#!/bin/sh
### BEGIN INIT INFO
# Provides:                     openvpn
# Required-Start:               $network
# Required-Stop:                $network
# Default-Start:                3 5
# Default-Stop:                 0 1 2 6
# Short-Description:            This shell script takes care of starting and stopping OpenVPN.
# Description:                  OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. 
### END INIT INFO

# Contributed to the OpenVPN project by
# Douglas Keller <doug@voidstar.dyndns.org>
# 2002.05.15

# Modified for SuSE by
# Frank Plohmann <openvpn@franks-planet.de>
# 2003.08.24
# Please feel free to contact me if you have problems or suggestions
# using this script.

# To install:
#   copy this file to /etc/rc.d/init.d/openvpn
#   use the runlevel editor in Yast to add it to runlevel 3 and/or 5
#   shell> mkdir /etc/openvpn
#   make .conf or .sh files in /etc/openvpn (see below)

# To uninstall:
#   use also Yast and the runlevel editor to uninstall

# Author's Notes:
#
# I have created an /etc/init.d init script and enhanced openvpn.spec to
# automatically register the init script.  Once the RPM is installed you
# can start and stop OpenVPN with "service openvpn start" and "service
# openvpn stop".
#
# The init script does the following:
#
# - Starts an openvpn process for each .conf file it finds in
#   /etc/openvpn.
#
# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
#   it before starting openvpn (useful for doing openvpn --mktun...).
#
# - In addition to start/stop you can do:
#
#   /etc/init.d/openvpn reload - SIGHUP
#   /etc/init.d/openvpn reopen - SIGUSR1
#   /etc/init.d/openvpn status - SIGUSR2

# Modifications 2003.05.02
#   * Changed == to = for sh compliance (Bishop Clark).
#   * If condrestart|reload|reopen|status, check that we were
#     actually started (James Yonan).
#   * Added lock, piddir, and work variables (James Yonan).
#   * If start is attempted twice, without an intervening stop, or
#     if start is attempted when previous start was not properly
#     shut down, then kill any previously started processes, before
#     commencing new start operation (James Yonan).
#   * Do a better job of flagging errors on start, and properly
#     returning success or failure status to caller (James Yonan).
#
# Modifications 2003.08.24
#   * Converted the script for SuSE Linux distribution. 
#	  Tested with version 8.2 (Frank Plohmann).
#		- removed "chkconfig" header
#		- added Yast header
#		- changed installation notes
#		- corrected path to openvpn binary
#		- removes sourcing "functions"
#		- removed sourcing "network"
#		- removed network checking. it seemed not to work with SuSE.
#		- added sourcing "rc.status", comments and "rc_reset" command
#		- removed "succes; echo" and "failure; echo" lines
#		- added "rc_status" lines at the end of each section
#		- changed "service" to "/etc/init.d/" in "In addition to start/stop"
#		  section above.
#
# Modifications 2005.04.04
#   * Added openvpn-startup and openvpn-shutdown script calls (James Yonan).
#

# Location of openvpn binary
openvpn="/usr/sbin/openvpn"

# Lockfile
lock="/var/lock/subsys/openvpn"

# PID directory
piddir="/var/run/openvpn"

# Our working directory
work=/etc/openvpn

# Source rc functions
. /etc/rc.status

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status

#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status

# First reset status of this service
rc_reset

[ -f  $openvpn ] || exit 0

# See how we were called.
case "$1" in
  start)
	echo -n $"Starting openvpn: "

	/sbin/modprobe tun >/dev/null 2>&1

	# From a security perspective, I think it makes
	# sense to remove this, and have users who need
	# it explictly enable in their --up scripts or
	# firewall setups.

	#echo 1 > /proc/sys/net/ipv4/ip_forward

	# Run startup script, if defined
	if [ -f $work/openvpn-startup ]; then
	    $work/openvpn-startup
	fi

	if [ ! -d  $piddir ]; then
	    mkdir $piddir
	fi

	if [ -f $lock ]; then
	    # we were not shut down correctly
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
	      if [ -s $pidf ]; then
		kill `cat $pidf` >/dev/null 2>&1
	      fi
	      rm -f $pidf
	    done
	    rm -f $lock
	    sleep 2
	fi

	rm -f $piddir/*.pid
	cd $work

	# Start every .conf in $work and run .sh if exists
	errors=0
	successes=0
	for c in `/bin/ls *.conf 2>/dev/null`; do
	    bn=${c%%.conf}
	    if [ -f "$bn.sh" ]; then
		. $bn.sh
	    fi
	    rm -f $piddir/$bn.pid
	    $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
	    if [ $? = 0 ]; then
		successes=1
	    else
		errors=1
	    fi
	done

	if [ $successes = 1 ]; then
	    touch $lock
	fi

	rc_status -v
	;;
  stop)
	echo -n $"Shutting down openvpn: "
	for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
	  if [ -s $pidf ]; then
	    kill `cat $pidf` >/dev/null 2>&1
	  fi
	  rm -f $pidf
	done

	# Run shutdown script, if defined
	if [ -f $work/openvpn-shutdown ]; then
	    $work/openvpn-shutdown
	fi

	rm -f $lock

	rc_status -v
	;;
  restart)
	$0 stop
	sleep 2
	$0 start

	rc_status
	;;
  reload)
	if [ -f $lock ]; then
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
		if [ -s $pidf ]; then
		    kill -HUP `cat $pidf` >/dev/null 2>&1
		fi
	    done
	else
	    echo "openvpn: service not started"
	    exit 1
	fi

	rc_status -v
	;;
  reopen)
	if [ -f $lock ]; then
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
		if [ -s $pidf ]; then
		    kill -USR1 `cat $pidf` >/dev/null 2>&1
		fi
	    done
	else
	    echo "openvpn: service not started"
	    exit 1
	fi

	rc_status -v
	;;
  condrestart)
	if [ -f $lock ]; then
	    $0 stop
	    # avoid race
	    sleep 2
	    $0 start
	fi

	rc_status
	;;
  status)
	if [ -f $lock ]; then
	    for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
		if [ -s $pidf ]; then
		    kill -USR2 `cat $pidf` >/dev/null 2>&1
		fi
	    done
	    echo "Status written to /var/log/messages"
	else
	    echo "openvpn: service not started"
	    exit 1
	fi

	rc_status -v
        ;;
  *)
	echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
	exit 1
esac

exit 0