# openvpn config file directory dir=/etc/openvpn # 载入防火墙 $dir/
# 载入 TUN/TAP kernel module modprobe tun
# 开启IP转发
echo 1 > /proc/sys/net/ipv4/ip_forward
# 为每一个VPN隧道唤醒一个守护(daemon)模式的openvpn # Invoke openvpn for each VPN tunnel # in daemon mode. Alternatively, # you could remove \# the command line and add \# to the config file. #
# Each tunnel should run on a separate # UDP port. Use the \# to control this. Like all of # OpenVPN's options, you can
# specify \# line or \# file.
openvpn --cd $dir --daemon --config openvpn --cd $dir --daemon --config openvpn --cd $dir --daemon --config 创建类似如下的 shutdown 脚本:
-------------------------------------------------------------------------------- sample-config-files/ #!/bin/bash
# stop all openvpn processes killall -TERM openvpn
最后将 和 脚本添加到系统的 startup 和shutdown 脚本中 或拷贝到 /etc/ 目录.
管理多条 OpenVPN 隧道的 startup 和 shutdown
这里是一个/etc/ 下的脚本例子,它自动为 /etc/openvpn 下的每一个.conf 文件创建一条 OpenVPN 隧道。
该脚本在通过 RPM 安装 OpenVPN 时会缺省安装到机器上。
-------------------------------------------------------------------------------- sample-scripts/
#!/bin/sh #
# openvpn This shell script takes care of starting and stopping # openvpn on RedHat or other chkconfig-based system. #
# chkconfig: 345 80 30 #
# 描述: OpenVPN is a robust and highly flexible tunneling application that # uses all of the encryption, authentication, and certification features
# of the OpenSSL library to securely tunnel IP networks over a single # UDP port. #
# Contributed to the OpenVPN project by # Douglas Keller <> # 安装此脚本:
# 将这个文件拷贝到 /etc/openvpn # shell> chkconfig --add openvpn # shell> mkdir /etc/openvpn
# make .conf or .sh files in /etc/openvpn (see below) # 删除此脚本:
# 运行: chkconfig --del openvpn
# 作者提示: #
# 我已经写了一个 /etc/ 初始化脚本并修改了 可以自动注册该脚本。
# RPM 包装好后你可以直接使用 \和 \# 命令启动和终止 OpenVPN. #
# 初始化脚本工作如下: #
# - 为它在/etc/openvpn下找到的每一个 .conf 文件启动一个 openvpn 进程 #
# - 如果存在对应于 的 /etc/openvpn/ 文件,
# 那么在它启动 openvpn 前执行它(作 openvpn --mktun... 时很有用)。 #
# - 除 start/stop 外还可以执行: #
# service openvpn reload - SIGHUP
# service openvpn reopen - SIGUSR1 # service openvpn status - SIGUSR2
# Modifications
# * Changed == to = for sh compliance (Bishop Clark).
# * If condrestart|reload|reopen|status, check that we were # actually started (James Yonan).
# * Added lock, piddir, and work variables (James Yonan).
# * If start is attempted twice, without an intervening stop, or # if start is attempted when previous start was not properly # shut down, then kill any previously started processes, before # commencing new start operation (James Yonan).
# * Do a better job of flagging errors on start, and properly # returning success or failure status to caller (James Yonan). # Location of openvpn binary openvpn=\ # Lockfile
lock=\ # PID directory
piddir=\ # Our working directory work=/etc/openvpn
# Source function library. . /etc/functions
# Source networking configuration. . /etc/sysconfig/network
# Check that networking is up. [ ${NETWORKING} = \ [ -f $openvpn ] || exit 0 # See how we were called. case \ start)
echo -n $\ /sbin/modprobe tun >/dev/null 2>&1
# From a security perspective, I think it makes # sense to remove this, and have users who need # it explictly enable in their --up scripts or # firewall setups.
#echo 1 > /proc/sys/net/ipv4/ip_forward if [ ! -d $piddir ]; then mkdir $piddir
fi
if [ -f $lock ]; then
# we were not shut down correctly
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1 fi
rm -f $pidf done
rm -f $lock sleep 2 fi
rm -f $piddir/*.pid cd $work
# Start every .conf in $work and run .sh if exists errors=0 successes=0
for c in `/bin/ls *.conf 2>/dev/null`; do bn=${c%%.conf}
if [ -f \ . $ fi
rm -f $piddir/$
$openvpn --daemon --writepid $piddir/$ --config $c --cd $work if [ $? = 0 ]; then successes=1 else errors=1 fi done
if [ $errors = 1 ]; then failure; echo else
success; echo fi
if [ $successes = 1 ]; then touch $lock fi ;; stop)
echo -n $\
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1 fi
rm -f $pidf done
success; echo rm -f $lock ;;
restart) $0 stop sleep 2 $0 start ;;
reload)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do if [ -s $pidf ]; then
kill -HUP `cat $pidf` >/dev/null 2>&1 fi
done else
echo \ exit 1 fi ;;
reopen)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do if [ -s $pidf ]; then
kill -USR1 `cat $pidf` >/dev/null 2>&1 fi
done else
echo \ exit 1 fi ;;
condrestart)
if [ -f $lock ]; then $0 stop
# avoid race sleep 2 $0 start fi ;;
openvpnhowto中文版
