mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
29446a18e1
By default, when systemd is stopping OpenVPN it will send the SIGTERM to all processes within the same process control-group. This can come as a surprise to plug-ins which may have fork()ed out child processes. So we tell systemd to only send the SIGTERM signal to the main OpenVPN process and let OpenVPN take care of the shutdown process on its own. If the main OpenVPN process does not stop within 90 seconds (unless changed), it will send SIGKILL to all remaining processes within the same process control-group. This issue have been reported in both Debian and Fedora. Trac: 581 Message-Id: <20170906234705.26202-1-davids@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15369.html Signed-off-by: David Sommerseth <davids@openvpn.net> [DS: Applied lazy-ack policy]
24 lines
702 B
SYSTEMD
24 lines
702 B
SYSTEMD
[Unit]
|
|
Description=OpenVPN tunnel for %I
|
|
After=syslog.target network-online.target
|
|
Wants=network-online.target
|
|
Documentation=man:openvpn(8)
|
|
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
|
|
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
|
|
|
|
[Service]
|
|
Type=notify
|
|
PrivateTmp=true
|
|
WorkingDirectory=/etc/openvpn/client
|
|
ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
|
|
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
|
|
LimitNPROC=10
|
|
DeviceAllow=/dev/null rw
|
|
DeviceAllow=/dev/net/tun rw
|
|
ProtectSystem=true
|
|
ProtectHome=true
|
|
KillMode=process
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|