summarylogtreecommitdiffstats
path: root/0001-systemd.patch
diff options
context:
space:
mode:
Diffstat (limited to '0001-systemd.patch')
-rw-r--r--0001-systemd.patch38
1 files changed, 38 insertions, 0 deletions
diff --git a/0001-systemd.patch b/0001-systemd.patch
new file mode 100644
index 000000000000..a82351e28eac
--- /dev/null
+++ b/0001-systemd.patch
@@ -0,0 +1,38 @@
+diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service
+index 18b84dd..92e04f8 100644
+--- a/distro/systemd/openvpn-client@.service
++++ b/distro/systemd/openvpn-client@.service
+@@ -7,12 +7,9 @@ Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
+ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+
+ [Service]
++Type=forking
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-client
+-RuntimeDirectoryMode=0710
+-WorkingDirectory=/etc/openvpn/client
+-ExecStartPre=/bin/sh -c 'grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1'
+-ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
++ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/client --daemon openvpn-client@%i --suppress-timestamps --nobind --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
+diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service
+index a2b7b52..9dbfa43 100644
+--- a/distro/systemd/openvpn-server@.service
++++ b/distro/systemd/openvpn-server@.service
+@@ -7,12 +7,11 @@ Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
+ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+
+ [Service]
++Type=forking
+ PrivateTmp=true
+ RuntimeDirectory=openvpn-server
+ RuntimeDirectoryMode=0710
+-WorkingDirectory=/etc/openvpn/server
+-ExecStartPre=/bin/sh -c 'grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1'
+-ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
++ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/server --daemon openvpn-server@%i --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw