3 # tinc tincd VPN setup script
5 # chkconfig: 2345 46 54
8 # author: Lubomir Bulej <pallas@kadan.cz>
9 # Modified for RPM by Mads Kiilerich <mads@kiilerich.com>
11 # description: this script takes care of starting and setting up of VPNs \
12 # provided by tincd daemon. It parses the configuration files \
13 # in all VPN directories and sets up the interfaces and routing
17 # Source function library.
18 . /etc/rc.d/init.d/functions
20 # Source networking configuration.
21 . /etc/sysconfig/network
23 # Check that networking is up.
24 [ ${NETWORKING} = "no" ] && exit 0
26 #############################################################################
27 # configuration & sanity checks
35 if [ ! -x $TINCD ]; then
36 echo "**tinc: daemon $TINCD does not exist or is not executable!"
40 # Check if ip-route is installed
41 if [ ! -f /sbin/ip ]; then
42 echo "**tinc: ip-route utilities not installed!"
46 # Check the configuration directory
47 if [ ! -d $TCONF ]; then
48 echo "**tinc: configuration directory ($TCONF) not found!"
53 ##############################################################################
54 # vpn_load () Loads VPN configuration
59 CFG="$TCONF/$1/tinc.conf"
60 [ -f $CFG ] || { echo "**tinc: $CFG does not exist!" >&2; return 1; }
63 DEV=`grep -i -e '^[[:space:]]*TapDevice' $CFG | sed 's/[[:space:]]//g; s/^.*=//g'`
64 VPN=`grep -i -e '^[[:space:]]*(MyOwnVPNIP|MyVirtualIP)' -E $CFG | head -1 | sed 's/[[:space:]]//g; s/^.*=//g'`
66 # discourage empty and multiple entries
68 { echo "**tinc: TapDevice required!" >&2; return 2; }
69 echo $DEV | grep -q '^/dev/tap' ||
70 { echo "**tinc: TapDevice should be in form /dev/tapX" >&2; return 2; }
71 [ `echo $DEV | wc -l` -gt 1 ] && \
72 { echo "**tinc: multiple TapDevice entries not allowed!" >&2; return 3; }
74 { echo "**tinc: MyOwnVPNIP/MyVirtualIP required!" >&2; return 2; }
75 [ `echo $VPN | wc -l` -gt 1 ] && \
76 { echo "**tinc: multiple MyOwnVPNIP/MyVirtualIP entries not allowed!" >&2; return 3; }
77 echo $VPN | grep -q -x \
78 '\([[:digit:]]\{1,3\}\.\)\{3\}[[:digit:]]\{1,3\}/[[:digit:]]\{1,2\}' || \
79 { echo "**tinc: badly formed MyOwnVPNIP/MyVirtualIP address $VPN!"; return 3; }
82 TAP=`echo $DEV | cut -d"/" -f3`
83 NUM=`echo $TAP | sed 's/tap//'`
85 # IP address, netmask length
86 ADR=`echo $VPN | cut -d"/" -f1`
87 LEN=`echo $VPN | cut -d"/" -f2`
89 # Expand bitlength to netmask
91 for cnt in 1 1 1 0; do
92 if [ $len -ge 8 ]; then
98 MSK="$MSK$((255 & (255 << (8 - msk))))"
99 [ $cnt -ne 0 ] && MSK="$MSK."
103 # Network & broadcast addresses
104 BRD=`ipcalc --broadcast $ADR $MSK | cut -d"=" -f2`
105 NET=`ipcalc --network $ADR $MSK | cut -d"=" -f2`
108 MAC=`printf "fe:fd:%0.2x:%0.2x:%0.2x:%0.2x" $(echo $ADR | sed 's/\./ /g')`
109 # echo "TAP $TAP NUM $NUM ADR $ADR LEN $LEN MSK $MSK BRD $BRD NET $NET MAC $MAC" >&2
114 ##############################################################################
115 # vpn_start () starts specified VPN
117 # $1 ... VPN to start
121 vpn_load $1 || { echo "**tinc: could not vpn_load $1" >&2; return 1; }
124 if [ ! -c $DEV ]; then
125 [ -e $DEV ] && rm -f $DEV
126 mknod --mode=0600 $DEV c 36 $((16 + NUM))
130 { insmod ethertap --name="ethertap$NUM" unit="$NUM" 2>&1 || \
131 { echo "**tinc: cannot insmod ethertap$NUM" >&2; return 2; }
134 # configure the interface
135 ip link set $TAP address $MAC
137 ip addr flush dev $TAP 2>&1 | grep -v -x '^Nothing to flush.'
138 ip addr add $VPN brd $BRD dev $TAP
141 $TINCD --net="$1" $DEBUG || \
142 { echo "**tinc: could not start $TINCD" >&2; return 3; }
144 # default interface route
145 # ip route add $NET/$LEN dev $TAP
148 /etc/sysconfig/network-scripts/ifup-routes $TAP
154 ##############################################################################
155 # vpn_stop () Stops specified VPN
161 vpn_load $1 || return 1
163 # flush the routing table
164 # ip route flush dev $TAP &> /dev/null
166 # kill the tincd daemon
167 PID="$TPIDS/tinc.$1.pid"
169 $TINCD --net="$1" --kill &> /dev/null
172 if [ $RET -eq 0 ]; then
174 while [ $dly -le 5 ]; do
176 sleep 1; dly=$((dly+1))
180 [ -f $PID ] && rm -f $PID
183 # bring the interface down
184 ip link set $TAP down &> /dev/null
186 # remove ethertap module
187 rmmod "ethertap$NUM" &> /dev/null
193 # See how we were called.
196 for vpn in `ls -1 $TCONF`; do
197 echo -n "Bringing up VPN $vpn: "
198 vpn_start $vpn && action "" /bin/true
201 touch /var/lock/subsys/tinc
205 for vpn in `ls -1 $TCONF`; do
206 echo -n "Shutting down VPN $vpn: "
207 vpn_stop $vpn && action "" /bin/true
210 rm -f /var/lock/subsys/tinc
214 echo -n "Configured VPNs: "
215 for vpn in `ls -1 $TCONF`; do
216 PID="$TPIDS/tinc.$vpn.pid"
218 if [ -f $PID -a `ps ax | grep "^ *$(cat $PID)" | wc -l` -eq 1 ]
234 echo "Usage: tinc {start|stop|status|restart}"