On 11/11/16 13:09, debbie10t wrote: > Hi, > > following are the server and client systemd unit files > which work best for me. > > > Tested on: > Archlinux - OpenVPN 2.3.13 x86_64-unknown-linux-gnu - systemd 231 > CentOS 7 - OpenVPN 2.3.12 x86_64-redhat-linux-gnu - systemd 219 > Debian 8 - OpenVPN 2.3.13 x86_64-pc-linux-gnu - systemd 215 > OpenSUSE 42.2 - OpenVPN 2.3.8 x86_64-suse-linux-gnu - systemd 228 > Fedora 24 - OpenVPN 2.3.12 x86_64-redhat-linux-gnu - systemd 229 > Ubuntu 16.04 - OpenVPN 2.3.13 x86_64-pc-linux-gnu - systemd 229 > > Tested with: > Multiple server and multiple client configs all enabled. > > Tests: > systemctl enable/disable/start/stop/restart/reboot > > Result: > ALL Tests passed.
Thanks a lot for a very thorough testing!
I will update the patch with setting separate RuntimeDirectory= for
these two profiles, then we won't step on the toes of distro provided
openvpn{,@}.service files at all.
As there are quite few who are active on this ML and in our community
with systemd experience, I'm going to apply the updated patch before the
2.4_beta1 release - unless there comes an informative NAK message before
that time. And if someone gives an ACK, it will be applied sooner.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
> Note:
> I have inserted blank lines to help with email line wrap.
>
>
> =====
>
>
> openvpn-client@.service
>
> [Unit]
> Description=OpenVPN tunnel for %I
> After=syslog.target network-online.target
> Wants=network-online.target
> Documentation=man:openvpn(8)
> Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
>
> [Service]
> PrivateTmp=true
> RuntimeDirectory=openvpn-client
> RuntimeDirectoryMode=0710
> WorkingDirectory=/etc/openvpn/client
>
> ExecStart=/usr/sbin/openvpn --config %i.conf --nobind --suppress-timestamps
>
> CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID
> CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
>
> LimitNPROC=10
> DeviceAllow=/dev/null rw
> DeviceAllow=/dev/net/tun rw
>
> [Install]
> WantedBy=multi-user.target
>
>
> =====
>
>
> openvpn-server@.service
>
> [Unit]
> Description=OpenVPN service for %I
> After=syslog.target network-online.target
> Wants=network-online.target
> Documentation=man:openvpn(8)
> Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
>
> [Service]
> PrivateTmp=true
> RuntimeDirectory=openvpn-server
> RuntimeDirectoryMode=0710
> WorkingDirectory=/etc/openvpn/server
>
> ExecStart=/usr/sbin/openvpn --config %i.conf --status
> %t/openvpn-server/%i-status.log --status-version 2 --suppress-timestamps
>
> CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE
> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
>
> LimitNPROC=10
> DeviceAllow=/dev/null rw
> DeviceAllow=/dev/net/tun rw
>
> [Install]
> WantedBy=multi-user.target
>
>
> =====
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
