Using OpenVPN with systemd
I think the Debian OpenVPN setup with systemd is currently a tad bit broken. To get it to work on my machines I had to:
Create
/etc/systemd/system/[email protected](the directory), and place in it a new file with this:[Unit] Requires=networking.service After=networking.service
I called my filelocal-after-ifup.conf. It needs to end with.conf. (This is the bit that's currently a tad bit broken.)Create a file in
/etc/tmpfiles.d(I called minelocal-openvpn.conf) with the contents:# Type Path Mode UID GID Age Argument d /run/openvpn 0755 root root - -
This is Debian bug 741938 (fixed in 2.3.3-1).Create a symlink into
multi-user.target.wants(easiest way issystemctl enable openvpn@CONF_NAME.service) E.g., if you have/etc/openvpn/foo.conf, you'd use[email protected].If you also have the SysV init script showing up in systemd, disable it. This is Debian bug 700888 (fixed in 2.3.3-1).
NOTE: 2.3.3-1 or later is not yet in testing, though it is in unstable.
This type of unit file is an Instantiated Service - more details are available here
The following is the unit file for openvpn on CentOS 7:
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=syslog.target network.target
[Service]
PrivateTmp=true
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
[Install]
WantedBy=multi-user.target
and it resides as /usr/lib/systemd/system/openvpn@service. The %i in the file is replaced with the string after the @ in the unit name.
As the config file is at /etc/openvpn/myopenvpn.conf then the service is started with:
systemctl start [email protected]
- Place all openvpn *.conf files into
/etc/openvpn/. Edit
/etc/default/openvpn. Uncomment this:AUTOSTART="all"Run
systemctl daemon-reload.- Run
service openvpn start.