Jump to content
Not connected, Your IP: 54.236.62.49

Search the Community

Showing results for tags 'rc.local'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP
    • Mirrors

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 1 result

  1. My target system: Headless Raspberry Pi 2 Model B Rev 1.1 system via ssh. $ uname -a> Linux xbian 4.19.90+ #1 SMP PREEMPT Wed Dec 18 20:39:10 CET 2019 armv7l GNU/Linux ## based on Debian GNU/Linux 10 (buster) My use case is to have this box come up on boot fully protected - VPN / DNS / firewall and stay that way. My first effort was to eddie-cli in rc.local and I hit a few roadblocks but figured out the following: 1. The script /etc/rc.local runs as root, but eddie-cli expects to be run by an unprivileged user (it is installed in /usr/bin). 2. Also, /etc/rc.local does not, by default provision a terminal (ttx) while eddie-cli depends on it. These two issues can be addressed using the su command "su -P -c 'eddie-cli ....{options)...' User." The command su -c lets rc.local run it as a normal user and the -P option gives rc.local access to a pseudo-terminal. 3. Even when the -batch directive is used, some forking program wants a typed password when escalating privileges during startup. In order to get around that I gave my user password-free access via sudo by editing the sudoers file as set out here: https://linuxhandbook.com/sudo-without-password/ The command eddie-cli executes via sudo, is /usr/lib/eddie-cli/eddie-cli-elevated, and there also exists /usr/lib/eddie-cli/eddie-cli-elevated2 Using the # visudo command to allow nopassword sudo for just these these two commands: xbian ALL=(ALL) NOPASSWD:/usr/lib/eddie-cli/eddie-cli-elevated,/usr/lib/eddie-cli/eddie-cli-elevated2 This 3-part kludge actually works well. But better yet would be to have eddie-cli run as a proper init service. For standard Debian 10 systems that would require writing a SystemD unit file, etc. Or, since SystemD runs rc.local as a service, you could try just using the command that follows "exec" below at the end of the /etc/rc.local file. Good scripting practice would also include tests so that rc.local exits with zero on success and non-zero on failure. I think you would then be able to control eddie-cli by using systemctl against the rc.local service, but I haven't checked this out. Xbian, to their credit, eschews SystemD and uses instead Canonical's older Upstart init system -- an improvement over SystemV without the borg-like expansiveness of SystemD. After digging a bit, I have put together a configuration file based on the one that existed for OpenVPN and it works exactly as advertised. The system boots protected and I can manage eddie-cli with Upstart's start, stop, and status commands while the output is logged to /var/log/upstart/eddie-cli.log. $ cat /etc/init/eddie-cli.conf start on (net-device-up and local-filesystems and runlevel [2345]) stop on runlevel [!2345] env PIDFILE="/var/run/eddie-cli/eddie.pid" respawn respawn limit 6 60 pre-start script if [ ! -e /var/run/eddie-cli ]; then mkdir -m 0770 /var/run/eddie-cli chown nobody:nogroup /var/run/eddie-cli fi end script exec su -P -c "/usr/bin/eddie-cli \ -netlock \ -login=airvpnclient \ -password=***************** \ -server=Rotanev \ -connect \ -batch" \ xbian pre-stop script PID=`cat $PIDFILE` kill -15 $PID sleep 3 if [ "$?" -eq 0 ]; then rm -f $PIDFILE else echo "Unable to stop VPN" fi end script post-stop exec sleep 5 ### I will also want to add to the post-stop command an iptables-restore command, against some tables I saved on the desktop ### so swap for something like: # post-stop exec "sleep 5 && /usr/sbin/iptables-legacy restore < /etc/eddie-cli/airvpn.tables && /usr/sbin/ip6tables-legacy restore < /etc/eddie-cli/airvpn.6tables" ### since if the service hits its respawn limit for some reason and stops, there would be no firewall ### and other services would be exposed. Hope this helps someone.
×
×
  • Create New...