The "ExecReload=+/bin/kill" way of reloading without needing extra caps seems sensible. That said, I'm wondering what's the use case for a reload instead of a restart as man openvpn(8) describes what happens on SIGHUP:
SIGNALS SIGHUP Cause OpenVPN to close all TUN/TAP and network connections, restart, re-read the configuration file (if any), and reopen TUN/TAP and network connections. I'm wondering how it is possible when OpenVPN downgraded UID/GID? Maybe it works when using the openvpn-plugin-down-root.so plugin? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868127 Title: OpenVPN will not reload due to misconfigured .service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1868127/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
