Below is a service file I wrote to control an openvpn server.
It has these problems:
1. If I enable it and reboot, "ping <my router>" works,
but "ping google.com" fails. It returns:
ping: sendmsg: Operation not permitted.
But if I then restart it, the problem usually disappears.
(The "SysVStartPriority=99" was an unsuccessful attempt
to solve this problem.)
2. Note the two commented out "ExecStopPost" lines. If either of
them is uncommented, then the system locks up on shutdown, and
requires hard power off. This is not a suprise, but on a
stop without shutdown, iptables restart is always required, and
network restart is usually required.
3. If the two commented lines are uncommented, usually, commands
on the service file work, especially "stop", better with the "After"
line commented out. Otherwise, they work very slowly, if at all.
4. The whole thing is rather unpredictable. Almost everything I said
has counterexamples.
Thanks for any advice to improve it.
Mike.
--
#/etc/systemd/system/vpn_srv.service:
[Unit]
Description=OpenVPN Server
After=syslog.target network.target iptables.service
[Service]
Type=forking
PIDFile=/var/run/openvpn/vpn_srv.pid
SysVStartPriority=99
ExecStartPre=-/etc/openvpn/bridge-start > /dev/null 2>&1
ExecStartPre=-/usr/sbin/setIptVpn yes
ExecStartPre=-/bin/systemctl restart iptables.service
ExecStart=/usr/sbin/openvpn --daemon --writepid
/var/run/openvpn/vpn_srv.pid --cd /etc/openvpn/ --config server.conf
ExecStop=-/bin/kill -TERM $MAINPID
ExecStopPost=-/etc/openvpn/bridge-stop > /dev/null 2>&1
ExecStopPost=-/usr/sbin/setIptVpn no
#ExecStopPost=-/bin/systemctl restart iptables.service
#ExecStopPost=-/bin/systemctl restart network.service
[Install]
WantedBy=multi-user.target
--
Michael D. Berger
[email protected]
http://www.rosemike.net/
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
