#!/bin/sh
# openvpnd 	OpenVPN daemon.
#
# chkconfig: 345 47 68
# description:	OpenVPN is a full-featured SSL VPN solution which \
#               can accomodate a wide range of configurations, \
#               including road warrior access, home/office/campus \
#               telecommuting, WiFi security, secure branch office \
#               linking, and enterprise-scale remote access solutions \
#               with load balancing, failover, and fine-grained \
#               access-controls
# processname: openvpnd
# config: /etc/openvpn.conf
# pidfile: /var/run/tincd.pid

# Do not load RH compatibility interface.
WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

PIDFILEBASE=/var/run/openvpn
LOCKFILEBASE=/var/lock/subsys/openvpn
RETVAL=0
CONFIGDIR=/etc/openvpn
CONFFILES=`/bin/ls $CONFIGDIR/*.conf 2>/dev/null`
OPENVPN=/usr/sbin/openvpn
OPENVPNUSER=openvpn
CACHEDIR=/var/lib/openvpn/cache

[ -f "$OPENVPN" ] || exit

# Source networking configuration.
SourceIfNotEmpty /etc/sysconfig/network

start()
{
    is_yes "$NETWORKING" || return 0

    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then
        # Run startup script, if defined
        if [ -f $CONFIGDIR/openvpn-startup ]; then
	    . $CONFIGDIR/openvpn-startup
	fi
	    
	    
	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`

	    # Run config file for given VPN channel
    	    if [ -f "$CONFIGDIR/$bn.sh" ]; then
	        . "$CONFIGDIR/$bn.sh"
    	    fi
	    
	    start_daemon --pidfile "$PIDFILEBASE-$bn.pid" --lockfile "$LOCKFILEBASE-$bn" -- \
			 $OPENVPN --config "$CONFFILE" --cd "$CACHEDIR" \
			          --daemon --writepid "$PIDFILEBASE-$bn.pid"

	    let RETVAL=$RETVAL+$?
	done
	    
    else
        printf "%s\n" "There are no config files!"
        printf "%s %s\n"  "Configure one or more VPN's and place configuration files in" "$CONFDIR"
        printf "%s\n"   "Sample config could be obtained from /usr/share/doc/openvpn"
    fi
    return $RETVAL
}

stop()
{
    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then
	    
	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`

	    stop_daemon --pidfile "$PIDFILEBASE-$bn.pid" --lockfile "$LOCKFILEBASE-$bn" -- $OPENVPN
	    let RETVAL=$RETVAL+$?
	done
	    
        # Run shotdown script, if defined
        if [ -f $CONFIGDIR/openvpn-shutdown ]; then
	    . $CONFIGDIR/openvpn-shutdown
	fi
    fi
    return $RETVAL
}



reload()
{
    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then
	msg_reloading template

	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`

	    stop_daemon --pidfile "$PIDFILEBASE-$bn.pid" $OPENVPNUSER -HUP -- $OPENVPN
	    let RETVAL=$RETVAL+$?
	done
	    
    fi
    return $RETVAL
} 

reopen()
{
    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then
	msg_reloading template

	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`

	    stop_daemon --pidfile "$PIDFILEBASE-$bn.pid" -USR1 -- $OPENVPN
	    let RETVAL=$RETVAL+$?
	done
	    
    fi
    return $RETVAL
}

condstop()
{
    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then
	    
	stop_ip=0
	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`

	    if [ -f "$LOCKFILEBASE-$bn" ]; then
		stop_daemon --pidfile "$PIDFILEBASE-$bn.pid" --lockfile "$LOCKFILEBASE-$bn" -- $OPENVPN
		let RETVAL=$RETVAL+$?
		stop_it=1
	    fi
	done
	    
        # Run shotdown script, if defined
        if [ -f $CONFIGDIR/openvpn-shutdown ]; then
	    if [ $stop_it ]; then
		. $CONFIGDIR/openvpn-shutdown
	    fi
	fi
    fi
    return $RETVAL
}

condrestart()
{
    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then

	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`

	    if [ -f "$LOCKFILEBASE-$bn" ]; then
		stop_daemon --pidfile "$PIDFILEBASE-$bn.pid" --lockfile "$LOCKFILEBASE-$bn" -- $OPENVPN

		# Run config file for given VPN channel
    		if [ -f "$CONFIGDIR/$bn.sh" ]; then
	    	    . "$CONFIGDIR/$bn.sh"
    		fi
	    
		start_daemon --pidfile "$PIDFILEBASE-$bn.pid" --lockfile "$LOCKFILEBASE-$bn" -- \
			     $OPENVPN --config "$CONFFILE" --cd "$CACHEDIR" \
			              --daemon --writepid "$PIDFILEBASE-$bn.pid"
		let RETVAL=$RETVAL+$?
	    fi
	done
	    
    fi
    return $RETVAL
} 

condreload()
{
    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then
	msg_reloading template
	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`

	    if [ -f "$LOCKFILEBASE-$bn" ]; then
		stop_daemon --pidfile "$PIDFILEBASE-$bn.pid" -HUP -- $OPENVPN
		let RETVAL=$RETVAL+$?
	    fi
	done
	    
    fi
    return $RETVAL
} 

show_status()
{
    RETVAL=0
    if [[ "foo$CONFFILES" != "foo" ]]; then

	for CONFFILE in $CONFFILES; do 
	    bn=`basename $CONFFILE .conf`
	    status --pidfile "$PIDFILEBASE-$bn.pid" -- $OPENVPN
	    st=$?
	    if [ $st -le 1 ]; then
		kill -USR2 `cat "$PIDFILEBASE-$bn.pid"` >/dev/null 2>&1 
		st=$?
		if [ $st -eq 0 ]; then
		    echo "Status of VPN $bn written to /var/log/messages"
		fi
	    fi	
	    let RETVAL=$RETVAL+$?
	done
    fi
    return $RETVAL
} 


# See how we were called.
case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	reload)
		# OpenVPN can reload it config, but only when runing as root...
		# With downgraded privileges it cann't up and down TUN interface. 
		restart
		;;
	reopen)
		reopen
		;;
	restart)
		stop
		sleep 2s
		start
		;;
	condstop)
		condstop
		;;
	condrestart)
		condrestart
		;;
	condreload)
		# OpenVPN can reload it config, but only when runing as root...
		# With downgraded privileges it cann't up and down TUN interface. 
		condrestart
		;;
	status)
		show_status
		;;
	*)
		msg_usage "${0##*/} {start|stop|reload|restart|reopen|condstop|condrestart|condreload|status}"
		RETVAL=1
esac

exit $RETVAL

