[contribteam] [Bug 11329] softethervpn the vpnserver.service file that is included has incorrect directory

bugzilla-daemon--- via contribteam Sun, 24 Jan 2021 23:53:01 -0800

https://bugs.contribs.org/show_bug.cgi?id=11329


--- Comment #4 from Terry Fage <[email protected]> ---
Aha, missed that however..see details belwo
First up install produces following service fiule entries, which causes error
and failure of service to start

/usr/lib/systemd/system/vpnserver.service

[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/opt/vpnserver/do_not_run

[Service]
Type=forking
EnvironmentFile=-/opt/vpnserver
ExecStart=/opt/vpnserver/vpnserver start
ExecStop=/opt/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/opt/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST
CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target

/usr/lib/systemd/system/vpnserver.service.d/51Koozali.conf

[Service]
EnvironmentFile=
ExecStart=
ExecStop=
EnvironmentFile=-/usr/vpnserver
ExecStart=/usr/bin/vpnserver start
ExecStop=/usr/bin/vpnserver stop
[Install]
WantedBy=sme-server.target

above settings produce this

[root@sme10a5 ~]# systemctl status vpnserver
● vpnserver.service - SoftEther VPN Server
   Loaded: loaded (/usr/lib/systemd/system/vpnserver.service; enabled; vendor
preset: enabled)
  Drop-In: /usr/lib/systemd/system/vpnserver.service.d
           └─51koozali.conf
   Active: inactive (dead) since Mon 2021-01-25 18:33:17 AEDT; 2s ago
  Process: 3632 ExecStop=/usr/bin/vpnserver stop (code=exited,
status=0/SUCCESS)
  Process: 3628 ExecStart=/usr/bin/vpnserver start (code=exited,
status=0/SUCCESS)

Jan 25 18:33:16 sme10a5.sme10a5.fage.org systemd[1]: Starting SoftEther VPN
Server...
Jan 25 18:33:17 sme10a5.sme10a5.fage.org vpnserver[3628]: -- Alert: SoftEther
VPN Kernel --
Jan 25 18:33:17 sme10a5.sme10a5.fage.org vpnserver[3628]: Unable to create
/usr/vpnserver/.VPN-EA1D67A3FB.
Jan 25 18:33:17 sme10a5.sme10a5.fage.org vpnserver[3632]: -- Alert: SoftEther
VPN Kernel --
Jan 25 18:33:17 sme10a5.sme10a5.fage.org vpnserver[3632]: Unable to create
/usr/vpnserver/.VPN-EA1D67A3FB.
Jan 25 18:33:17 sme10a5.sme10a5.fage.org systemd[1]: Started SoftEther VPN
Server.


/usr/lib/systemd/system/vpnserver.service

[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/opt/vpnserver/do_not_run

[Service]
Type=forking
EnvironmentFile=-/opt/vpnserver
ExecStart=/opt/vpnserver/vpnserver start
ExecStop=/opt/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/opt/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST
CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target


I edited service files as shown below and vpnserver started as it should

/usr/lib/systemd/system/vpnserver.service.d/51Koozali.conf

[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/vpnserver/do_not_run

[Service]
EnvironmentFile=
ExecStart=
ExecStop=
EnvironmentFile=-/usr/vpnserver
ExecStart=/usr/bin/vpnserver start
ExecStop=/usr/bin/vpnserver stop
KillMode=process
Restart=on-failure
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/vpnserver

[Install]
WantedBy=sme-server.target


[root@sme10a5 ~]# systemctl status vpnserver
● vpnserver.service - SoftEther VPN Server
   Loaded: loaded (/usr/lib/systemd/system/vpnserver.service; enabled; vendor
preset: enabled)
  Drop-In: /usr/lib/systemd/system/vpnserver.service.d
           └─51koozali.conf
   Active: active (running) since Mon 2021-01-25 18:44:09 AEDT; 1min 54s ago
 Main PID: 1570 (vpnserver)
   Memory: 19.8M
   CGroup: /system.slice/vpnserver.service
           ├─1570 /usr/vpnserver/vpnserver execsvc
           └─1571 /usr/vpnserver/vpnserver execsvc

Jan 25 18:44:05 sme10a5.sme10a5.fage.org systemd[1]: Starting SoftEther VPN
Server...
Jan 25 18:44:09 sme10a5.sme10a5.fage.org vpnserver[1291]: The SoftEther VPN
Server service has been started.
Jan 25 18:44:09 sme10a5.sme10a5.fage.org vpnserver[1291]: Let's get started by
accessing to the following URL fro... PC:
Jan 25 18:44:09 sme10a5.sme10a5.fage.org vpnserver[1291]:
https://127.0.0.1:5555/
Jan 25 18:44:09 sme10a5.sme10a5.fage.org vpnserver[1291]: or
Jan 25 18:44:09 sme10a5.sme10a5.fage.org vpnserver[1291]: https://127.0.0.1/
Jan 25 18:44:09 sme10a5.sme10a5.fage.org vpnserver[1291]: Note: IP address may
vary. Specify your server's IP address.
Jan 25 18:44:09 sme10a5.sme10a5.fage.org vpnserver[1291]: A TLS certificate
warning will appear because the serve...ing.
Jan 25 18:44:09 sme10a5.sme10a5.fage.org systemd[1]: Started SoftEther VPN
Server.
Hint: Some lines were ellipsized, use -l to show in full.

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 11329] softethervpn the vpnserver.service file that is included has incorrect directory

Reply via email to