mirror of
https://github.com/OpenVPN/openvpn.git
synced 2026-02-19 02:29:37 -05:00
864aab8a6c
This is necessary to make the ``--nice n`` option work for OpenVPN instances started by systemd. Github: closes OpenVPN/openvpn#834 Signed-off-by: Simon Matter <simon.matter@invoca.ch> Acked-By: Arne Schwabe <arne@rfc2549.org> Message-Id: <f58b64307a86c62cb20a142ebfb40e56.20251204111659.1764843419@xxl.corp.invoca.ch> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34803.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
25 lines
893 B
SYSTEMD
25 lines
893 B
SYSTEMD
[Unit]
|
|
Description=OpenVPN service for %i
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
Documentation=man:openvpn(8)
|
|
Documentation=https://openvpn.net/community-resources/reference-manual-for-openvpn-@OPENVPN_VERSION_MAJOR@-@OPENVPN_VERSION_MINOR@/
|
|
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
|
|
|
|
[Service]
|
|
Type=notify
|
|
PrivateTmp=true
|
|
WorkingDirectory=/etc/openvpn/server
|
|
ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
|
|
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_SYS_NICE CAP_AUDIT_WRITE
|
|
LimitNPROC=10
|
|
DeviceAllow=/dev/null rw
|
|
DeviceAllow=/dev/net/tun rw
|
|
ProtectSystem=true
|
|
ProtectHome=true
|
|
KillMode=process
|
|
RestartSec=5s
|
|
Restart=on-failure
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|