diff options
Diffstat (limited to 'debian/openvpn@.service')
-rw-r--r-- | debian/openvpn@.service | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service new file mode 100644 index 0000000..da7adc7 --- /dev/null +++ b/debian/openvpn@.service @@ -0,0 +1,30 @@ +[Unit] +Description=OpenVPN connection to %i +PartOf=openvpn.service +ReloadPropagatedFrom=openvpn.service +Before=systemd-user-sessions.service +After=network-online.target +Wants=network-online.target +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + +[Service] +Type=notify +PrivateTmp=true +WorkingDirectory=/etc/openvpn +ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid +PIDFile=/run/openvpn/%i.pid +KillMode=process +ExecReload=/bin/kill -HUP $MAINPID +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE +LimitNPROC=100 +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw +ProtectSystem=true +ProtectHome=true +RestartSec=5s +Restart=on-failure + +[Install] +WantedBy=multi-user.target |