config option which we do not want
if ! grep -q "^[ \t]*cd[ \t].*" "${VPNCONF}" ; then
if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then
args="${args} --cd ${VPNDIR}"
fi
# We mark the service as inactive and then start it.
# When we get an authenticated packet from the peer then we run our script
# which configures our DNS if any and marks us as up.
if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then
reenter="yes"
args="${args} --up-delay --up-restart"
args="${args} --script-security 2"
args="${args} --up /etc/openvpn/up.sh"
args="${args} --down-pre --down /etc/openvpn/down.sh"
# Warn about setting scripts as we override them
if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then
ewarn "WARNING: You have defined your own up/down scripts"
ewarn "As you're running as a client, we now force Alpine specific"
ewarn "scripts to be run for up and down events."
ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
ewarn "where you can put your own code."
fi
# Warn about the inability to change ip/route/dns information when
# dropping privs
if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then
ewarn "WARNING: You are dropping root privileges!"
ewarn "As such openvpn may not be able to change ip, routing"
ewarn "or DNS configuration."
fi
else
# So we're a server. Run as openvpn unless otherwise specified
grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn"
grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn"
fi
# Ensure that our scripts get the PEER_DNS variable
[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"
[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon ${args}
-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
--setenv SVCNAME "${SVCNAME}" ${args}
eend $? "Check your logs to see why startup failed"
}
stop() {
# If we are re-called by the openvpn gentoo-down.sh script
# then we don't actually want to stop openvpn
if [ "${IN_BACKGROUND}" = "true" ] ; then
mark_service_inactive "${SVCNAME}"
return 0
fi
ebegin "Stopping ${SVCNAME}"
start-stop-daemon --stop --exec /usr/sbin/openvpn --pidfile "${VPNPID}"
start-stop-daemon --stop --quiet \
--exec /usr/sbin/openvpn --pidfile "${VPNPID}"
eend $?
}
# vim: ts=4
# vim: set ts=4 :
#!/bin/sh
# Copyright (c) 2006-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# Contributed by Roy Marples (uberlord@gentoo.org)
# Setup our resolv.conf
# Vitally important that we use the domain entry in resolv.conf so we
# can setup the nameservers are for the domain ONLY in resolvconf if
# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc.
# nscd/libc users will get the VPN nameservers before their other ones
# and will use the first one that responds - maybe the LAN ones?
# non resolvconf users just the the VPN resolv.conf
# FIXME:- if we have >1 domain, then we have to use search :/
# We need to add a flag to resolvconf to say
# "these nameservers should only be used for the listed search domains
# if other global nameservers are present on other interfaces"
# This however, will break compatibility with Debians resolvconf
# A possible workaround would be to just list multiple domain lines
# and try and let resolvconf handle it
if [ "${PEER_DNS}" != "no" ]; then
NS=
DOMAIN=
SEARCH=
i=1
while true ; do
eval opt=\$foreign_option_${i}
[ -z "${opt}" ] && break
if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
if [ -z "${DOMAIN}" ] ; then
DOMAIN="${opt#dhcp-option DOMAIN *}"
else
SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
fi
elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
fi
i=$((${i} + 1))
done
if [ -n "${NS}" ] ; then
DNS="# Generated by openvpn for interface ${dev}\n"
if [ -n "${SEARCH}" ] ; then
DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
elif [ -n "${DOMAIN}" ]; then
DNS="${DNS}domain ${DOMAIN}\n"
fi
DNS="${DNS}${NS}"
if [ -x /sbin/resolvconf ] ; then
printf "${DNS}" | /sbin/resolvconf -a "${dev}"
else
# Preserve the existing resolv.conf
if [ -e /etc/resolv.conf ] ; then
cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
fi
printf "${DNS}" > /etc/resolv.conf
chmod 644 /etc/resolv.conf
fi
fi
fi
# Below section is Gentoo specific
# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
# as we could have >1 openvpn service
if [ -n "${SVCNAME}" ]; then
# If we have a service specific script, run this now
if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then
/etc/openvpn/"${SVCNAME}"-up.sh "$@"
fi
# Re-enter the init script to start any dependant services
if ! /etc/init.d/"${SVCNAME}" --quiet status ; then
export IN_BACKGROUND=true
/etc/init.d/${SVCNAME} --quiet start
fi
fi
exit 0
# vim: ts=4 :
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment