Bringing up the link by hand gets tiring after a while. You probably
want your VPN to come up either at boot time or when your
dial-up connection comes up.
It's quite easy to get this script to run at boot time.
I assume you're using the very common System V initscript setup.
If not, you'll have to figure out how to integrate this with your
system on your own.
Either copy or symlink the vpn-pppssh script to /etc/init.d.
Uncomment the echo lines in the start and stop
clauses in the vpn-pppssh script
to enable the boot-time "Starting" and
"done." messages.
Put "> /dev/null 2>&1" after the line beginning
"${PPPD}" in the start section of the script. This just prevents
pppd's verbose messages from mucking up your boot screen.
You could also redirect pppd's messages (which may include
a very informative error) to a log file or, if you're not aesthetically
inclined, leave it alone and let your screen get all mucked up.
Now, you simply link your script in to each of the six runlevels.
Now, when you reboot your machine, the vpn should come up
near the end of the boot process.
When it hits this script, your machine will wait
until the VPN is up before it continues booting. If this is an
issue, you can write your own /etc/init.d/vpn-pppssh
script that calls the /usr/local/bin/vpn-pppssh script in the
background. The link will come up as your machine finishes
booting.
To manually bring the link down or up, just run the vpn-pppssh
script directly from /etc/init.d:
If you're dialing into the internet with PPP, you can bring the VPN
up every time you bring up the dial-up connection.
This is not difficult, but it does require a fairly recent
version of pppd, one that supports both the ipparam option,
and the ip-up.d and ip-down.d directories.
Create the "vpn-up" file in /etc/ppp/ip-up.d:
#!/bin/sh
if [ "$PPP_IPPARAM" = "vpn" ]; then
# Don't bring up the vpn if we're bringing up the vpn.
exit 0
fi
/usr/local/bin/vpn start
There's a re-entrancy here that the if statement takes care of. If we're
bringing up the regular PPP link, we want to bring up the VPN.
But, the VPN is a PPP link itself! If we didn't do anything
about this, PPP would recursively spawn itself until it ground
your machine to a halt.
The secret is the "ipparam vpn" parameter in the vpn-pppssh script.
This sets the IPPARAM variable for this
invocation to "vpn", which we then check in the startup script.
If it's set to vpn, then we know we're in the middle of bringing
up the vpn, so we just exit without error. Otherwise, we fire it up.
If you want to punch a hole in your firewall for your VPN
when you bring it up,
you can simply create an /etc/ppp/ip-up.d/vpn-fw file with the
following contents. All the shell variables below are supplied
by pppd, so you should be able to use this script unmodified.
#!/bin/sh
# Punch a hole in the firewall for the VPN
if [ "$PPP_IPPARAM" = "vpn" ]; then
ipchains -I input 1 -i $PPP_IFACE -s $PPP_REMOTE -d $PPP_LOCAL -j ACCEPT
ipchains -I output 1 -i $PPP_IFACE -s $PPP_LOCAL -d $PPP_REMOTE -j ACCEPT
fi
Create the "vpn-down" file in /etc/ppp/ip-down.d/vpn-pppssh:
#!/bin/sh
if [ "$PPP_IPPARAM" = "vpn" ]; then
# Don't bring down the VPN if we're bringing down the vpn.
exit 0
fi
/usr/local/bin/vpn stop
Make sure to make all the scripts above executable
(chmod a+x /etc/ppp/ip-up.d/vpn-pppssh).
Now, when you bring up your PPP link, the VPN should come up with it.
And, when you shut it down, the VPN will disappear. Easy as pie.