[systemd-devel] F16_64: attempt at OpenVPN server service file

Michael D. Berger m.d.berger at ieee.org
Sat Nov 26 13:36:18 PST 2011 

> -----Original Message-----
> From: 
> systemd-devel-bounces+m.d.berger=ieee.org at lists.freedesktop.or
> g 
> [mailto:systemd-devel-bounces+m.d.berger=ieee.org at lists.freede
sktop.org] On Behalf Of Reindl Harald
> Sent: Saturday, November 26, 2011 16:04
> To: systemd-devel at lists.freedesktop.org
> Subject: Re: [systemd-devel] F16_64: attempt at OpenVPN 
> server service file
> 
> 
> 
> Am 26.11.2011 21:54, schrieb Michael D. Berger:
> >  #/etc/systemd/system/vpn_srv.service:
> > 
> >  [Unit]
> >  Description=OpenVPN Server
> >  After=syslog.target network.target iptables.service
> > 
> >  [Service]
> >  Type=forking
> >  PIDFile=/var/run/openvpn/vpn_srv.pid
> >  SysVStartPriority=99
> >  ExecStartPre=-/etc/openvpn/bridge-start > /dev/null 2>&1
> >  ExecStartPre=-/usr/sbin/setIptVpn yes
> >  ExecStartPre=-/bin/systemctl restart iptables.service
> >  ExecStart=/usr/sbin/openvpn --daemon --writepid
> > /var/run/openvpn/vpn_srv.pid --cd /etc/openvpn/ --config server.conf
> >  ExecStop=-/bin/kill -TERM $MAINPID
> >  ExecStopPost=-/etc/openvpn/bridge-stop > /dev/null 2>&1
> >  ExecStopPost=-/usr/sbin/setIptVpn no
> >  #ExecStopPost=-/bin/systemctl restart iptables.service
> >  #ExecStopPost=-/bin/systemctl restart network.service
> > 
> >  [Install]
> >  WantedBy=multi-user.target
> 
> why in the world do you start/stop/restart iptables.service?
> again: the following is a working openvpn-service
> 
> and yes, i ure-use my bridge-script as before systemd
> 
> remove the lsb/sysv-init parts if you want, but this does not matter
> the bridge has noting to do with openvpn per-se
> 
> [root at srv-rhsoft:~]$ cat /lib/systemd/system/openvpn.service
> [Unit]
> Description=OpenVPN
> After=network.target
> [Service]
> Type=forking
> PIDFile=/var/run/openvpn/openvpn.pid
> ExecStartPre=-/etc/init.d/openvpn-bridge start
> ExecStart=/usr/sbin/openvpn --daemon --writepid 
> /var/run/openvpn/openvpn.pid --cd /etc/openvpn/ --config openvpn.conf
> ExecStopPost=-/etc/init.d/openvpn-bridge stop
> Restart=always
> RestartSec=1
> [Install]
> WantedBy=multi-user.target

[...]

I see you use "Restart=always".  Do I understand correctly that
whenever you stop the service it will restart?  That is what
"man systemd.service" says.  What if you really want to stop
it, as I might?

Other than that, I see little difference between yours and mine,
except for the iptables and network controls.  I am suprised that
you didn't comment on my command "/usr/sbin/setIptVpn <yes|no>".
I have a complex iptables that must be changed a little
depending on whether the vpn is running.  The command "setIptVpn"
runs a sed to takes care of that, and obviously, iptables must be
restarted whenever that is done.

As for restarting the network, that appears to usually (but not
always) be required whenever the vpn is shutdown.  If there is
another way to get things working after shutting down vpn, I
would be happy to hear it.  I tried ifdown and ifup, but it
didn't work.

Did you try to ping google.com after your vpn starts on boot?
I see no difference between yours and mine that would solve
that problem.  I imagine that another dependency is required.

Thanks,
Mike.
--
Michael D. Berger
m.d.berger at ieee.org
http://www.rosemike.net/

More information about the systemd-devel mailing list