Using --config for services and removed support for old config files

This commit is contained in:
Dennis Schwerdel 2016-08-12 08:37:35 +02:00
parent 00296a660d
commit 6c61ca61a8
3 changed files with 7 additions and 96 deletions

View File

@ -5,7 +5,7 @@ vpncloud.1: vpncloud.1.ronn
install: install:
install -d $(DESTDIR)/etc/vpncloud install -d $(DESTDIR)/etc/vpncloud
install -m 600 example.net $(DESTDIR)/etc/vpncloud/example.net install -m 600 example.net.disabled $(DESTDIR)/etc/vpncloud/example.net.disabled
install -d $(DESTDIR)/var/log install -d $(DESTDIR)/var/log
install -d $(DESTDIR)/run install -d $(DESTDIR)/run
install -d $(DESTDIR)/usr/bin install -d $(DESTDIR)/usr/bin

View File

@ -1,70 +0,0 @@
# Whether this VPN should be started with the daemon.
ENABLED=0
# The port number on which to listen for data. [default: `3210`]
# Note: Every VPN needs a different port number.
LISTEN=''
# Address of a peer to connect to. The address should be in the form
# `addr:port`. If the node is not started, the connection will be retried
# periodically. This parameter can be repeated to connect to multiple peers.
# Note: Several entries can be separated by spaces.
PEERS=''
# Peer timeout in seconds. The peers will exchange information periodically
# and drop peers that are silent for this period of time. [default: `1800`]
PEER_TIMEOUT=''
# Switch table entry timeout in seconds. This parameter is only used in switch
# mode. Addresses that have not been seen for the given period of time will
# be forgot. [default: `300`]
DST_TIMEOUT=''
# An optional token that identifies the network and helps to distinguish it
# from other networks.
NETWORK_ID=''
# An optional shared key to encrypt the VPN data. If this option is not set,
# the traffic will be sent unencrypted.
SHARED_KEY=''
# The encryption method to use ("aes256", or "chacha20"). Most current CPUs
# have special support for AES256 so this should be faster. For older
# computers lacking this support, only CHACHA20 is supported.
# [default: `chacha20`]
CRYPTO=''
# Name of the virtual device. Any `%d` will be filled with a free number.
# [default: `vpncloud%d`]
DEVICE=''
# Set the type of network. There are two options: **tap** devices process
# Ethernet frames **tun** devices process IP packets. [default: `tap`]
TYPE=''
# The mode of the VPN. The VPN can like a router, a switch or a hub. A **hub**
# will send all data always to all peers. A **switch** will learn addresses
# from incoming data and only send data to all peers when the address is
# unknown. A **router** will send data according to known subnets of the
# peers and ignore them otherwise. The **normal** mode is switch for tap
# devices and router for tun devices. [default: `normal`]
MODE=''
# The local subnets to use. This parameter should be in the form
# `address/prefixlen` where address is an IPv4 address, an IPv6 address, or a
# MAC address. The prefix length is the number of significant front bits that
# distinguish the subnet from other subnets. Example: `10.1.1.0/24`.
# Note: Several entries can be separated by spaces.
SUBNETS=''
# A command to setup the network interface. The command will be run (as
# parameter to `sh -c`) when the device has been created to configure it.
# The name of the allocated device will be available via the environment
# variable `IFNAME`.
IFUP=''
# A command to bring down the network interface. The command will be run (as
# parameter to `sh -c`) to remove any configuration from the device.
# The name of the allocated device will be available via the environment
# variable `IFNAME`.
IFDOWN=''

View File

@ -21,6 +21,7 @@ DAEMON=$(which $NAME)
status() { status() {
echo "Network status" echo "Network status"
for net in $NETWORKS; do for net in $NETWORKS; do
[ -f "$NETCONFIGS/$net.net" ] || continue
echo -en "\t$net: " echo -en "\t$net: "
if start-stop-daemon --status --pidfile /run/$NAME-$net.pid --name $NAME; then if start-stop-daemon --status --pidfile /run/$NAME-$net.pid --name $NAME; then
echo "running" echo "running"
@ -36,30 +37,8 @@ start() {
# 1 if daemon was already running # 1 if daemon was already running
# 2 if daemon could not be started # 2 if daemon could not be started
for net in $NETWORKS; do for net in $NETWORKS; do
ENABLED=0 [ -f "$NETCONFIGS/$net.net" ] || continue
unset DEVICE LISTEN TYPE MODE SHARED_KEY CRYPTO IFUP IFDOWN NETWORK_ID PEER_TIMEOUT DST_TIMEOUT PEERS SUBNETS start-stop-daemon --start --pidfile /run/$NAME-$net.pid --make-pidfile --name $NAME --background --startas /bin/sh -- -c "exec $DAEMON --config $NETCONFIGS/$net.net >/var/log/vpncloud-$net.log 2>&1"
[ -f "$NETCONFIGS/$net.net" ] && . $NETCONFIGS/$net.net
if [ $ENABLED -eq 1 ]; then
PARAMS=""
[ -z "$DEVICE" ] || PARAMS="$PARAMS --device $DEVICE"
[ -z "$LISTEN" ] || PARAMS="$PARAMS --listen $LISTEN"
[ -z "$TYPE" ] || PARAMS="$PARAMS --type $TYPE"
[ -z "$MODE" ] || PARAMS="$PARAMS --mode $MODE"
[ -z "$SHARED_KEY" ] || PARAMS="$PARAMS --shared-key '$SHARED_KEY'"
[ -z "$CRYPTO" ] || PARAMS="$PARAMS --crypto $CRYPTO"
[ -z "$IFUP" ] || PARAMS="$PARAMS --ifup '$IFUP'"
[ -z "$IFDOWN" ] || PARAMS="$PARAMS --ifdown '$IFDOWN'"
[ -z "$NETWORK_ID" ] || PARAMS="$PARAMS --network-id $NETWORK_ID"
[ -z "$PEER_TIMEOUT" ] || PARAMS="$PARAMS --peer-timeout $PEER_TIMEOUT"
[ -z "$DST_TIMEOUT" ] || PARAMS="$PARAMS --peer-timeout $DST_TIMEOUT"
for peer in $PEERS; do
PARAMS="$PARAMS --connect $peer"
done
for subnet in $SUBNETS; do
PARAMS="$PARAMS --subnet $subnet"
done
start-stop-daemon --start --pidfile /run/$NAME-$net.pid --make-pidfile --name $NAME --background --startas /bin/sh -- -c "exec $DAEMON $PARAMS >/var/log/vpncloud-$net.log 2>&1"
fi
done done
return 0 return 0
} }
@ -71,7 +50,9 @@ stop() {
# 2 if daemon could not be stopped # 2 if daemon could not be stopped
# other if a failure occurred # other if a failure occurred
for net in $NETWORKS; do for net in $NETWORKS; do
start-stop-daemon --stop --quiet --pidfile /run/$NAME-$net.pid --name $NAME --retry 60 [ -f "$NETCONFIGS/$net.net" ] || continue
start-stop-daemon --stop --quiet --pidfile /run/$NAME-$net.pid --retry 60
rm -f /run/$NAME-$net.pid
done done
return 0 return 0
} }