[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: OpenVPN startup/DHCP scripts for OS X


  • Subject: [Openvpn-users] Re: OpenVPN startup/DHCP scripts for OS X
  • From: Lawrence Akka <lakka@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 22 Feb 2006 17:02:54 +0000

Stephan Zalewski wrote:
Hi,

I've created new scripts for pulling the DHCP options on OS X, making better use of OS X's system configuration framework.


Here's another one. This uses supplementalmatchdomains, which appears to be the
recommended way of doing things. It also edits resolv.conf, which is needed
by a few older programs.


Lawrence
#!/bin/sh
# 
# openvpn-up-down.sh
#
# 
# A script to be used as an OpenVPN up/down script on Mac OSX 10.4
# to set nameservers and search domains pushed from an OpenVPN server
# 
# Use in your OpenVPN config file as follows:
# 
#    up  "openvpn-up-down.sh up"
#    down "openvpn-up-down.sh down"
#
# Note: If OpenVPN drops privileges once started, the down script will
# be executed with reduced privileges, and will not be able to restore
# /etc/resolv.conf to its original state.  Accordingly you must run the
# down-root plugin.  See
# http://svn.openvpn.net/projects/openvpn/trunk/openvpn/plugin/down-root/README
# eg plugin /path/to/openvpn-down-root.so "openvpn-up-down.sh down"

# This needs some changes to the Makefile to compile cleanly on OSX
# http://sourceforge.net/mailarchive/forum.php?thread_id=9625252&forum_id=8453


# Based heavily on the python script by Nicholas Riley at
# http://web.sabi.net/nriley/software/openvpn/acm-client.py
# and the bash script by Arjan van der Velde at
# http://njr.sabi.net/2005/11/07/alternate-openvpn-os-x-dns-updating-script/
#
# Modifications by Lawrence Akka, 1/2/2005


## Set up the necessary commands, with absolute paths for security
ENV="/usr/bin/env"
SED="/usr/bin/sed"
TR="/usr/bin/tr"
SCUTIL="/usr/sbin/scutil"
CAT="/bin/cat"

## Check how we are called.  $script_type is set by OpenVPN.
case "$1" in
 up)   export action="up" ;;
 down) export action="down" ;;
 *)    echo "Invalid script action." && exit 1 ;;
esac

## Gather the required information
# OpenVPN will pass the following parameters:
#     tun_dev tun_mtu link_mtu ifconfig_local_ip ifconfig_remote_ip [ init | restart ]
export tun_dev="$2"
export ns="`$ENV | $SED '/^foreign_option_[0-9].*DNS /!d; s/^.*DNS //' | $TR \"\n\" \" \"`"
export domain="`$ENV | $SED '/^foreign_option_[0-9].*DOMAIN /!d; s/^.*DOMAIN //' | $TR \"\n\" \" \"`"

## Sanity check
[ ! "$tun_dev" ] && echo "No tunnel device specified." && exit 1
[ ! "$ns" ] && echo "No name server specified." && exit 1
[ ! "$domain" ] && echo "No domain name specified." && exit 1

## Save current value of resolv file
resolv_path="/etc/resolv.conf"
if [ -f /var/run/resolv.conf ]; then resolv_path="/var/run/resolv.conf"; fi
cur_resolv="`$CAT $resolv_path | $SED '/^## OPENVPN START - '"$tun_dev"' ##$/,/^## OPENVPN END - '"$tun_dev"' ##$/d'`"


## Do stuff for action "up".
if [ "$action" = "up" ]; then

## Update dynamic store
# Use the supplementalmatchdomains - see
# <http://lists.apple.com/archives/Macnetworkprog/2005/Jun/msg00011.html>
$SCUTIL <<EOF
open
d.init
get State:/Network/Interface/$tun_dev/IPv4
d.add InterfaceName $tun_dev
set State:/Network/Service/openvpn-$tun_dev/IPv4
d.init
d.add ServerAddresses * $ns
d.add SupplementalMatchDomains * $domain
set State:/Network/Service/openvpn-$tun_dev/DNS
EOF

## Update resolv.conf
# NB search and domain entries in resolv.conf are mutually exclusive.  search can take more than
# one argument however, so is better for our purposes.  If both are specified, the last on wins.
#  Each nameserver entry should be on its own line

new_resolv="
$cur_resolv
## OPENVPN START - $tun_dev ##
"
for i in $ns; do new_resolv="`echo \"${new_resolv}nameserver $i\n\"`" ; done
new_resolv="${new_resolv}search $domain
## OPENVPN END - $tun_dev ##"
new_resolv="`echo \"$new_resolv\" | $SED '/^ *$/d'`"
echo -e "$new_resolv" > $resolv_path

fi

## Do stuff for action "down".
if [ "$action" = "down" ]; then

## Remove lines from resolv.conf
new_resolv="`echo \"$cur_resolv\" | $SED '/^ *$/d'`"
echo "$new_resolv" > $resolv_path

## Remove information from dynamic store
$SCUTIL <<EOF
open
d.init
remove State:/Network/Service/openvpn-$tun_dev/IPv4
remove State:/Network/Service/openvpn-$tun_dev/DNS
EOF

fi

# End