From 3341a98c2852d1d0c1eafdc70a3bdb218ec29049 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 13 Nov 2014 15:43:37 +0100 Subject: systemd: Reworked the systemd unit file to handle server and client configs better Systemd can delay starting a service if the network isn't fully available yet. This feature is useful in client configurations, where OpenVPN will not be started before the client can reach the Internet. It is the network service manager which tells systemd if the system is "online" or not. For server configurations, the OpenVPN should be able to be started, regardless if the system is "online" or not. This is also the old behaviour of most of the old init.d script and the last systemd unit file. This patch splits the previous systemd unit file into to two files. One which is aimed at clients (openvpn-client@.service) and one for server configurations (openvpn-server@.service). These files will also pick the configurations from different sub-directories. The unit file for openvpn-client@ will use /etc/openvpn/client and the server unit file will use /etc/openvpn/server. This also ensures that config files are not started in the wrong manner. The arguments given to the openvpn binary have also shifted order, to ensure that some of them cannot be overridden by the config file, such as --daemon and --writepid. For server configurations a --status file is also added with the status format set to 2. This can be overridden by the configuration file. Signed-off-by: David Sommerseth Acked-by: Gert Doering Message-Id: <1415889817-28049-1-git-send-email-openvpn.list@topphemmelig.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9222 Signed-off-by: Gert Doering --- distro/systemd/openvpn-client@.service | 20 ++++++++++++++++++++ distro/systemd/openvpn-server@.service | 19 +++++++++++++++++++ distro/systemd/openvpn@.service | 19 ------------------- 3 files changed, 39 insertions(+), 19 deletions(-) create mode 100644 distro/systemd/openvpn-client@.service create mode 100644 distro/systemd/openvpn-server@.service delete mode 100644 distro/systemd/openvpn@.service (limited to 'distro') diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service new file mode 100644 index 0000000..56d93a9 --- /dev/null +++ b/distro/systemd/openvpn-client@.service @@ -0,0 +1,20 @@ +[Unit] +Description=OpenVPN tunnel for %I +After=syslog.target network-online.target +Wants=network-online.target +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/client_%i.pid +ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/client --config %i.conf --daemon --writepid /var/run/openvpn/client_%i.pid +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH +LimitNPROC=10 +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw + +[Install] +WantedBy=multi-user.target diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service new file mode 100644 index 0000000..c4c9a12 --- /dev/null +++ b/distro/systemd/openvpn-server@.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenVPN service for %I +After=syslog.target network.target +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/server_%i.pid +ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/server --status /var/run/openvpn/server_%i-status.log --status-version 2 --config %i.conf --daemon --writepid /var/run/openvpn/server_%i.pid +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH +LimitNPROC=10 +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw + +[Install] +WantedBy=multi-user.target diff --git a/distro/systemd/openvpn@.service b/distro/systemd/openvpn@.service deleted file mode 100644 index 7cd36c3..0000000 --- a/distro/systemd/openvpn@.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=OpenVPN tunnel for %I -After=syslog.target network.target -Documentation=man:openvpn(8) -Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage -Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO - -[Service] -PrivateTmp=true -Type=forking -PIDFile=/var/run/openvpn/%i.pid -ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf -CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH -LimitNPROC=10 -DeviceAllow=/dev/null rw -DeviceAllow=/dev/net/tun rw - -[Install] -WantedBy=multi-user.target -- cgit