diff options
author | Bernhard Schmidt <Bernhard.Schmidt@lrz.de> | 2018-03-04 22:55:51 +0100 |
---|---|---|
committer | Bernhard Schmidt <Bernhard.Schmidt@lrz.de> | 2018-03-04 22:55:51 +0100 |
commit | 528d142b4be4618a00d506414c95485d679f7297 (patch) | |
tree | 118c2b9adb156a129bd0a04d980f00ba01fc8264 /distro/systemd | |
parent | bd24a09dcb08e98bba26e316fd46e1b5d0590afb (diff) | |
parent | 4afa7ed562410a1170223a7bc06efb3708af6a36 (diff) |
Update upstream source from tag 'upstream/2.4.5'
Update to upstream version '2.4.5'
with Debian dir bfadc11012753514e3836a4dc88a94fd7d0f8314
Diffstat (limited to 'distro/systemd')
-rw-r--r-- | distro/systemd/Makefile.am | 4 | ||||
-rw-r--r-- | distro/systemd/Makefile.in | 81 | ||||
-rw-r--r-- | distro/systemd/README.systemd | 70 |
3 files changed, 135 insertions, 20 deletions
diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am index 1e3f3ea..69e1269 100644 --- a/distro/systemd/Makefile.am +++ b/distro/systemd/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2017 OpenVPN Technologies, Inc. <sales@openvpn.net> +# Copyright (C) 2017-2018 OpenVPN Inc <sales@openvpn.net> # %.service: %.service.in Makefile @@ -23,6 +23,8 @@ systemdunit_DATA = \ openvpn-server@.service tmpfiles_DATA = \ tmpfiles-openvpn.conf +dist_doc_DATA = \ + README.systemd install-data-hook: mv $(DESTDIR)$(tmpfilesdir)/tmpfiles-openvpn.conf $(DESTDIR)$(tmpfilesdir)/openvpn.conf diff --git a/distro/systemd/Makefile.in b/distro/systemd/Makefile.in index 57e82c2..8e641aa 100644 --- a/distro/systemd/Makefile.in +++ b/distro/systemd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,11 +21,21 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2017 OpenVPN Technologies, Inc. <sales@openvpn.net> +# Copyright (C) 2017-2018 OpenVPN Inc <sales@openvpn.net> # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -89,7 +99,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = distro/systemd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \ $(top_srcdir)/m4/ax_socklen_t.m4 \ @@ -100,6 +109,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \ $(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_doc_DATA_DIST) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h \ $(top_builddir)/include/openvpn-plugin.h @@ -124,6 +135,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__dist_doc_DATA_DIST = README.systemd am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -151,10 +163,11 @@ am__uninstall_files_from_dir = { \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(systemdunitdir)" \ +am__installdirs = "$(DESTDIR)$(docdir)" "$(DESTDIR)$(systemdunitdir)" \ "$(DESTDIR)$(tmpfilesdir)" -DATA = $(systemdunit_DATA) $(tmpfiles_DATA) +DATA = $(dist_doc_DATA) $(systemdunit_DATA) $(tmpfiles_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -203,6 +216,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ LZ4_CFLAGS = @LZ4_CFLAGS@ LZ4_LIBS = @LZ4_LIBS@ LZO_CFLAGS = @LZO_CFLAGS@ @@ -323,6 +337,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ @@ -346,6 +361,9 @@ EXTRA_DIST = \ @ENABLE_SYSTEMD_TRUE@tmpfiles_DATA = \ @ENABLE_SYSTEMD_TRUE@ tmpfiles-openvpn.conf +@ENABLE_SYSTEMD_TRUE@dist_doc_DATA = \ +@ENABLE_SYSTEMD_TRUE@ README.systemd + MAINTAINERCLEANFILES = \ $(srcdir)/Makefile.in @@ -364,7 +382,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign distro/systemd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign distro/systemd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -388,6 +405,27 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +install-dist_docDATA: $(dist_doc_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ + done + +uninstall-dist_docDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir) install-systemdunitDATA: $(systemdunit_DATA) @$(NORMAL_INSTALL) @list='$(systemdunit_DATA)'; test -n "$(systemdunitdir)" || list=; \ @@ -471,7 +509,7 @@ check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: - for dir in "$(DESTDIR)$(systemdunitdir)" "$(DESTDIR)$(tmpfilesdir)"; do \ + for dir in "$(DESTDIR)$(docdir)" "$(DESTDIR)$(systemdunitdir)" "$(DESTDIR)$(tmpfilesdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -526,7 +564,8 @@ info: info-am info-am: -install-data-am: install-systemdunitDATA install-tmpfilesDATA +install-data-am: install-dist_docDATA install-systemdunitDATA \ + install-tmpfilesDATA @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am @@ -571,7 +610,8 @@ ps: ps-am ps-am: -uninstall-am: uninstall-systemdunitDATA uninstall-tmpfilesDATA +uninstall-am: uninstall-dist_docDATA uninstall-systemdunitDATA \ + uninstall-tmpfilesDATA .MAKE: install-am install-data-am install-strip @@ -579,16 +619,19 @@ uninstall-am: uninstall-systemdunitDATA uninstall-tmpfilesDATA cscopelist-am ctags-am distclean distclean-generic \ distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am \ - install-data-hook install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip install-systemdunitDATA \ - install-tmpfilesDATA installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags-am uninstall uninstall-am uninstall-systemdunitDATA \ + install-data-hook install-dist_docDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip install-systemdunitDATA install-tmpfilesDATA \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am uninstall-dist_docDATA uninstall-systemdunitDATA \ uninstall-tmpfilesDATA +.PRECIOUS: Makefile + %.service: %.service.in Makefile $(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \ diff --git a/distro/systemd/README.systemd b/distro/systemd/README.systemd new file mode 100644 index 0000000..a193a87 --- /dev/null +++ b/distro/systemd/README.systemd @@ -0,0 +1,70 @@ +OpenVPN and systemd +=================== + +As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a +fine grained control of each OpenVPN configuration as well as trying to +restrict the capabilities the OpenVPN process have on a system. + + +Configuration profile types +--------------------------- +These new unit files separates between client and server profiles. The +configuration files are kept in separate directories, to provide clarity +of the profile they run under. + +Typically the client profile cannot bind to any ports below port 1024 +and the client configuration is always started with --nobind. + +The server profile is allowed to bind to any ports. In addition it enables +a client status file, usually found in the /run/openvpn-server directory. +The status format is set to version 2 by default. These settings may be +overridden by adding --status and/or --status-version in the OpenVPN +configuration file. + +Neither of these profiles makes use of PID files, but OpenVPN reports back to +systemd its PID once it has initialized. + +For configuration using a peer-to-peer mode (not using --mode server on one +of the sides) it is recommended to use the client profile. + + +Configuration files +------------------- +These new unit files expects client configuration files to be made available +in /etc/openvpn/client. Similar for the server configurations, it is expected +to be found in /etc/openvpn/server. The configuration files must have a .conf +file extension. + + +Managing VPN tunnels +-------------------- +Use the normal systemctl tool to start, stop VPN tunnels, as well as enable +and disable tunnels at boot time. The syntax is: + + - client configurations: + # systemctl $OPER openvpn-client@$CONFIGNAME + + - server configurations: + # systemctl $OPER openvpn-server@$CONFIGNAME + +Similarly, to view the OpenVPN journal log use a similar syntax: + + # journalctl -u openvpn-client@$CONFIGNAME + or + # journalctl -u openvpn-server@$CONFIGNAME + +* Examples + Say your server configuration is /etc/openvpn/server/tun0.conf, you + start this VPN service like this: + + # systemctl start openvpn-server@tun0 + + A client configuration file in /etc/openvpn/client/corpvpn.conf is + started like this: + + # systemctl start openvpn-client@corpvpn + + To view the server configuration's journal only listing entries from + yesterday and until today: + + # journalctl --since yesterday -u openvpn-server@tun0 |