On 03/11/2010 04:42:07 PM, Stefan Monnier wrote:
> I find the effort would be better spent on working with other people
> trying to make sure that ifplugd/NetworkManager/distributions/...
> make
> this setup as troublefree as possible.
Exactly.
As an example appended is a 47 line patch to the Debian Lenny
/etc/init.d/openvpn that should be against sid,
is untested, needs cleanup to get documentation
where it belongs, and probably does not work.
But something like it could probably be made to work.
It's an example, and may be a bad example at that.
I'm not going to make it work or ship it off
to Debian for consideration.
It does not use ifplugd, instead relying on ifup/down
to do the right thing to ensure that the dhcp client
keeps configuring the interface in the event
of trouble. I've no clue whether that's really
something that ifup/down is supposed to handle. Perhaps instead
of this it should be calling some helper function
that does the same thing that ifup/down does to
decide what dhcp client to use (working with
the ifupdown people) and then call
ifplugd with the result.
So it's nothing but an idea at this point but
and idea which is probably 2 orders of magnitude
less code than would be required to integrate a
dhcp client into openvpn. Repeat for RedHat
(and again for Suse?) and you cover, at a guess
80% of the Un*x world and provide plenty of examples
for the maintainers of other distros/OSs
(BSD, Solaris, etc.) to follow. The point
being to help the people who are responsible for
systems integration do the integrating because
they will do a better job in the diverse Un*x
world out there. Even better the task
of maintaining the code gets pushed out
to the distros further reducing the eventual
work required by, according to estimates, 70%.
Reap the benefits of engauging with the larger
FOSS community, not just the OpenVPN community.
Without the larger community OpenVPN would,
at minimum, be greatly diminished. It makes
sense to reach out.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
----------------<snip>-------------------
--- /etc/init.d/openvpn 2008-09-17 06:54:05.000000000 -0500
+++ openvpn 2010-03-11 17:47:23.000000000 -0600
@@ -31,6 +31,17 @@
. /etc/default/openvpn
fi
+set_tap () {
+ TAP=$(grep '^[[:space]]*dev[[:space]]+tap' \
+ $CONFIG_DIR/$NAME.conf \
+ | awk '{print $2;};')
+}
+
+tap_needs_dhcp () {
+ [ -n "$TAP" ] \
+ && grep -q '^[[:space::]]*route-gateway[[:space:]]+dhcp
[[:space:]]|$'
+}
+
start_vpn () {
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
# daemon already given in config file
@@ -62,9 +73,26 @@
$DAEMON $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf || STATUS=1
+
+ # This only works if a specific tap device is
+ # configured and the interfaces file has it configured
+ # with dhcp and noauto. (This note should be in
+ # /usr/share/doc/openvpn/README.Debian.)
+ set_tap
+ if tap_needs_dhcp ; then
+ # Start a dhcp daemon to configure the
+ # new interface.
+ ifup $TAP
+ fi
fi
}
stop_vpn () {
+ set_tap
+ if tap_needs_dhcp ; then
+ # kill the dhcp daemon by shutting down the tap
+ # interface.
+ ifdown $TAP || true
+ fi
kill `cat $PIDFILE` || true
rm -f $PIDFILE
rm -f /var/run/openvpn.$NAME.status 2> /dev/null
