summaryrefslogtreecommitdiff
path: root/distro/systemd
diff options
context:
space:
mode:
Diffstat (limited to 'distro/systemd')
-rw-r--r--distro/systemd/Makefile.am4
-rw-r--r--distro/systemd/Makefile.in60
-rw-r--r--distro/systemd/README.systemd70
-rw-r--r--distro/systemd/openvpn-client@.service.in1
-rw-r--r--distro/systemd/openvpn-server@.service.in3
5 files changed, 122 insertions, 16 deletions
diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am
index 1e3f3ea..69e1269 100644
--- a/distro/systemd/Makefile.am
+++ b/distro/systemd/Makefile.am
@@ -5,7 +5,7 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+# Copyright (C) 2017-2018 OpenVPN Inc <sales@openvpn.net>
#
%.service: %.service.in Makefile
@@ -23,6 +23,8 @@ systemdunit_DATA = \
openvpn-server@.service
tmpfiles_DATA = \
tmpfiles-openvpn.conf
+dist_doc_DATA = \
+ README.systemd
install-data-hook:
mv $(DESTDIR)$(tmpfilesdir)/tmpfiles-openvpn.conf $(DESTDIR)$(tmpfilesdir)/openvpn.conf
diff --git a/distro/systemd/Makefile.in b/distro/systemd/Makefile.in
index 27b390e..8e641aa 100644
--- a/distro/systemd/Makefile.in
+++ b/distro/systemd/Makefile.in
@@ -21,7 +21,7 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+# Copyright (C) 2017-2018 OpenVPN Inc <sales@openvpn.net>
#
VPATH = @srcdir@
@@ -109,7 +109,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_doc_DATA_DIST) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h \
$(top_builddir)/include/openvpn-plugin.h
@@ -134,6 +135,7 @@ am__can_run_installinfo = \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+am__dist_doc_DATA_DIST = README.systemd
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -161,9 +163,9 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
-am__installdirs = "$(DESTDIR)$(systemdunitdir)" \
+am__installdirs = "$(DESTDIR)$(docdir)" "$(DESTDIR)$(systemdunitdir)" \
"$(DESTDIR)$(tmpfilesdir)"
-DATA = $(systemdunit_DATA) $(tmpfiles_DATA)
+DATA = $(dist_doc_DATA) $(systemdunit_DATA) $(tmpfiles_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -335,6 +337,7 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sampledir = @sampledir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
@@ -358,6 +361,9 @@ EXTRA_DIST = \
@ENABLE_SYSTEMD_TRUE@tmpfiles_DATA = \
@ENABLE_SYSTEMD_TRUE@ tmpfiles-openvpn.conf
+@ENABLE_SYSTEMD_TRUE@dist_doc_DATA = \
+@ENABLE_SYSTEMD_TRUE@ README.systemd
+
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
@@ -399,6 +405,27 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
+install-dist_docDATA: $(dist_doc_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
+ done
+
+uninstall-dist_docDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir)
install-systemdunitDATA: $(systemdunit_DATA)
@$(NORMAL_INSTALL)
@list='$(systemdunit_DATA)'; test -n "$(systemdunitdir)" || list=; \
@@ -482,7 +509,7 @@ check-am: all-am
check: check-am
all-am: Makefile $(DATA)
installdirs:
- for dir in "$(DESTDIR)$(systemdunitdir)" "$(DESTDIR)$(tmpfilesdir)"; do \
+ for dir in "$(DESTDIR)$(docdir)" "$(DESTDIR)$(systemdunitdir)" "$(DESTDIR)$(tmpfilesdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -537,7 +564,8 @@ info: info-am
info-am:
-install-data-am: install-systemdunitDATA install-tmpfilesDATA
+install-data-am: install-dist_docDATA install-systemdunitDATA \
+ install-tmpfilesDATA
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-dvi: install-dvi-am
@@ -582,7 +610,8 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-systemdunitDATA uninstall-tmpfilesDATA
+uninstall-am: uninstall-dist_docDATA uninstall-systemdunitDATA \
+ uninstall-tmpfilesDATA
.MAKE: install-am install-data-am install-strip
@@ -590,14 +619,15 @@ uninstall-am: uninstall-systemdunitDATA uninstall-tmpfilesDATA
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am \
- install-data-hook install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip install-systemdunitDATA \
- install-tmpfilesDATA installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags-am uninstall uninstall-am uninstall-systemdunitDATA \
+ install-data-hook install-dist_docDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip install-systemdunitDATA install-tmpfilesDATA \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
+ uninstall-am uninstall-dist_docDATA uninstall-systemdunitDATA \
uninstall-tmpfilesDATA
.PRECIOUS: Makefile
diff --git a/distro/systemd/README.systemd b/distro/systemd/README.systemd
new file mode 100644
index 0000000..a193a87
--- /dev/null
+++ b/distro/systemd/README.systemd
@@ -0,0 +1,70 @@
+OpenVPN and systemd
+===================
+
+As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a
+fine grained control of each OpenVPN configuration as well as trying to
+restrict the capabilities the OpenVPN process have on a system.
+
+
+Configuration profile types
+---------------------------
+These new unit files separates between client and server profiles. The
+configuration files are kept in separate directories, to provide clarity
+of the profile they run under.
+
+Typically the client profile cannot bind to any ports below port 1024
+and the client configuration is always started with --nobind.
+
+The server profile is allowed to bind to any ports. In addition it enables
+a client status file, usually found in the /run/openvpn-server directory.
+The status format is set to version 2 by default. These settings may be
+overridden by adding --status and/or --status-version in the OpenVPN
+configuration file.
+
+Neither of these profiles makes use of PID files, but OpenVPN reports back to
+systemd its PID once it has initialized.
+
+For configuration using a peer-to-peer mode (not using --mode server on one
+of the sides) it is recommended to use the client profile.
+
+
+Configuration files
+-------------------
+These new unit files expects client configuration files to be made available
+in /etc/openvpn/client. Similar for the server configurations, it is expected
+to be found in /etc/openvpn/server. The configuration files must have a .conf
+file extension.
+
+
+Managing VPN tunnels
+--------------------
+Use the normal systemctl tool to start, stop VPN tunnels, as well as enable
+and disable tunnels at boot time. The syntax is:
+
+ - client configurations:
+ # systemctl $OPER openvpn-client@$CONFIGNAME
+
+ - server configurations:
+ # systemctl $OPER openvpn-server@$CONFIGNAME
+
+Similarly, to view the OpenVPN journal log use a similar syntax:
+
+ # journalctl -u openvpn-client@$CONFIGNAME
+ or
+ # journalctl -u openvpn-server@$CONFIGNAME
+
+* Examples
+ Say your server configuration is /etc/openvpn/server/tun0.conf, you
+ start this VPN service like this:
+
+ # systemctl start openvpn-server@tun0
+
+ A client configuration file in /etc/openvpn/client/corpvpn.conf is
+ started like this:
+
+ # systemctl start openvpn-client@corpvpn
+
+ To view the server configuration's journal only listing entries from
+ yesterday and until today:
+
+ # journalctl --since yesterday -u openvpn-server@tun0
diff --git a/distro/systemd/openvpn-client@.service.in b/distro/systemd/openvpn-client@.service.in
index 49e3f51..cbcef65 100644
--- a/distro/systemd/openvpn-client@.service.in
+++ b/distro/systemd/openvpn-client@.service.in
@@ -17,6 +17,7 @@ DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
+KillMode=process
[Install]
WantedBy=multi-user.target
diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in
index 9a8a2c7..a8366a0 100644
--- a/distro/systemd/openvpn-server@.service.in
+++ b/distro/systemd/openvpn-server@.service.in
@@ -17,6 +17,9 @@ DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
+KillMode=process
+RestartSec=5s
+Restart=on-failure
[Install]
WantedBy=multi-user.target