OpenVPN: Start/Stop individual instance/tunnel

I have multiple OpenVPN tunnels created between two networks on gateway devices running OpenWrt.

I need to start/stop an individual instance defined in a section in /etc/config/openvpn without disturbing other tunnels.

On reading through the /etc/init.d/openvpn, I am able to understand that I can start an individual instance by issuing "/etc/init.d/openvpn start section_name", but it is not possible to stop it through the init script.

I tried to send it TERM signal as described here:

https://openwrt.org/docs/guide-developer/procd-init-scripts

#!/bin/sh

PROCD_DEBUG=1
. /lib/functions/procd.sh

procd_send_signal openvpn tunnel2 SIGTERM

But I receive the following output and no signal is sent:

{ "name": "openvpn", "instance": "tunnel2", "signal": 0 }
Command failed: Not found

On modifying the script as below with no instance name and no specific signal:

#!/bin/sh

PROCD_DEBUG=1
. /lib/functions/procd.sh

procd_send_signal openvpn

It successfully sends SIGHUP to all the instances of OpenVPN.

Is there something that I am doing wrong or is it an issue with the ubus / procd that they are not able to honour the command passed to them?

Any help/pointers much appreciated. Thanks in advance.

Can you share the output of ubus call service list?

1 Like

Thanks a ton!!!

Instances are not by the names of the sections, but by the sequence!

Here is the relevant output as you requested:

        "openvpn": {
                "instances": {
                        "instance1": {
                                "running": true,
                                "pid": 18678,
                                "command": [
                                        "\/usr\/sbin\/openvpn",
                                        "--syslog",
                                        "openvpn(tunnel1)",
                                        "--status",
                                        "\/var\/run\/openvpn.tunnel1.status",
                                        "--cd",
                                        "\/var\/etc",
                                        "--config",
                                        "openvpn-tunnel1.conf"
                                ],
                                "term_timeout": 5,
                                "respawn": {
                                        "threshold": 3600,
                                        "timeout": 5,
                                        "retry": -1
                                }
                        },
                        "instance2": {
                                "running": true,
                                "pid": 3199,
                                "command": [
                                        "\/usr\/sbin\/openvpn",
                                        "--syslog",
                                        "openvpn(tunnel2)",
                                        "--status",
                                        "\/var\/run\/openvpn.tunnel2.status",
                                        "--cd",
                                        "\/var\/etc",
                                        "--config",
                                        "openvpn-tunnel2.conf"
                                ],
                                "term_timeout": 5,
                                "respawn": {
                                        "threshold": 3600,
                                        "timeout": 5,
                                        "retry": -1
                                }
                        }
                }
        },

And following works flawlessly:

/etc/init.d/openvpn stop instance1
/etc/init.d/openvpn start instance1

So, the instances are always in the sequence the sections are defined in the config? Any way to call them by section names?

Yes

Try editing the init script and change procd_open_instance into procd_open_instance "$name"

1 Like

Great! Thank you so much. It is working by name as well. You made my day :slightly_smiling_face:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.