[systemd-devel] F16_64: attempt at OpenVPN server service file

Reindl Harald h.reindl at thelounge.net
Sat Nov 26 13:04:07 PST 2011 


Am 26.11.2011 21:54, schrieb Michael D. Berger:
>  #/etc/systemd/system/vpn_srv.service:
> 
>  [Unit]
>  Description=OpenVPN Server
>  After=syslog.target network.target iptables.service
> 
>  [Service]
>  Type=forking
>  PIDFile=/var/run/openvpn/vpn_srv.pid
>  SysVStartPriority=99
>  ExecStartPre=-/etc/openvpn/bridge-start > /dev/null 2>&1
>  ExecStartPre=-/usr/sbin/setIptVpn yes
>  ExecStartPre=-/bin/systemctl restart iptables.service
>  ExecStart=/usr/sbin/openvpn --daemon --writepid
> /var/run/openvpn/vpn_srv.pid --cd /etc/openvpn/ --config server.conf
>  ExecStop=-/bin/kill -TERM $MAINPID
>  ExecStopPost=-/etc/openvpn/bridge-stop > /dev/null 2>&1
>  ExecStopPost=-/usr/sbin/setIptVpn no
>  #ExecStopPost=-/bin/systemctl restart iptables.service
>  #ExecStopPost=-/bin/systemctl restart network.service
> 
>  [Install]
>  WantedBy=multi-user.target

why in the world do you start/stop/restart iptables.service?
again: the following is a working openvpn-service

and yes, i ure-use my bridge-script as before systemd

remove the lsb/sysv-init parts if you want, but this does not matter
the bridge has noting to do with openvpn per-se

[root at srv-rhsoft:~]$ cat /lib/systemd/system/openvpn.service
[Unit]
Description=OpenVPN
After=network.target
[Service]
Type=forking
PIDFile=/var/run/openvpn/openvpn.pid
ExecStartPre=-/etc/init.d/openvpn-bridge start
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --cd /etc/openvpn/ --config openvpn.conf
ExecStopPost=-/etc/init.d/openvpn-bridge stop
Restart=always
RestartSec=1
[Install]
WantedBy=multi-user.target
________________________________________

cat /etc/init.d/openvpn-bridge
#!/bin/bash
# openvpn-bridge
# This shell script takes care of starting and stopping
# network-bridge on RedHat or other chkconfig-based system.
#
# chkconfig: - 23 76
#
# description:
# Start and stop ethernet-bridge for openvpn
# Requires package 'bridge-utils'

### BEGIN INIT INFO
# Provides: openvpn-bridge
# Required-Start: $network
# Required-Stop: $network
# Short-Description: start and stop openvpn-ethernet-bridge
# Description:
# This shell script takes care of starting and stopping
# network-bridge on RedHat or other chkconfig-based system.
### END INIT INFO

br="br0"
tap="tap0"
eth="eth1"
eth_ip="10.0.0.134"
eth_netmask="255.255.255.0"
eth_broadcast="10.0.0.255"
gw="10.0.0.1"

start_bridge () {
 for t in $tap; do
  openvpn --mktun --dev $t
 done

 for t in $tap; do
  ifconfig $t 0.0.0.0 promisc up
 done

 ifconfig $eth 0.0.0.0 promisc up

 brctl addbr $br
 brctl addif $br $eth

 for t in $tap; do
  brctl addif $br $t
 done

 ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
 # route add default gw $gw $br
}

stop_bridge () {
 ifconfig $br down
 brctl delbr $br
 for t in $tap; do
  openvpn --rmtun --dev $t
 done

 ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
 # route add default gw $gw $eth
}

case "$1" in
 start)
   echo -n "Starting Bridge"
   start_bridge
   ;;
 stop)
   echo -n "Stopping Bridge"
   stop_bridge
   ;;
 restart)
   stop_bridge
   sleep 2
   start_bridge
   ;;
 *)
   echo "Usage: $0 {start|stop|restart}" >&2
   exit 1
   ;;
esac

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20111126/eb1c1946/attachment.pgp>

More information about the systemd-devel mailing list