adding an openvpn service

Post Reply
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

adding an openvpn service

Post by mimosa »

Pretty straightforward really - I followed Slackware's documentation (referenced in the script) and ironed out a kink or two. I'm using openresolv to avoid DNS leaks, which necessitates adding a few lines to the VPN-provided .ovpn file. So the rc.openvpn file calls a generic config that includes those and can be edited to point at the desired VPN configuration:

Code: Select all

mimosa[~]$ cat /etc/openvpn/openvpn.conf
# point to the actual config file we want
config /path/to/config.ovpn
#config /path/to/another.ovpn
#
#
# custom
script-security 2 #allows update-resolv-conf script to be called 
setenv PATH /usr/bin
up /etc/openvpn/update-resolv-conf #route DNS queries through the VPN by editing /etc/resolv.conf
down /etc/openvpn/update-resolv-conf #restore /etc/resolv.conf to whatever NetworkManager put there
log-append  /var/log/openvpn.log #create a cumulative log file
#
The effect is to connect automatically to the VPN on boot. If you wish to disconnect or restart, just do

Code: Select all

sudo service stop openvpn
or

Code: Select all

sudo service restart openvpn
And here is rc.openvpn:

Code: Select all

mimosa[~]$ cat /etc/rc.d/rc.openvpn 
#!/bin/sh 
# 
# /etc/rc.d/rc.openvpn 
# 
# Start/stop/restart openvpn 
#
# adapted from http://docs.slackware.com/howtos:network_services:openvpn
# openvpn.conf is a copy of the .ovpn file we wish to use, or points to it
 
ovpn_start() { 
  #echo "Starting OpenVPN:  /usr/sbin/openvpn openvpn.conf &" 
  if [ -x /usr/sbin/openvpn -a -r /etc/openvpn/openvpn.conf ]; then 
    /usr/sbin/openvpn /etc/openvpn/openvpn.conf 2>/dev/null &
  fi 
} 

ovpn_stop() { 
  killall openvpn 
} 

ovpn_restart() { 
  ovpn_stop 
  sleep 2 
  ovpn_start 
} 

case "$1" in 
'start') 
  ovpn_start 
  ;; 
'stop') 
  ovpn_stop 
  ;; 
'restart') 
  ovpn_restart 
  ;; 
*) 
  echo "Usage: $0 {start|stop|restart}" 
esac

#
# Exit with no errors.
#

exit 0
EDIT Don't forget to make it executable:

Code: Select all

sudo chmod +x /etc/rc.d/rc.openvpn
I found that when (re)starting the service manually, the message about what is being called sat there inelegantly, and I had to press enter to get a prompt; so I have commented it. However, this probably wouldn't be needed if I could spot my obvious mistake.

More seriously, as I went through various edits, the /etc/rc.d directory got some of those annoying .un~ files vim leaves behind it cluttering things up - and it didn't work. I suspect they were somehow picked up as "services" and executed alongside the real script. In any case, deleting them - including a hidden file on the same pattern - got things running smoothly.

After you first create the files, just as with any service, you need to start it, but it will then run automatically on boot:

Code: Select all

sudo service start openvpn
You can of course also turn it off again:

Code: Select all

sudo service stop openvpn
westms
Posts: 298
Joined: 17. Mar 2013, 18:51

Re: adding an openvpn service

Post by westms »

mimosa wrote:

Code: Select all

ovpn_start() {
  #echo "Starting OpenVPN:  /usr/sbin/openvpn openvpn.conf &"
  if [ -x /usr/sbin/openvpn -a -r /etc/openvpn/openvpn.conf ]; then
    /usr/sbin/openvpn /etc/openvpn/openvpn.conf 2>/dev/null &
  fi
}

I found that when (re)starting the service manually, the message about what is being called sat there inelegantly, and I had to press enter to get a prompt; so I have commented it. However, this probably wouldn't be needed if I could spot my obvious mistake.
This is not the echo command, but the call:

Code: Select all

/usr/sbin/openvpn /etc/openvpn/openvpn.conf 2>/dev/null &
The "inequality" occurs also with commented "#echo "Starting OpenVPN ...". Am I right?

Decent daemon processes go into the background automatically. Perhaps, you check whether OpenVPN does the same.
mimosa wrote:More seriously, as I went through various edits, the /etc/rc.d directory got some of those annoying .un~ files vim leaves behind it cluttering things up - and it didn't work. I suspect they were somehow picked up as "services" and executed alongside the real script. In any case, deleting them - including a hidden file on the same pattern - got things running smoothly.
In file ~/.vimrc, either set variable undodir to a different directory instead of default '.', e.g. /tmp, or set noundofile.

Code: Select all

:help undo

If you just feel like trying to explore something, maybe the behavior of the job control character '&', then try this test program:

Code: Select all

$ cat catentertainer
#!/bin/sh
#

cat_start() {
#  echo "Starting Cat: /bin/cat /etc/fstab &"
  if [ -x /bin/cat ]; then
    /bin/cat /etc/fstab &
  fi
}

cat_stop() {
  echo killall cat # <<-- a little change to avoid killing your cats
}

cat_restart() {
  cat_stop
  sleep 2
  cat_start
}

case $1 in
  start)
    cat_start
    ;;
  stop)
    cat_stop
    ;;
  restart)
    cat_restart
    ;;
  *)
    echo "Usage: $0 {start|stop|restart}"
esac

exit 0
It is easier to test the sequence with a harmless little program instead of with a chunk.
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: adding an openvpn service

Post by mimosa »

Thanks westms, I'll play with that in a free moment!

Quoting the 'echo' does indeed seem to stop the unevenness ... like you, I am at a loss as to why.
User avatar
maximus
Posts: 141
Joined: 2. Sep 2009, 01:41

Re: adding an openvpn service

Post by maximus »

Hey mimosa, this page helped me a lot setting up an openvpn service (good slackware-related blog too)

https://blog.paranoidpenguin.net/2014/1 ... 4-1-setup/

Here is a link to the rc file used:

https://blog.paranoidpenguin.net/openvpn/rc.openvpn

It will automagically run any .conf file it finds in the directory you specify.

Good luck!
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: adding an openvpn service

Post by mimosa »

Thanks maximus, that's interesting - though I don't understand why you'd want to run more than one openvpn process at once?

Here's a package for openresolv:

Code: Select all

http://people.salixos.org/mimosa/packages/openresolv/3.8.1/
For some reason, I think this didn't make it to the 14.2 repositories.

I suspect that calling openvpn with the --daemon switch, as in this rc.openvpn, might fix the "unevenness" I saw when restarting the service.
User avatar
maximus
Posts: 141
Joined: 2. Sep 2009, 01:41

Re: adding an openvpn service

Post by maximus »

You might want to connect simultaneously through different VPN's to access shared network resources in seperate locations. I'm sure there are other use cases, personally I have no need to run simultaneous VPN connections.

You can specify "daemon" in the openvpn conf file, in which case I would imagine adding the --daemon modifier in the RC would be redundant.
Post Reply