Pppd upstart script

Question

I am creating an upstart conf to manage different VPN connections. The problem is that if the pppd daemon dies, initctl still think it is start/running.

This is my current vpn.conf

description "VPN clients"

instance $vpn
export vpn

pppd call $vpn

How can I make upstart understand that if the daemon dies the status is not running any more ?

When the client is running the process tree looks like this:

root     30502     1  0 Aug11 ?        S      0:00 pppd call 162.xx.yy.42
root     30503 30502  0 Aug11 ?        S      0:00  \_ sh -c pptp   162.xx.yy.42 --nolaunchpppd
root     30504 30503  0 Aug11 ?        S      0:07      \_ pptp 162.xx.yy.42 --nolaunchpppd

Just a reminder: PPTP has been known to be insecure for well over a decade. Nobody should be using it anywhere. — Michael Hampton, Aug 13 '15 at 01:24
@MichaelHampton could you please send more information about why is insecure by definition (Now I see information for example here http://security.stackexchange.com/questions/45509/are-there-any-known-vulnerabilities-in-pptp-vpns-when-configured-properly )? What alternative do you suggest ? — Tk421, Aug 13 '15 at 01:33
Something like IPsec with IKEv2 and certificates, (never IKEv1) or OpenVPN. — Michael Hampton, Aug 13 '15 at 01:49

score 0 · Answer 1 · answered Jan 26 '16 at 15:17

This is my Upstart script for PPTP, I think you can fix yours based on mine. You need to replace the [PEER-NAME] with the name of the peer file in the directory /etc/ppp/peers:

start on runlevel [2345]
stop  on runlevel [016]
respawn
exec /usr/sbin/pppd nodetach persist call [PEER-NAME]

Pppd upstart script

1 Answers1