<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: how to manage start and stop cipe vpn ?
From: CACHET Nicolas <Nicolas.CACHET,AT,rfo,DOT,fr>
Date: Fri, 27 Feb 2004 23:45:10 +0100

Second question today....

I write a little script which should be put in /etc/init.d/ directory :

#!/bin/sh
#

# Source function library.
. /etc/rc.d/init.d/functions

[ -f /etc/sysconfig/cipe ] && . /etc/sysconfig/cipe

# See how we were called.
case "$1" in
  start)
        if [ -x /usr/local/sbin/pkcipe -a ! -e /var/lock/subsys/cipe ]; then
                gprintf "Starting cipe: "
                for PEER in ${PEERS}
                do
                        daemon /usr/local/sbin/pkcipe -c ${PEER} ${IDENTITY}
                        gprintf "Starting pkcipe: peer=${PEER}
IDENT=${IDENTITY}\n"
                done
                touch /var/lock/subsys/cipe
                echo
        else
                gprintf "cipe already running.\n"
        fi
        ;;  stop)
        gprintf "Stopping cipe: "
        killproc ciped-cb
        rm -f /var/lock/subsys/cipe
        echo
        ;;
  restart)
        $0 stop
        $0 start
        ;;
  status)
        status ciped-cb
        ;;
  *)
        gprintf "Usage: $0 {start|stop|restart|status}"
        exit 1
esac

exit 0

########### END ###############

"/etc/sysconfig/cipe" file should contain :

#SPECIFY IDENTIFY OF THIS SERVER
IDENTITY=`hostname`

#SPECIFY LIST OF PEERS :
PEERS="123.45.67.89:1234 98.76.54.32:1234"

########### END ###############

This script has a BIG bug :
restart command don't work, because cipe's peer stays alive too longer.
I've found a solution, but it doesn't seem good :
When scripts is stopping local cipe, launching a remote command.
Something like that :
# don't work if peer have others cipe vpns....
ssh root@peer /usr/bin/killall ciped-cb  
# other solution (to be tested)
ssh root@peer /bin/ps ax | /bin/grep -v grep | /bin/grep ciped-cb |
/bin/grep `hostname` | /bin/awk '{print $1}'| /usr/bin/xargs kill 

But, theses solutions don't work if link is down,
and  we would like to avoid to use ssh on a firewall...

Somebody has an idea ?

Thanks for your help,
N.C.
*************************************************************************************
Ce message et toutes les pieces jointes (ci-apres le 
"message") sont etablis a l'intention exclusive de ses 
destinataires et sont confidentiels. Si vous recevez ce 
message par erreur, merci de le detruire et d'en avertir 
immediatement l'expediteur. Toute utilisation de ce 
message non conforme a sa destination, toute diffusion 
ou toute publication, totale ou partielle, est interdite, sauf 
autorisation expresse. L'internet ne permettant pas 
d'assurer l'integrite de ce message, RFO  decline toute 
responsabilite au titre de ce message, dans l'hypothese
 ou il aurait ete modifie.
                                                              
http://www.rfo.fr
**************************************************************************************


<< | Thread Index | >> ]    [ << | Date Index | >> ]