smecontribs/smeserver-openvpn-routed
6
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7fa421b070dfecff600c026501510dc0cd21c6f1
smeserver-openvpn-routed/root/usr/lib/systemd/system/openvpn-routed.service
Jean-Philippe Pialasse 7fa421b070 * Fri Aug 29 2025 Jean-Philippe Pialasse <jpp@koozali.org> 0.1.6-9.sme 
- fix service unit permission issues [SME: 12258]
2025-08-29 14:18:33 -04:00

33 lines
1.0 KiB
Desktop File
Raw Blame History

[Unit]
Description=OpenVPN Server routed for Roadwariors
After=network.service
ConditionPathExists=/etc/openvpn/routed/priv/key.pem
ConditionPathExists=/etc/openvpn/routed/pub/cert.pem
ConditionPathExists=/etc/openvpn/routed/pub/cacert.pem
ConditionPathExists=/etc/openvpn/routed/pub/dh.pem
# /etc/openvpn/routed/priv/takey.pem is optional
[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/routed
PermissionsStartOnly=true
ExecStartPre=-/sbin/e-smith/service-status 'openvpn-routed'
ExecStartPre=-/sbin/e-smith/systemd/openvpn-routed
ExecStart=/usr/sbin/openvpn --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config /etc/openvpn/routed/openvpn.conf --cd /etc/openvpn/routed
PrivateTmp=true
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
KillMode=process
RestartSec=5s
Restart=on-failure
[Install]
WantedBy=sme-server.target
View Git Blame Copy Permalink