#! /bin/sh
-#
-# tripe init script
-# suitable for direct use in most SysV-style inits
+###
+### tripe init script
+### suitable for direct use in most SysV-style inits
+
+### BEGIN INIT INFO
+# Provides: tripe
+# Required-Start: $local_fs $remote_fs $named $network
+# Required-Stop: $local_fs $remote_fs $network
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: tripe Virtual Private Network server
+### END INIT INFO
set -e
-# --- Setup ---
+###--------------------------------------------------------------------------
+### Configuration.
[ -f @initconfig@ ] && . @initconfig@
+
: ${prefix=@prefix@} ${exec_prefix=@exec_prefix@}
: ${bindir=@bindir@} ${sbindir=@sbindir@}
-: ${TRIPEDIR=@configdir@} ${tripesock=@socketdir@/tripesock}
+: ${TRIPEDIR=@configdir@} ${TRIPESOCK=@socketdir@/tripesock}
: ${pidfile=@pidfile@}
: ${tripe=$sbindir/tripe} ${tripectl=$bindir/tripectl}
+
PATH=/usr/bin:/usr/sbin:/bin:/sbin:$bindir
-export PATH TRIPEDIR
+export PATH TRIPEDIR TRIPESOCK TRIPE_SLIPIF
+
+###--------------------------------------------------------------------------
+### Pre-flight checks.
-# --- Give up if there's no key ---
+## Give up if there's no binary.
+if test ! -x "$tripe" || test ! -x "$tripectl"; then
+ echo >&2 "Not starting/stopping TrIPE: binary files missing"
+ exit 0
+fi
-if test ! -f $TRIPEDIR/keyring || test ! -f $TRIPEDIR/keyring.pub; then
+## Give up if there's no key.
+if test ! -f "$TRIPEDIR/keyring" || test ! -f "$TRIPEDIR/keyring.pub"; then
echo >&2 "Not starting/stopping TrIPE: keyring files missing"
exit 0
fi
-# --- Check it will work, or at least stands a fighting chance ---
-#
-# Having loads of different tunnel types doesn't help any.
-
-test -x $tripe -a -x $tripectl || exit 0
-
-case ${tunnel-`$tripe --tunnels | head -1`} in
- linux)
- case `uname -s` in
- Linux)
- if { test -f /proc/misc && grep -q net/tun /proc/misc; } ||
- modprobe -q tun; then
- : good
- else
- echo >&2 "$tripe needs the Linux TUN/TAP driver to run."
- exit 1
- fi
- if test -c /dev/net/tun; then
- : good
- else
- echo >&2 "$tripe needs /dev/net/tun, which is missing."
- exit 1
- fi
- ;;
- *)
- echo >&2 "CONFIGURATION ERROR"
- echo >&2 " $tripe is compiled to use a Linux tunnel device, but"
- echo >&2 " this system is `uname -s`"
- exit 1
- ;;
- esac
+## Check it will work, or at least stands a fighting chance.
+##
+## (Having loads of different tunnel types doesn't help any.)
+case ${tunnel-`$tripe --tunnels | head -1`},`uname -s` in
+
+ ## Linux TUN/TAP.
+ linux,Linux)
+ if { test -f /proc/misc && grep -q tun /proc/misc; } ||
+ modprobe -q tun; then
+ : good
+ else
+ echo >&2 "$tripe needs the Linux TUN/TAP driver to run."
+ exit 1
+ fi
+ if test -c /dev/net/tun; then
+ : good
+ else
+ echo >&2 "$tripe needs /dev/net/tun, which is missing."
+ exit 1
+ fi
;;
- unet)
- case `uname -s` in
- Linux)
- if { test -f /proc/devices && grep -q unet /proc/devices; } ||
- modprobe -q unet; then
- : good
- else
- echo >&2 "$tripe needs the Linux UNET driver to run."
- exit 1
- fi
- if test -c /dev/unet; then
- : good
- else
- echo >&2 "$tripe needs /dev/unet, which is missing."
- exit 1
- fi
- ;;
- *)
- echo >&2 "CONFIGURATION ERROR"
- echo >&2 " $tripe is compiled to use a Linux tunnel device, but"
- echo >&2 " this system is `uname -s`"
- exit 1
- ;;
- esac
+
+ ## Linux Unet (obsolete).
+ unet,Linux)
+ if { test -f /proc/devices && grep -q unet /proc/devices; } ||
+ modprobe -q unet; then
+ : good
+ else
+ echo >&2 "$tripe needs the Linux UNET driver to run."
+ exit 1
+ fi
+ if test -c /dev/unet; then
+ : good
+ else
+ echo >&2 "$tripe needs /dev/unet, which is missing."
+ exit 1
+ fi
;;
- bsd)
- case `uname -s` in
- *BSD)
- # Don't know how to check the device is working.
- if test -c /dev/tun0; then
- : good
- else
- echo >&2 "$tripe needs /dev/tun0, which is missing."
- exit 1
- fi
- ;;
- *)
- echo >&2 "CONFIGURATION ERROR"
- echo >&2 " $tripe is compiled to use a BSD tunnel device, but"
- echo >&2 " this system is `uname -s`"
- exit 1
- ;;
- esac
+
+ ## BSD tun.
+ bsd,*BSD)
+ ## Don't know how to check the device is working. Check the device file
+ ## exists and hope for the best.
+ if test -c /dev/tun0; then
+ : good
+ else
+ echo >&2 "$tripe needs /dev/tun0, which is missing."
+ exit 1
+ fi
;;
- slip)
+
+ ## SLIP.
+ slip,*)
if test "$TRIPE_SLIPIF" = ""; then
echo >&2 "$tripe needs SLIP interfaces set up!"
exit 1
fi
;;
+
+ ## Various kinds of misconfiguration.
+ linux,* | unet,*)
+ echo >&2 "CONFIGURATION ERROR"
+ echo >&2 " $tripe is compiled to use a Linux tunnel device, but"
+ echo >&2 " this system is `uname -s`"
+ exit 1
+ ;;
+ bsd,*)
+ echo >&2 "CONFIGURATION ERROR"
+ echo >&2 " $tripe is compiled to use a BSD tunnel device, but"
+ echo >&2 " this system is `uname -s`"
+ exit 1
+ ;;
esac
-
-# --- Do what was wanted ---
+
+###--------------------------------------------------------------------------
+### Do what was wanted.
case "$1" in
+
start)
echo -n "Starting TrIPE VPN daemon:"
+
+ ## Check to see whether the daemon is already going. If it can respond
+ ## to a simple request, we'll assume that it is.
if $tripectl version >/dev/null 2>/dev/null; then
echo " already running"
exit 0
fi
+
+ ## Start the server, passing lots of arguments.
$tripectl -D -s -p$tripe \
-f${logfile-@logfile@} \
-P$pidfile \
${keytag+-S-t}$keytag \
${addr+-S-b}$addr \
${port+-S-p}${port} \
- ${user+-S-u}${user} \
- ${group+-S-g}${group} \
+ ${user+-U}${user} \
+ ${group+-G}${group} \
${trace+-S-T}${trace} \
${tunnel+-S-n}${tunnel} \
${miscopts}
+
+ ## Wait for the server to start up. This doesn't usually take long.
for i in 1 2 3 4 give-up; do
$tripectl help >/dev/null 2>/dev/null && break
sleep 1
done
+
if [ $i = give-up ]; then
echo " wouldn't start"
exit 1
fi
+
echo -n " tripe"
- for i in $TRIPEDIR/peers/*; do
+
+ ## Start up the ancillary services.
+ sep=" services [" end=""
+ [ -d $TRIPEDIR/services ] && for i in $TRIPEDIR/services/*; do
+ [ -x $i ] || continue
+ name=`basename $i`
+ case $name in *~|\#*) continue;; esac
+ if $i --daemon --startup; then
+ echo -n "$sep$name"
+ else
+ echo -n "$sep($name failed)"
+ fi
+ sep=" " end="]"
+ done
+ echo -n "$end"
+
+ ## Start up the statically configured peers.
+ sep=" peers [" end=""
+ [ -d $TRIPEDIR/peers ] && for i in $TRIPEDIR/peers/*; do
[ -x $i ] || continue
name=`basename $i`
case $name in *~|\#*) continue;; esac
- if $i; then
- echo -n " $name"
+ if $i; then
+ echo -n "$sep$name"
else
- echo -n " ($name failed)"
+ echo -n "$sep($name failed)"
fi
+ sep=" " end="]"
done
- echo " done"
+
+ ## Happy.
+ echo "$end done"
;;
+
stop)
echo -n "Stopping TrIPE VPN daemon:"
- if test ! -S $tripesock; then
+
+ ## If there's no socket, it must have quit (probably nonviolently).
+ if test ! -S $TRIPESOCK; then
echo " not running"
+
+ ## Ask it to die nicely.
elif $tripectl quit >/dev/null 2>&1; then
echo " done"
+
+ ## If there's no pidfile then tripectl presumably deleted it.
elif test ! -f $pidfile; then
echo " stale socket found: removing"
- rm -f $tripesock
+ rm -f $TRIPESOCK
+
+ ## Otherwise kill the process unpleasantly.
elif kill `cat $pidfile`; then
echo " done (killed violently)"
else
- echo " it doesn't want do die!"
+ echo " it doesn't want to die!"
exit 1
fi
;;
+
status)
for i in `$tripectl list`; do
echo "Peer \`$i':"
$tripectl stats $i | sed 's/^/ /'
done
;;
+
reload)
$tripectl reload
echo "Keyrings reloaded OK."
;;
+
restart | force-reload)
sh $0 stop
sh $0 start
;;
+
*)
echo >&2 "usage: $0 start|stop|restart|status|reload|force-reload"
exit 1
;;
+
esac
+
+###----- That's all, folks --------------------------------------------------