4 Description=OpenVPN connection to %i
6 ReloadPropagatedFrom=openvpn.service
8 # ian, this is starting too early, added this from stretch's openvpn-client@.service
9 After=syslog.target network-online.target
10 Wants=network-online.target
11 # ian, commented out, we are starting too early, no need to be before anything.
12 Before=systemd-user-sessions.service
14 Documentation=man:openvpn(8)
15 Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
16 Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
19 # these cause ExecStart to fail with "nsenter: reassociate to namespace
20 # 'ns/mnt' failed: Invalid argument" on trisquel 8. Probably because we
21 # get put into some mount namespace and the one that I setup does not
22 # exist within it or something stupid that systemd does not
29 ExecStart=/usr/bin/nsenter --mount=/root/mount_namespaces/%i /usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client/%i.conf --writepid /run/openvpn/%i.pid
30 PIDFile=/run/openvpn/%i.pid
31 ExecReload=/bin/kill -HUP $MAINPID
32 WorkingDirectory=/etc/openvpn
33 # Ian: commented out these lines from upstream
34 #CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE
36 #DeviceAllow=/dev/null rw
37 #DeviceAllow=/dev/net/tun rw
39 # ian: added just these lines from upstream
40 ExecStartPre=/a/bin/newns/newns -n 10.173.0 start %i
41 ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
42 # note, this doesnt get run on trisquel 8 when ExecStart command fails,
43 # documentation says it should
44 ExecStopPost=/a/bin/newns/newns stop %i
48 WantedBy=multi-user.target
iankelling.org / git / distro-setup / blob