Topic: OpenVPN Startup Script... bug in stop?

The content of this topic has been archived on 10 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

Bill_MI

29 Sep 2007, 15:49

...or my ignorance?

Stop (/etc/init.d/openvpn stop) isn't working as seen in ps. All other functions seem to work fine. Since more advanced scripting with pid control is used, I'm lost to see how it's supposed to work.

Does anyone see the problem?

/etc/init.d/openvpn

#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org

START=70
BIN=openvpn
DEFAULT=/etc/default/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid

start() {
        [ -f $DEFAULT ] && . $DEFAULT
        mkdir -p $RUN_D
        $BIN $OPTIONS
}

stop() {
        [ -f $PID_F ] && kill $(cat $PID_F)
}

AH! I did discover /var/run/openvpn.pid DOES NOT EXIST. But I'm very fuzzy why it should. I know I can hack a killall but trying to understand what I'm missing.

root@OpenWrt:~# ps -A | grep vpn
  444 root        308 S   grep vpn
root@OpenWrt:~# /etc/init.d/openvpn start
root@OpenWrt:~# ps -A | grep vpn
  451 nobody     1420 S   openvpn --config /etc/openvpn/server.conf --daemon
root@OpenWrt:~# ls /var/run
dnsmasq.pid   dropbear.pid  nas.wl0.pid
root@OpenWrt:~#

Kamikaze 7.07
OpenVPN 2.0.9-2 standard package
WRT54G v4

Last, my tap0 is not setup yet (I use bridging) but OpenVPN log shows no errors... can this be the problem?

I'm trying to understand and stay within the /etc/init.d/openvpn script supplied with the OpenVPN 2.0.9 standard package in Kamikaze 7.07 (rather than hacking my own ).

TIA

(Last edited by Bill_MI on 29 Sep 2007, 17:00)

Post #2

tomage

29 Sep 2007, 23:24

Hi,

I noticed the same with the PID file. Actually, instead of playing with killall I added the following parameter in my server.conf file :

writepid /var/run/openvpn.pid

Then, everything was working well for me...

Hope this will give you some clues!

Post #3

Bill_MI

29 Sep 2007, 23:52

Hey, thanks! That also works here. Perhaps it could be added in that strange /etc/default/openvpn entity that gets in this mix.

Except... I'm finding more to it. The stop option of the rc.common wrapper seems incapable of executing more than 1 line(?)

/etc/init.d/openvpn (my try)

#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org

START=70

start() {
    openvpn --mktun --dev tap0
    brctl addif br-lan tap0
    ifconfig tap0 up
    openvpn --config /etc/openvpn/server.conf --daemon
}

stop() {
    killall -q openvpn
    echo "sleeping 10"
    sleep 10
    ifconfig tap0 down
    brctl delif br-lan tap0
    openvpn --rmtun --dev tap0
}

Only the killall gets executed on stop. I never see the echo and the tap0 interface never gets torn down. I inserted the sleep for debug.

I notice all the usual startup scripts typically have a one-line kill. Is "stop" not capable of multiple lines?

(Last edited by Bill_MI on 30 Sep 2007, 00:11)

Post #4

tomage

30 Sep 2007, 01:06

Yes, I agree: maybe it would be better to put an option like "--writepid=..." in the /etc/openvpn/default file. Maybe it's more coherent.

About your problem of stop script. When you call "killall openvpn", it kills all the processes having that name... /etc/init.t/openvpn creates also a process which name contains "openvpn". Therefore, your init script kills itself! Poor script committing suicide...

Here is mine, which works perfectly:

CONFIG="/etc/openvpn/server.conf"
OPTIONS="--config $CONFIG --daemon"
root@routeur:/mnt# cat /etc/init.d/openvpn 
#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org

START=70
BIN=openvpn
DEFAULT=/etc/default/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid

start() {
        [ -f $DEFAULT ] && . $DEFAULT
        mkdir -p $RUN_D
        /etc/openvpn/startupscript up
        $BIN $OPTIONS
}

stop() {
        [ -f $PID_F ] && kill $(cat $PID_F)
        /etc/openvpn/startupscript down
}

It shows that all the lines are executed when calling the stop block

Here is the "startupscript", actually taken from the official openvpn website (or the openwrt wiki, I don't remember):

#!/bin/sh

#/etc/openvpn/startupscript
# OpenVPN Bridge Config File
# Creates TAP devices for use by OpenVPN and bridges them into OpenWRT Bridge
# Taken from http://openvpn.net/bridge.html

# Define Bridge Interface
# Preexisting on OpenWRT
br="br-lan"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

case "$1" in
        up)
                # Make sure module is loaded
                insmod tun

                # Build tap devices
                for t in $tap; do
                    openvpn --mktun --dev $t
                done

                # Add TAP interfaces to OpenWRT bridge

                for t in $tap; do
                    brctl addif $br $t
                done

                #Configure bridged interfaces

                for t in $tap; do
                    ifconfig $t 0.0.0.0 promisc up
                done
        ;;
        down)
                for t in $tap; do
                    ifconfig $t 0.0.0.0 down
                done

                for t in $tap; do
                    brctl delif $br $t
                done

                for t in $tap; do
                    openvpn --rmtun --dev $t
                done

                rmmod tun
        ;;
        *)
                echo "$0 {up|down}"
        ;;
esac

(Last edited by tomage on 30 Sep 2007, 01:11)

Post #5

Bill_MI

30 Sep 2007, 02:42

LOL! A classic suicide script! Thanks for the red mark on the forehead (smacking self..)

As you can see I was attempting to tear down the whole tap interface when stopping it. Not imperative, just a little goal to try and make it complete and bulletproof. Thanks much for the ideas.

Post #6

Bill_MI

30 Sep 2007, 03:24

Here's what looks good at the moment.

/etc/init.d/openvpn

#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org

START=70
BIN=openvpn
DEFAULT=/etc/default/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid

start() {
        [ -f $DEFAULT ] && . $DEFAULT
        mkdir -p $RUN_D
        $BIN --mktun --dev tap0
        brctl addif br-lan tap0
        ifconfig tap0 up
        $BIN $OPTIONS --writepid $PID_F
}

stop() {
        [ -f $PID_F ] && kill $(cat $PID_F)
        ifconfig tap0 down
        brctl delif br-lan tap0
        $BIN --rmtun --dev tap0
}

EDIT: Then it suddenly occurs to me the --writepid could be added to the execute line and /etc/default/openvpn left stock. I've changed it accordingly.

I like this solution - only /etc/init.d/openvpn is altered.

(Last edited by Bill_MI on 30 Sep 2007, 03:44)

Post #7

Bill_MI

2 Oct 2007, 13:33

In case anyone cares, Kamikaze 7.09 does add the --writepid:

/etc/init.d/openvpn

#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org

START=70
BIN=openvpn
DEFAULT=/etc/default/$BIN
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid

start() {
    [ -f $DEFAULT ] && . $DEFAULT
    mkdir -p $RUN_D
    $BIN --writepid $RUN_D/$BIN.pid --daemon $OPTIONS
}

stop() {
    [ -f $PID_F ] && kill $(cat $PID_F)
}

The discussion might have continued from here.

Page 1 of 1