[systemd-devel] openvpn: tap0 & br0 missing

Michael D. Berger m.d.berger at ieee.org
Mon Nov 21 18:53:08 PST 2011 

> -----Original Message-----
> From: 
> systemd-devel-bounces+m.d.berger=ieee.org at lists.freedesktop.or
> g 
[...]
> >> this is really the smallest problem
> >> afaik in F14 there was also no "magic script" for the 
> >> bridge-configuration
> >>
> >> [root at srv-rhsoft:~]$ cat /lib/systemd/system/openvpn.service
> >> [Unit]
> >> Description=OpenVPN
> >> After=network.target
> >> [Service]
> >> Type=forking
> >> PIDFile=/var/run/openvpn/openvpn.pid
> >> ExecStartPre=-/etc/init.d/openvpn-bridge start 
> >> ExecStart=/usr/sbin/openvpn --daemon --writepid 
> >> /var/run/openvpn/openvpn.pid --cd /etc/openvpn/ --config 
> openvpn.conf 
> >> ExecStopPost=-/etc/init.d/openvpn-bridge stop Restart=always
> >> RestartSec=1
> >> [Install]
> >> WantedBy=multi-user.target
> >>
> >>
> > Actually, on my system it is a little more complicated.
> > It appears that network.service has to be restarted after the vpn 
> > stuff is stopped.  Also, in my case, a sed modification of 
> > /etc/sysconfig/iptables and a restart of iptables is necessary.
> 
> but what prevents you to define as much services / scripts as 
> you need in /etc/systemd/system with as much ExecStartPre and 
> Before/After declarations you need?
> 

 I like this approach, and I will use it.  I will write a simple
   setIptVpn <yes|no>
 script and add:

 ExecStartPost=/usr/sbin/setIptVpn yes
 ExecStartPost=/bin/systemctl restart iptables.service

 ExecStopPost=/usr/sbin/setIptVpn no
 ExecStopPost=/bin/systemctl restart iptables.service

Or maybe with minus signs (see below).

A few questions:

 In this line:
  ExecStopPost=-/etc/init.d/openvpn-bridge stop Restart=always

 Why do you have '-' after '=' ? I don't see the '-' in
   man 5 systemd.service .
 Why do you have "Restart=always" ?  The only time I would want it
 to restart is if I issue a restart command.
 Also, why is it on that line?

 BTW, my line will be more like:
   ExecStopPost=-/etc/openvpn/bridge-stop
 This is a simple script based on a template supplied by
 openvpn with no SysV complexity.

Thanks for your help.
Mike.

--
Michael D. Berger
m.d.berger at ieee.org
http://www.rosemike.net/

More information about the systemd-devel mailing list