openvpn: add generic hotplug mechanism

Pass a default --up and --down executable to each started OpenVPN instance
which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance
goes up or down.

User-configured up and down scripts are invoked by the default shipped
01-user hotplug handler to ensure that existing setups continue to work
as before.

As a consequence of this change, the up, down and script_security OpenVPN
options are removed from the option file, since we're always passing them
via the command line, they do not need to get included into the generated
configuration.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[reword commit message, move hotplug executable to /usr/libexec]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Florian Eckert 2018-11-30 14:03:50 +01:00 committed by Jo-Philipp Wich
parent 9c16c46e58
commit 8fe9940db6
6 changed files with 81 additions and 8 deletions

View File

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn PKG_NAME:=openvpn
PKG_VERSION:=2.4.9 PKG_VERSION:=2.4.9
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE_URL:=\ PKG_SOURCE_URL:=\
https://build.openvpn.net/downloads/releases/ \ https://build.openvpn.net/downloads/releases/ \
@ -102,6 +102,7 @@ endef
define Package/openvpn-$(BUILD_VARIANT)/conffiles define Package/openvpn-$(BUILD_VARIANT)/conffiles
/etc/config/openvpn /etc/config/openvpn
/etc/openvpn.user
endef endef
define Package/openvpn-$(BUILD_VARIANT)/install define Package/openvpn-$(BUILD_VARIANT)/install
@ -111,7 +112,9 @@ define Package/openvpn-$(BUILD_VARIANT)/install
$(1)/etc/init.d \ $(1)/etc/init.d \
$(1)/etc/config \ $(1)/etc/config \
$(1)/etc/openvpn \ $(1)/etc/openvpn \
$(1)/lib/upgrade/keep.d $(1)/lib/upgrade/keep.d \
$(1)/usr/libexec \
$(1)/etc/hotplug.d/openvpn
$(INSTALL_BIN) \ $(INSTALL_BIN) \
$(PKG_INSTALL_DIR)/usr/sbin/openvpn \ $(PKG_INSTALL_DIR)/usr/sbin/openvpn \
@ -120,6 +123,19 @@ define Package/openvpn-$(BUILD_VARIANT)/install
$(INSTALL_BIN) \ $(INSTALL_BIN) \
files/openvpn.init \ files/openvpn.init \
$(1)/etc/init.d/openvpn $(1)/etc/init.d/openvpn
$(INSTALL_BIN) \
files/usr/libexec/openvpn-hotplug \
$(1)/usr/libexec/openvpn-hotplug
$(INSTALL_DATA) \
files/etc/hotplug.d/openvpn/01-user \
$(1)/etc/hotplug.d/openvpn/01-user
$(INSTALL_DATA) \
files/etc/openvpn.user \
$(1)/etc/openvpn.user
$(INSTALL_DATA) \ $(INSTALL_DATA) \
files/openvpn.options \ files/openvpn.options \
$(1)/usr/share/openvpn/openvpn.options $(1)/usr/share/openvpn/openvpn.options

View File

@ -0,0 +1,32 @@
#!/bin/sh
get_option() {
local variable="$1"
local option="$2"
local value="$(sed -rne 's/^[ \t]*'"$option"'[ \t]+(([^ \t\\]|\\.)+)[ \t]*$/\1/p' "$config" | tail -n1 | sed -re 's/\\(.)/\1/g')"
[ -n "$value" ] || value="$(sed -rne 's/^[ \t]*'"$option"'[ \t]+'"'([^']+)'"'[ \t]*$/\1/p' "$config" | tail -n1)"
[ -n "$value" ] || value="$(sed -rne 's/^[ \t]*'"$option"'[ \t]+"(([^"\\]|\\.)+)"[ \t]*$/\1/p' "$config" | tail -n1 | sed -re 's/\\(.)/\1/g')"
[ -n "$value" ] || return 1
export -n "$variable=$value"
return 0
}
[ -e "/etc/openvpn.user" ] && {
env -i ACTION="$ACTION" INSTANCE="$INSTANCE" \
/bin/sh \
/etc/openvpn.user \
$*
}
# Wrap user defined scripts on up/down events
case "$ACTION" in
up|down)
if get_option command "$ACTION"; then
exec /bin/sh -c "$command $ACTION $INSTANCE $*"
fi
;;
esac
exit 0

View File

@ -0,0 +1,11 @@
#!/bin/sh
#
# This file is interpreted as shell script.
# Put your custom openvpn action here, they will
# be executed with each opevnp event.
#
# $ACTION
# <down> down action is generated after the TUN/TAP device is closed
# <up> up action is generated after the TUN/TAP device is opened
# $INSTANCE Name of the openvpn instance which went up or down

View File

@ -73,13 +73,17 @@ openvpn_add_instance() {
local name="$1" local name="$1"
local dir="$2" local dir="$2"
local conf="$3" local conf="$3"
local security="$4"
procd_open_instance "$name" procd_open_instance "$name"
procd_set_param command "$PROG" \ procd_set_param command "$PROG" \
--syslog "openvpn($name)" \ --syslog "openvpn($name)" \
--status "/var/run/openvpn.$name.status" \ --status "/var/run/openvpn.$name.status" \
--cd "$dir" \ --cd "$dir" \
--config "$conf" --config "$conf" \
--up "/usr/libexec/openvpn-hotplug up $name" \
--down "/usr/libexec/openvpn-hotplug down $name" \
--script-security "${security:-2}"
procd_set_param file "$dir/$conf" procd_set_param file "$dir/$conf"
procd_set_param term_timeout 15 procd_set_param term_timeout 15
procd_set_param respawn procd_set_param respawn
@ -100,11 +104,14 @@ start_instance() {
return 1 return 1
} }
local script_security
config_get script_security "$s" script_security
[ ! -d "/var/run" ] && mkdir -p "/var/run" [ ! -d "/var/run" ] && mkdir -p "/var/run"
if [ ! -z "$config" ]; then if [ ! -z "$config" ]; then
append UCI_STARTED "$config" "$LIST_SEP" append UCI_STARTED "$config" "$LIST_SEP"
openvpn_add_instance "$s" "${config%/*}" "$config" openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security"
return return
fi fi
@ -115,7 +122,7 @@ start_instance() {
append_params "$s" $OPENVPN_PARAMS append_params "$s" $OPENVPN_PARAMS
append_list "$s" $OPENVPN_LIST append_list "$s" $OPENVPN_LIST
openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security"
} }
start_service() { start_service() {

View File

@ -25,7 +25,6 @@ dev
dev_node dev_node
dev_type dev_type
dh dh
down
ecdh_curve ecdh_curve
echo echo
engine engine
@ -103,7 +102,6 @@ route_metric
route_pre_down route_pre_down
route_up route_up
rport rport
script_security
secret secret
server server
server_bridge server_bridge
@ -127,7 +125,6 @@ tran_window
tun_mtu tun_mtu
tun_mtu_extra tun_mtu_extra
txqueuelen txqueuelen
up
user user
verb verb
verify_client_cert verify_client_cert

View File

@ -0,0 +1,10 @@
#!/bin/sh
ACTION=$1
shift
INSTANCE=$1
shift
export ACTION=$ACTION
export INSTANCE=$INSTANCE
exec /sbin/hotplug-call openvpn "$@"