From f87b50506b60e12fc4c314635cb3a297d0b2737f Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 21 Mar 2024 17:58:46 +0100 Subject: [PATCH] initscripts: Add an initscript for OpenVPN RW Signed-off-by: Michael Tremer --- config/rootfiles/common/aarch64/initscripts | 4 ++ config/rootfiles/common/riscv64/initscripts | 4 ++ config/rootfiles/common/x86_64/initscripts | 4 ++ lfs/initscripts | 3 + src/initscripts/system/openvpn-rw | 76 +++++++++++++++++++++ 5 files changed, 91 insertions(+) create mode 100644 src/initscripts/system/openvpn-rw diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index 187361eeb..c93c0ee4c 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -70,6 +70,7 @@ etc/rc.d/init.d/networking/red.up/99-fireinfo etc/rc.d/init.d/networking/red.up/99-pakfire-update etc/rc.d/init.d/networking/wpa_supplicant.exe etc/rc.d/init.d/ntp +etc/rc.d/init.d/openvpn-rw etc/rc.d/init.d/pakfire etc/rc.d/init.d/partresize etc/rc.d/init.d/rc @@ -99,6 +100,7 @@ etc/rc.d/rc0.d/K01grub-btrfsd #etc/rc.d/rc0.d/K01motion #etc/rc.d/rc0.d/K01vdradmin etc/rc.d/rc0.d/K08fcron +etc/rc.d/rc0.d/K10openvpn-rw etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K47setclock @@ -135,6 +137,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl etc/rc.d/rc3.d/S30sshd etc/rc.d/rc3.d/S32apache etc/rc.d/rc3.d/S40fcron +etc/rc.d/rc3.d/S50openvpn-rw etc/rc.d/rc3.d/S98rc.local etc/rc.d/rc3.d/S99grub-btrfsd #etc/rc.d/rc3.d/S99imspetor @@ -146,6 +149,7 @@ etc/rc.d/rc6.d/K01grub-btrfsd #etc/rc.d/rc6.d/K01motion #etc/rc.d/rc6.d/K01vdradmin etc/rc.d/rc6.d/K08fcron +etc/rc.d/rc6.d/K10openvpn-rw etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K47setclock diff --git a/config/rootfiles/common/riscv64/initscripts b/config/rootfiles/common/riscv64/initscripts index e23ee54de..67735581b 100644 --- a/config/rootfiles/common/riscv64/initscripts +++ b/config/rootfiles/common/riscv64/initscripts @@ -70,6 +70,7 @@ etc/rc.d/init.d/networking/red.up/99-fireinfo etc/rc.d/init.d/networking/red.up/99-pakfire-update etc/rc.d/init.d/networking/wpa_supplicant.exe etc/rc.d/init.d/ntp +etc/rc.d/init.d/openvpn-rw etc/rc.d/init.d/pakfire etc/rc.d/init.d/partresize etc/rc.d/init.d/rc @@ -98,6 +99,7 @@ etc/rc.d/rc0.d/K01grub-btrfsd #etc/rc.d/rc0.d/K01motion #etc/rc.d/rc0.d/K01vdradmin etc/rc.d/rc0.d/K08fcron +etc/rc.d/rc0.d/K10openvpn-rw etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K47setclock @@ -134,6 +136,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl etc/rc.d/rc3.d/S30sshd etc/rc.d/rc3.d/S32apache etc/rc.d/rc3.d/S40fcron +etc/rc.d/rc3.d/S50openvpn-rw etc/rc.d/rc3.d/S98rc.local etc/rc.d/rc3.d/S99grub-btrfsd #etc/rc.d/rc3.d/S99imspetor @@ -145,6 +148,7 @@ etc/rc.d/rc6.d/K01grub-btrfsd #etc/rc.d/rc6.d/K01motion #etc/rc.d/rc6.d/K01vdradmin etc/rc.d/rc6.d/K08fcron +etc/rc.d/rc6.d/K10openvpn-rw etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K47setclock diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index e23ee54de..67735581b 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -70,6 +70,7 @@ etc/rc.d/init.d/networking/red.up/99-fireinfo etc/rc.d/init.d/networking/red.up/99-pakfire-update etc/rc.d/init.d/networking/wpa_supplicant.exe etc/rc.d/init.d/ntp +etc/rc.d/init.d/openvpn-rw etc/rc.d/init.d/pakfire etc/rc.d/init.d/partresize etc/rc.d/init.d/rc @@ -98,6 +99,7 @@ etc/rc.d/rc0.d/K01grub-btrfsd #etc/rc.d/rc0.d/K01motion #etc/rc.d/rc0.d/K01vdradmin etc/rc.d/rc0.d/K08fcron +etc/rc.d/rc0.d/K10openvpn-rw etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K47setclock @@ -134,6 +136,7 @@ etc/rc.d/rc3.d/S24cyrus-sasl etc/rc.d/rc3.d/S30sshd etc/rc.d/rc3.d/S32apache etc/rc.d/rc3.d/S40fcron +etc/rc.d/rc3.d/S50openvpn-rw etc/rc.d/rc3.d/S98rc.local etc/rc.d/rc3.d/S99grub-btrfsd #etc/rc.d/rc3.d/S99imspetor @@ -145,6 +148,7 @@ etc/rc.d/rc6.d/K01grub-btrfsd #etc/rc.d/rc6.d/K01motion #etc/rc.d/rc6.d/K01vdradmin etc/rc.d/rc6.d/K08fcron +etc/rc.d/rc6.d/K10openvpn-rw etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K47setclock diff --git a/lfs/initscripts b/lfs/initscripts index f4fdb17fa..4f0e915a6 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -97,6 +97,7 @@ $(TARGET) : ln -sf ../init.d/vdradmin /etc/rc.d/rc0.d/K01vdradmin ln -sf ../init.d/fcron /etc/rc.d/rc0.d/K08fcron ln -sf ../init.d/apache /etc/rc.d/rc0.d/K28apache + ln -sf ../init.d/openvpn-rw /etc/rc.d/rc0.d/K10openvpn-rw ln -sf ../init.d/sshd /etc/rc.d/rc0.d/K30sshd ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc0.d/K49cyrus-sasl @@ -130,6 +131,7 @@ $(TARGET) : ln -sf ../init.d/sshd /etc/rc.d/rc3.d/S30sshd ln -sf ../init.d/apache /etc/rc.d/rc3.d/S32apache ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron + ln -sf ../init.d/openvpn-rw /etc/rc.d/rc3.d/S50openvpn-rw ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local ln -sf ../init.d/grub-btrfsd /etc/rc.d/rc3.d/S99grub-btrfsd ln -sf ../init.d/imspetor /etc/rc.d/rc3.d/S99imspetor @@ -141,6 +143,7 @@ $(TARGET) : ln -sf ../init.d/motion /etc/rc.d/rc6.d/K01motion ln -sf ../init.d/vdradmin /etc/rc.d/rc6.d/K01vdradmin ln -sf ../init.d/fcron /etc/rc.d/rc6.d/K08fcron + ln -sf ../init.d/openvpn-rw /etc/rc.d/rc6.d/K10openvpn-rw ln -sf ../init.d/apache /etc/rc.d/rc6.d/K28apache ln -sf ../init.d/sshd /etc/rc.d/rc6.d/K30sshd ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock diff --git a/src/initscripts/system/openvpn-rw b/src/initscripts/system/openvpn-rw new file mode 100644 index 000000000..82cf3526a --- /dev/null +++ b/src/initscripts/system/openvpn-rw @@ -0,0 +1,76 @@ +#!/bin/sh +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2022 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /etc/sysconfig/rc +. ${rc_functions} + +PIDFILE="/var/run/openvpn.pid" + +# Load configuration +eval $(/usr/local/bin/readhash /var/ipfire/ovpn/settings) + +case "${1}" in + start) + # Exit if OpenVPN is not enabled + if [ "${ENABLED}" != "on" ]; then + exit 0 + fi + + # Flush all firewall rules + iptables -F OVPNINPUTRW + + # Open the port + iptables -A OVPNINPUTRW \ + -p "${DPROTOCOL}" --dport "${DDEST_PORT}" -j ACCEPT + + boot_mesg "Starting OpenVPN Roadwarrior Server..." + loadproc /usr/sbin/openvpn \ + --config /var/ipfire/ovpn/server.conf + ;; + + stop) + boot_mesg "Stopping OpenVPN Roadwarrior Server..." + killproc /usr/sbin/openvpn + + # Flush all firewall rules + iptables -F OVPNINPUTRW + ;; + + reload) + boot_mesg "Reloading OpenVPN Roadwarrior Server..." + reloadproc /usr/sbin/openvpn + ;; + + restart) + ${0} stop + sleep 1 + ${0} start + ;; + + status) + statusproc /usr/sbin/openvpn + ;; + + *) + echo "Usage: ${0} {start|stop|reload|restart|status}" + exit 1 + ;; +esac -- 2.39.5