To: |
cipe-l,AT,inka,DOT,de |
Subject: |
how to manage start and stop cipe vpn ? |
From: |
CACHET Nicolas <Nicolas.CACHET,AT,rfo,DOT,fr> |
Date: |
Fri, 27 Feb 2004 23:45:10 +0100 |
Second question today....
I write a little script which should be put in /etc/init.d/ directory :
#!/bin/sh
#
# Source function library.
. /etc/rc.d/init.d/functions
[ -f /etc/sysconfig/cipe ] && . /etc/sysconfig/cipe
# See how we were called.
case "$1" in
start)
if [ -x /usr/local/sbin/pkcipe -a ! -e /var/lock/subsys/cipe ]; then
gprintf "Starting cipe: "
for PEER in ${PEERS}
do
daemon /usr/local/sbin/pkcipe -c ${PEER} ${IDENTITY}
gprintf "Starting pkcipe: peer=${PEER}
IDENT=${IDENTITY}\n"
done
touch /var/lock/subsys/cipe
echo
else
gprintf "cipe already running.\n"
fi
;; stop)
gprintf "Stopping cipe: "
killproc ciped-cb
rm -f /var/lock/subsys/cipe
echo
;;
restart)
$0 stop
$0 start
;;
status)
status ciped-cb
;;
*)
gprintf "Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
########### END ###############
"/etc/sysconfig/cipe" file should contain :
#SPECIFY IDENTIFY OF THIS SERVER
IDENTITY=`hostname`
#SPECIFY LIST OF PEERS :
PEERS="123.45.67.89:1234 98.76.54.32:1234"
########### END ###############
This script has a BIG bug :
restart command don't work, because cipe's peer stays alive too longer.
I've found a solution, but it doesn't seem good :
When scripts is stopping local cipe, launching a remote command.
Something like that :
# don't work if peer have others cipe vpns....
ssh root@peer /usr/bin/killall ciped-cb
# other solution (to be tested)
ssh root@peer /bin/ps ax | /bin/grep -v grep | /bin/grep ciped-cb |
/bin/grep `hostname` | /bin/awk '{print $1}'| /usr/bin/xargs kill
But, theses solutions don't work if link is down,
and we would like to avoid to use ssh on a firewall...
Somebody has an idea ?
Thanks for your help,
N.C.
*************************************************************************************
Ce message et toutes les pieces jointes (ci-apres le
"message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce
message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce
message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, RFO decline toute
responsabilite au titre de ce message, dans l'hypothese
ou il aurait ete modifie.
http://www.rfo.fr
**************************************************************************************