Request for review: openvpn
Paul Iadonisi
pri.rhl4 at iadonisi.to
Thu Aug 4 05:40:57 UTC 2005
On Sun, 2005-07-31 at 02:57 +0200, Alexander Dalloz wrote:
[snip]
> > The init script is eventually going to have to be dropped or
> > completely rewritten. At some point I want openvpn to start like any
> > other network interface.
>
> Sounds like a good plan.
I've done this with my own custom rpms for OpenVPN. I posted them to
the openvpn-devel list, but James Yonan didn't want stuff that was too
platform specific. (*boggle* It could be put in a contrib dir. No
matter...)
There are a few problems with what I have. One is that it has a bit
of a hack in there in that the ifcfg-tap<n> file needs both TYPE=OpenVPN
and DEVICETYPE=openvpn lines. What's really needed is a patch to
initscripts (/etc/sysconfig/network-scripts/network-functions) to add
the appropriate clause to the 'case "$TYPE" in' case statement.
A second problem is that it needs to be updated for any new version of
openvpn that introduces new options. Something tells me that there's
got to be a better way. For example, my downwrap-openvpn and
upwrap-openvpn I think are now obsoleted by new options introduced into
openvpn since I wrote them.
It also doesn't handle options that take either zero or more arguments
very well.
Nevertheless, these scripts could serve as a starting point. They are
attached with a sample ifcfg-tap0.
PS: I haven't even begun to look at system-config-network ;-)
--
-Paul Iadonisi
Senior System Administrator
Red Hat Certified Engineer / Local Linux Lobbyist
Ever see a penguin fly? -- Try Linux.
GPL all the way: Sell services, don't lease secrets
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ifup-openvpn
Type: application/x-shellscript
Size: 10400 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050804/1668fadf/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ifdown-openvpn
Type: application/x-shellscript
Size: 2340 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050804/1668fadf/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: upwrap-openvpn
Type: application/x-shellscript
Size: 1840 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050804/1668fadf/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: downwrap-openvpn
Type: application/x-shellscript
Size: 1021 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050804/1668fadf/attachment-0003.bin>
-------------- next part --------------
DEVICE=tap0
ONBOOT=no
TYPE=OpenVPN
DEVICETYPE=openvpn
USERCTL=yes
#
MODE=client
#UP=client.up
#DOWN=client.down
PROTO=udp
REMOTE="vpn.myopenvpnserver.net 1194"
RESOLV_RETRY=infinite
NOBIND=yes
CA=ca.crt
CERT=cert.crt
KEY=cert.key
TLS_AUTH="ta.key 1"
COMP_LZO=yes
VERB=3
More information about the fedora-extras-list
mailing list