#! /bin/sh ### ### tripe init script ### suitable for direct use in most SysV-style inits ### BEGIN INIT INFO # Provides: tripe # Required-Start: $local_fs $remote_fs $named $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: tripe Virtual Private Network server ### END INIT INFO set -e ###-------------------------------------------------------------------------- ### Configuration. [ -f @initconfig@ ] && . @initconfig@ : ${prefix=@prefix@} ${exec_prefix=@exec_prefix@} : ${bindir=@bindir@} ${sbindir=@sbindir@} : ${TRIPEDIR=@configdir@} ${TRIPESOCK=@socketdir@/tripesock} : ${pidfile=@pidfile@} : ${tripe=$sbindir/tripe} ${tripectl=$bindir/tripectl} PATH=/usr/bin:/usr/sbin:/bin:/sbin:$bindir export PATH TRIPEDIR TRIPESOCK TRIPE_SLIPIF ###-------------------------------------------------------------------------- ### Pre-flight checks. ## Give up if there's no binary. if test ! -x "$tripe" || test ! -x "$tripectl"; then echo >&2 "Not starting/stopping TrIPE: binary files missing" exit 0 fi ## Give up if there's no key. if test ! -f "$TRIPEDIR/keyring" || test ! -f "$TRIPEDIR/keyring.pub"; then echo >&2 "Not starting/stopping TrIPE: keyring files missing" exit 0 fi ## Check it will work, or at least stands a fighting chance. ## ## (Having loads of different tunnel types doesn't help any.) case ${tunnel-`$tripe --tunnels | head -1`},`uname -s` in ## Linux TUN/TAP. linux,Linux) if { test -f /proc/misc && grep -q tun /proc/misc; } || modprobe -q tun; then : good else echo >&2 "$tripe needs the Linux TUN/TAP driver to run." exit 1 fi if test -c /dev/net/tun; then : good else echo >&2 "$tripe needs /dev/net/tun, which is missing." exit 1 fi ;; ## Linux Unet (obsolete). unet,Linux) if { test -f /proc/devices && grep -q unet /proc/devices; } || modprobe -q unet; then : good else echo >&2 "$tripe needs the Linux UNET driver to run." exit 1 fi if test -c /dev/unet; then : good else echo >&2 "$tripe needs /dev/unet, which is missing." exit 1 fi ;; ## BSD tun. bsd,*BSD) ## Don't know how to check the device is working. Check the device file ## exists and hope for the best. if test -c /dev/tun0; then : good else echo >&2 "$tripe needs /dev/tun0, which is missing." exit 1 fi ;; ## SLIP. slip,*) if test "$TRIPE_SLIPIF" = ""; then echo >&2 "$tripe needs SLIP interfaces set up!" exit 1 fi ;; ## Various kinds of misconfiguration. linux,* | unet,*) echo >&2 "CONFIGURATION ERROR" echo >&2 " $tripe is compiled to use a Linux tunnel device, but" echo >&2 " this system is `uname -s`" exit 1 ;; bsd,*) echo >&2 "CONFIGURATION ERROR" echo >&2 " $tripe is compiled to use a BSD tunnel device, but" echo >&2 " this system is `uname -s`" exit 1 ;; esac ###-------------------------------------------------------------------------- ### Do what was wanted. case "$1" in start) echo -n "Starting TrIPE VPN daemon:" ## Check to see whether the daemon is already going. If it can respond ## to a simple request, we'll assume that it is. if $tripectl version >/dev/null 2>/dev/null; then echo " already running" exit 0 fi ## Start the server, passing lots of arguments. logopt= case ${syslogp-nil} in nil) ;; *) logopt="$logopt -l" ;; esac case ${logfile+t},${syslogp-nil} in t,*) logopt="$logopt -f$logfile" ;; ,nil) logopt="$logopt -f@logfile@" ;; esac $tripectl -D -s -p$tripe \ -P$pidfile \ $logopt \ ${keytag+-S-t$keytag} \ ${addr+-S-b$addr} ${port+-S-p$port} \ ${user+-U$user} ${group+-G$group} \ ${sockmode+-S-m$sockmode} \ ${trace+-S-T$trace} \ ${tunnel+-S-n$tunnel} \ $miscopts ## Wait for the server to start up. This doesn't usually take long. for i in 1 2 3 4 give-up; do $tripectl help >/dev/null 2>/dev/null && break sleep 1 done if [ $i = give-up ]; then echo " wouldn't start" exit 1 fi echo -n " tripe" ## Start up the ancillary services. sep=" services [" end="" [ -d $TRIPEDIR/services ] && for i in $TRIPEDIR/services/*; do [ -x $i ] || continue name=`basename $i` case $name in *~|\#*) continue;; esac if $i --daemon --startup; then echo -n "$sep$name" else echo -n "$sep($name failed)" fi sep=" " end="]" done echo -n "$end" ## Start up the statically configured peers. sep=" peers [" end="" [ -d $TRIPEDIR/peers ] && for i in $TRIPEDIR/peers/*; do [ -x $i ] || continue name=`basename $i` case $name in *~|\#*) continue;; esac if $i; then echo -n "$sep$name" else echo -n "$sep($name failed)" fi sep=" " end="]" done ## Happy. echo "$end done" ;; stop) echo -n "Stopping TrIPE VPN daemon:" ## If there's no socket, it must have quit (probably nonviolently). if (cd $TRIPEDIR && test ! -S $TRIPESOCK); then echo " not running" ## Ask it to die nicely. elif $tripectl quit >/dev/null 2>&1; then echo " done" ## If there's no pidfile then tripectl presumably deleted it. elif test ! -f $pidfile; then echo " stale socket found: removing" rm -f $TRIPESOCK ## Otherwise kill the process unpleasantly. elif kill `cat $pidfile`; then echo " done (killed violently)" else echo " it doesn't want to die!" exit 1 fi ;; status) for i in `$tripectl list`; do echo "Peer \`$i':" $tripectl stats $i | sed 's/^/ /' done ;; reload) $tripectl reload echo "Keyrings reloaded OK." ;; restart | force-reload) sh $0 stop sh $0 start ;; *) echo >&2 "usage: $0 start|stop|restart|status|reload|force-reload" exit 1 ;; esac ###----- That's all, folks --------------------------------------------------