mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
Add systemd unit file for OpenVPN
This is to encourage all Linux distributions to use a unified systemd unit file. This unit file also tries to reduce the capabilities of the running openvpn process. Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: 1411030936-16309-1-git-send-email-openvpn.list@topphemmelig.net URL: http://article.gmane.org/gmane.network.openvpn.devel/9043
This commit is contained in:
parent
9048d50b0a
commit
8a4566ce4f
19
distro/systemd/openvpn@.service
Normal file
19
distro/systemd/openvpn@.service
Normal file
@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
Description=OpenVPN tunnel for %I
|
||||
After=syslog.target network.target
|
||||
Documentation=man:openvpn(8)
|
||||
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
|
||||
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
|
||||
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=forking
|
||||
PIDFile=/var/run/openvpn/%i.pid
|
||||
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
|
||||
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
|
||||
LimitNPROC=10
|
||||
DeviceAllow=/dev/null rw
|
||||
DeviceAllow=/dev/net/tun rw
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user