Bug#74969: tunnelv: possible init.d script
Package: tunnelv
Version: 1.00-4
Severity: wishlist
After a bit of playing around, I've come up with the following for having
tunnelv start automatically. I thought I'd pass it along in case you'd
like to incorporate them directly in to the package.
First, here is my /etc/init.d/tunnelv:
-------------------------------------------------------------------------------
#! /bin/sh
###############################################################################
#
# Tunnel Vision: start script
#
# Written by Brian White <bcwhite@pobox.com>
#
###############################################################################
TV=/usr/sbin/tunnelv
TC=/etc/tunnelv.conf
TL=/var/log/tunnelv
test -x $TV || exit 0
test -d $TL || mkdir -m755 $TL
test -e $TC && chmod go= $TC
conf=`egrep ^Connections $TC | sed -e 's/^.*=[ ]//'`
case "$1" in
start)
echo -n "Starting secure network tunnels: "
for host in $conf; do
echo -n "$host "
parms=`echo $host | sed -e 's/:/ /g'`
$TV $parms >>$TL/$host 2>&1 &
sleep 3
done
echo "."
;;
stop)
echo -n "Stopping secure network tunnels:"
killall tunnelv >/dev/null 2>&1
sleep 5
echo " ."
;;
restart)
$0 stop
$0 start
;;
reload)
;;
force-reload)
$0 restart
;;
*)
echo "Usage: $0 {start|stop|reload|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
-------------------------------------------------------------------------------
This script reads a list of tunnels to create from the config file. Simply
add a "Connections" line like:
[Tunnel Vision]
Magic Password = magic-password
Local Nets = 10.0.1.1/255.255.0.0
Connections = :1234
to bind and listen on port 1234 or
Connections = remotehost:1234
to connect to port 1234 of the remote host. You can also specify multiple
connections on a single line like
Connections = :1234 remote1:1234 remote2:1234 remote3:6245
to listen for incoming connections and bind to three others.
I installed this in rcS.d with a priority of "S49tunnelv". I think it would
be better placed as "S44tunnelv", but only if ipmasq were to move to the
"S43" priority. It seems odd to me that masquarading is started _after_
the NFS filesystems are mounted. I pointed this out to the ipmasq
maintainer; he may decide to change that package, I don't know. It may
be better to start the tunnel before the NFS mounts regardless of when
ipmasq is started.
One thing that is still missing is rotating the logfiles that are generated.
I can imagine them getting quite big. When I get around to adding that, I'll
send you my work.
I hope this is useful for you.
Brian
( bcwhite@precidia.com )
-------------------------------------------------------------------------------
Seize the moment! Live now. Make "now" always the most important time. -- JLP
Reply to: