Am 26.11.2011 21:54, schrieb Michael D. Berger: > #/etc/systemd/system/vpn_srv.service: > > [Unit] > Description=OpenVPN Server > After=syslog.target network.target iptables.service > > [Service] > Type=forking > PIDFile=/var/run/openvpn/vpn_srv.pid > SysVStartPriority=99 > ExecStartPre=-/etc/openvpn/bridge-start > /dev/null 2>&1 > ExecStartPre=-/usr/sbin/setIptVpn yes > ExecStartPre=-/bin/systemctl restart iptables.service > ExecStart=/usr/sbin/openvpn --daemon --writepid > /var/run/openvpn/vpn_srv.pid --cd /etc/openvpn/ --config server.conf > ExecStop=-/bin/kill -TERM $MAINPID > ExecStopPost=-/etc/openvpn/bridge-stop > /dev/null 2>&1 > ExecStopPost=-/usr/sbin/setIptVpn no > #ExecStopPost=-/bin/systemctl restart iptables.service > #ExecStopPost=-/bin/systemctl restart network.service > > [Install] > WantedBy=multi-user.target
why in the world do you start/stop/restart iptables.service?
again: the following is a working openvpn-service
and yes, i ure-use my bridge-script as before systemd
remove the lsb/sysv-init parts if you want, but this does not matter
the bridge has noting to do with openvpn per-se
[root@srv-rhsoft:~]$ cat /lib/systemd/system/openvpn.service
[Unit]
Description=OpenVPN
After=network.target
[Service]
Type=forking
PIDFile=/var/run/openvpn/openvpn.pid
ExecStartPre=-/etc/init.d/openvpn-bridge start
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid
--cd /etc/openvpn/ --config openvpn.conf
ExecStopPost=-/etc/init.d/openvpn-bridge stop
Restart=always
RestartSec=1
[Install]
WantedBy=multi-user.target
________________________________________
cat /etc/init.d/openvpn-bridge
#!/bin/bash
# openvpn-bridge
# This shell script takes care of starting and stopping
# network-bridge on RedHat or other chkconfig-based system.
#
# chkconfig: - 23 76
#
# description:
# Start and stop ethernet-bridge for openvpn
# Requires package 'bridge-utils'
### BEGIN INIT INFO
# Provides: openvpn-bridge
# Required-Start: $network
# Required-Stop: $network
# Short-Description: start and stop openvpn-ethernet-bridge
# Description:
# This shell script takes care of starting and stopping
# network-bridge on RedHat or other chkconfig-based system.
### END INIT INFO
br="br0"
tap="tap0"
eth="eth1"
eth_ip="10.0.0.134"
eth_netmask="255.255.255.0"
eth_broadcast="10.0.0.255"
gw="10.0.0.1"
start_bridge () {
for t in $tap; do
openvpn --mktun --dev $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
# route add default gw $gw $br
}
stop_bridge () {
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
# route add default gw $gw $eth
}
case "$1" in
start)
echo -n "Starting Bridge"
start_bridge
;;
stop)
echo -n "Stopping Bridge"
stop_bridge
;;
restart)
stop_bridge
sleep 2
start_bridge
;;
*)
echo "Usage: $0 {start|stop|restart}" >&2
exit 1
;;
esac
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
