> I am not sure what thos openvpn calls do. If they fork something in the
> background, please be aware that systemd will kill that before
> proceeding.
Simply (re)create the tunnel device
> Maybe there's a race bewteen the openvpn and iptables commands in that
> the interfaces are not finished creating when iptables is started and
> then not found.
Specifying a dep on firewall & ensuring a 'forking' type appears to have
fixed the issue.
I.e., this works for me
cat /etc/systemd/system/openvpn.service
[Unit]
Description=OpenVPN Server
!! After=syslog.target network.target firewall.target
!! Requires=firewall.target
Before=openvpn.target
[Service]
PrivateTmp=true
Environment=PATH="/usr/local/openvpn-unpriv:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
!! Type=forking
PIDFile=/var/run/openvpn/openvpn.pid
ExecStartPre=/usr/local/etc/openvpn/up.script
ExecStart=/usr/local/sbin/openvpn --daemon --writepid
/var/run/openvpn/openvpn.pid --cd /usr/local/etc/openvpn/
--config server.conf
ExecStopPost=/usr/local/etc/openvpn/down.script
[Install]
WantedBy=multi-user.target
cat /usr/local/etc/openvpn/up.script
#!/bin/sh
/usr/local/sbin/openvpn --rmtun --dev tun1
/usr/local/sbin/openvpn --mktun --dev tun1 --dev-type tun --user
openvpn --group openvpn
/usr/sbin/iptables -I FORWARD -i eth0 -o tun1 -j ACCEPT
/usr/sbin/iptables -I FORWARD -i tun1 -o eth0 -j ACCEPT
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
