Convalesco

This took a lot of effort that’s why I want to share my “lost and founds” with the “internet“. The issue here was, to make OpenVPN start successfully under Tiger MacOSX 10.4.11. I think though, that you must take the same approach for Snow Leopard and Leopard. The OSX Server Edition has a build in L2TP over IPSEC, VPN server support, so I wouldn’t bother using OpenVPN there.

First read here to find out how to install the precompiled OSX openvpn module!

The installation of OpenVPN is really easy. Just install MacPorts and install OpenVPN using:

sudo port install openvpn2

However, currently openvpn2 does not come with .plist and wrapper scripts, which means that there’s no way to make it start at boot. So, I wrote the plist and the wrapper, really macports style to make it work. In order to get around launchd issues¹ macports developers use daemondo, to create StartupItems for launchd. So I tried to follow the approach.

So in order to start writing to files we need to create the directory that our files sit. So, on the terminal type:

$ sudo mkdir /opt/local/etc/LaunchDaemons/org.macports.OpenVPN2/

Now first, we create the org.macports.OpenVPN2.plist file and write in these lines:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\"
\"http://www.apple.com/DTDs/PropertyList-1.0.dtd\" >
<plist version='1.0'>
<dict>
<key>Label</key><string>org.macports.OpenVPN2</string>
<key>ProgramArguments</key>
<array>
        <string>/opt/local/bin/daemondo</string>
        <string>--label=OpenVPN2</string>
        <string>--start-cmd</string>
        <string>/opt/local/etc/LaunchDaemons/org.macports.OpenVPN2/OpenVPN2.wrapper</string>
        <string>start</string>
        <string>;</string>
        <string>--stop-cmd</string>
        <string>/opt/local/etc/LaunchDaemons/org.macports.OpenVPN2/OpenVPN2.wrapper</string>
        <string>stop</string>
        <string>;</string>
        <string>--restart-cmd</string>
        <string>/opt/local/etc/LaunchDaemons/org.macports.OpenVPN2/OpenVPN2.wrapper</string>
        <string>restart</string>
        <string>;</string>
        <string>--pid=none</string>
</array>
<key>Debug</key><false/>
<key>Disabled</key><false/>
<key>OnDemand</key><false/>
<key>RunAtLoad</key><true/>
<key>NetworkState</key><true/>
</dict>
</plist>

Then we need to create the wrapper file which is a shell script. Now create the file OpenVPN2.wrapper and type in the following:

#!/bin/sh
 
. /etc/rc.common
 
load() {
                if [ -d /System/Library/Extensions/tun.kext ]; then
                        /sbin/kextload -q /System/Library/Extensions/tun.kext;
                else
                        echo "tun.kext not found in /System/Library/Extensions/"
                fi
        }
 
StartService() {
                #
                # Use the "ipconfig waitall" command to wait for all the
                # interfaces to come up:
                #
                ipconfig waitall
 
                load; # first load the module
                if [[ $( kextstat -l | grep -q 'tun' )$? == 0 ]]; then
                /opt/local/sbin/openvpn2 --config /opt/local/etc/ovpn/server.conf --writepid /opt/local/etc/ovpn/ovpn.pid --daemon OpenVPN2
                                /usr/bin/logger "OpenVPN is loaded"
        else
                                /usr/bin/logger "tun extensions is not loaded."
                fi
}
 
StopService() {
        pid=`cat /opt/local/etc/ovpn/ovpn.pid`
        if [ $? -eq 0 ]; then
            kill $pid
                /sbin/kextunload /System/Library/Extensions/tun.kext
                if [[ $( kextstat -l | grep -q 'tun' )$? == 1 ]]; then
                        /usr/bin/logger "The tun module was unloaded successfully"
                else
                        /usr/bin/logger "There was a problem. I was not able to unload tun module!!!"
                fi
        fi
 
}
 
RestartService() {
  StopService "$@"
  StartService "$@"
}
 
RunService "$1"

Then we need to create symbolic link to the /Library/LaunchDaemons/ where all the plist files are situated:

$sudo ln -sf  /opt/local/etc/LaunchDaemons/org.macports.OpenVPN2/org.macports.OpenVPN2.plist
/Library/LaunchDaemons/org.macports.OpenVPN.plist

Remember to

sudo chmod +x /opt/local/etc/LaunchDaemons/org.macports.OpenVPN2/OpenVPN2.wrapper

in order to make the script executable. Other then this, just note that I use the /opt/local/etc/ovpn/server.conf as a default path for the configuration file, but you can change that to match yours, as any other path for that matter, on the shell script.

Enough, isn’t it?

1. Launchd, in my opinion, should be able to manage the launch of whatever deamond and/or app directly. It’s presented as being the substitute of cron, init and other old-style unix utilities [↩]

Related posts:

1. Samhain and rsync issues under MacOSX I like to keep things secure. I have a few...
2. About Launchd and OSX issues. Is it really that good? A couple of weeks ago,  while I was trying to...

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: daemondo, launchd, macports, openvpn, script, startupitem

This entry was posted on Saturday, October 31st, 2009 at 8:58 pm and is filed under Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.