support "--pre-start" script option
|Reported by:||jhaar||Owned by:|
|Component:||Generic / unclassified||Version:||2.2.1|
|Severity:||Not set (if unsure, select this one)||Keywords:|
We use openvpn as a service under both Windows and Unix - so don't rely on the user to start/stop or otherwise make decisions. However, there are decisions we'd like to make that require openvpn to be able to block right at the beginning and await the decision of an external script - a "--pre-start" option.
I'd envis*ge (that's an "a" - your antispam system would accept the word) a setting that would run the script, and:
- exit status 0: re-read entire config, ignore "--pre-start" and start initializing tunnel/etc
- exit status 99: re-read entire config, including "--pre-start" option (why 99 - see sendmail :-)
- exit status "other": exit openvpn
That way we could make decisions within a "--pre-start" script like:
- if Intranet-only HTTPS webserver is available, you are on the internal network, so sleep for 10 minutes then exit 99. (ie don't run openvpn to tunnel back to the network you're already on)
- if default route shows this to be a GPRS link, sleep 10 minutes then exit 99 (ie we don't want openvpn to run over expensive GPRS links)
- resolve the openvpn server DNS name to it's IPs, ping them and choose the one that is closest to your current position. Then REWRITE the config to use that IP as the server name, then exit 0
You have so many brilliant hooks for calling external scripts, this is basically the only one left. On Unix systems this is easy to compensate for by "wrapping" a script around your openvpn startup, but Windows services are a different matter. Instead of creating a different Windows service hook, adding an extra script support seems more in keeping?
Thanks for listening