> -----Original Message----- > From: > [email protected] > g > [mailto:[email protected] sktop.org] On Behalf Of Reindl Harald > Sent: Saturday, November 26, 2011 16:04 > To: [email protected] > Subject: Re: [systemd-devel] F16_64: attempt at OpenVPN > server service file > > > > Am 26.11.2011 21:54, schrieb Michael D. Berger: > > #/etc/systemd/system/vpn_srv.service: > > > > [Unit] > > Description=OpenVPN Server > > After=syslog.target network.target iptables.service > > > > [Service] > > Type=forking > > PIDFile=/var/run/openvpn/vpn_srv.pid > > SysVStartPriority=99 > > ExecStartPre=-/etc/openvpn/bridge-start > /dev/null 2>&1 > > ExecStartPre=-/usr/sbin/setIptVpn yes > > ExecStartPre=-/bin/systemctl restart iptables.service > > ExecStart=/usr/sbin/openvpn --daemon --writepid > > /var/run/openvpn/vpn_srv.pid --cd /etc/openvpn/ --config server.conf > > ExecStop=-/bin/kill -TERM $MAINPID > > ExecStopPost=-/etc/openvpn/bridge-stop > /dev/null 2>&1 > > ExecStopPost=-/usr/sbin/setIptVpn no > > #ExecStopPost=-/bin/systemctl restart iptables.service > > #ExecStopPost=-/bin/systemctl restart network.service > > > > [Install] > > WantedBy=multi-user.target > > why in the world do you start/stop/restart iptables.service? > again: the following is a working openvpn-service > > and yes, i ure-use my bridge-script as before systemd > > remove the lsb/sysv-init parts if you want, but this does not matter > the bridge has noting to do with openvpn per-se > > [root@srv-rhsoft:~]$ cat /lib/systemd/system/openvpn.service > [Unit] > Description=OpenVPN > After=network.target > [Service] > Type=forking > PIDFile=/var/run/openvpn/openvpn.pid > ExecStartPre=-/etc/init.d/openvpn-bridge start > ExecStart=/usr/sbin/openvpn --daemon --writepid > /var/run/openvpn/openvpn.pid --cd /etc/openvpn/ --config openvpn.conf > ExecStopPost=-/etc/init.d/openvpn-bridge stop > Restart=always > RestartSec=1 > [Install] > WantedBy=multi-user.target
[...] I see you use "Restart=always". Do I understand correctly that whenever you stop the service it will restart? That is what "man systemd.service" says. What if you really want to stop it, as I might? Other than that, I see little difference between yours and mine, except for the iptables and network controls. I am suprised that you didn't comment on my command "/usr/sbin/setIptVpn <yes|no>". I have a complex iptables that must be changed a little depending on whether the vpn is running. The command "setIptVpn" runs a sed to takes care of that, and obviously, iptables must be restarted whenever that is done. As for restarting the network, that appears to usually (but not always) be required whenever the vpn is shutdown. If there is another way to get things working after shutting down vpn, I would be happy to hear it. I tried ifdown and ifup, but it didn't work. Did you try to ping google.com after your vpn starts on boot? I see no difference between yours and mine that would solve that problem. I imagine that another dependency is required. Thanks, Mike. -- Michael D. Berger [email protected] http://www.rosemike.net/ _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
