[systemd-devel] F16_64: attempt at OpenVPN server service file
Michael D. Berger
m.d.berger at ieee.org
Sat Nov 26 12:54:36 PST 2011
Below is a service file I wrote to control an openvpn server.
It has these problems:
1. If I enable it and reboot, "ping <my router>" works,
but "ping google.com" fails. It returns:
ping: sendmsg: Operation not permitted.
But if I then restart it, the problem usually disappears.
(The "SysVStartPriority=99" was an unsuccessful attempt
to solve this problem.)
2. Note the two commented out "ExecStopPost" lines. If either of
them is uncommented, then the system locks up on shutdown, and
requires hard power off. This is not a suprise, but on a
stop without shutdown, iptables restart is always required, and
network restart is usually required.
3. If the two commented lines are uncommented, usually, commands
on the service file work, especially "stop", better with the "After"
line commented out. Otherwise, they work very slowly, if at all.
4. The whole thing is rather unpredictable. Almost everything I said
has counterexamples.
Thanks for any advice to improve it.
Mike.
--
#/etc/systemd/system/vpn_srv.service:
[Unit]
Description=OpenVPN Server
After=syslog.target network.target iptables.service
[Service]
Type=forking
PIDFile=/var/run/openvpn/vpn_srv.pid
SysVStartPriority=99
ExecStartPre=-/etc/openvpn/bridge-start > /dev/null 2>&1
ExecStartPre=-/usr/sbin/setIptVpn yes
ExecStartPre=-/bin/systemctl restart iptables.service
ExecStart=/usr/sbin/openvpn --daemon --writepid
/var/run/openvpn/vpn_srv.pid --cd /etc/openvpn/ --config server.conf
ExecStop=-/bin/kill -TERM $MAINPID
ExecStopPost=-/etc/openvpn/bridge-stop > /dev/null 2>&1
ExecStopPost=-/usr/sbin/setIptVpn no
#ExecStopPost=-/bin/systemctl restart iptables.service
#ExecStopPost=-/bin/systemctl restart network.service
[Install]
WantedBy=multi-user.target
--
Michael D. Berger
m.d.berger at ieee.org
http://www.rosemike.net/
More information about the systemd-devel
mailing list