For the sake of completeness, when using the INLINE alternative, the config file then needs to be properly protected (chown root:root, chmod 0600).
@Georg, indeed, ProtectHome=true ensures /root, /home and /run/user are empty for the processes spawned by the unit. I welcome this addition! @Bernhard, would you consider using ProtectSystem=full instead of true? The difference is that /etc is then mounted read only. FYI, I run all my VPN servers/clients with it. Regards, Simon On 2017-08-29 11:09 AM, Georg Herrmann wrote: > Dear Simon, > > you are right, after moving the files and modifying the corresponding > conf-file, openvpn works again even as service. I had tried a similar > solution - at first glance - before, moving the files from root into an > unpriviledged user's home folder. But obviously "ProtectHome=true" > protects not only /root... > > Thanks a lot, > Georg >
signature.asc
Description: OpenPGP digital signature
