openvpn.git/debian/openvpn@.service, branch develop Debian repo for openvpn openvpn@.service: Bump LimitNPROC to 100 2019-02-20T13:32:33+00:00 Bernhard Schmidt berni@debian.org 2019-02-20T13:32:33+00:00 99c03fd1819e604fada367d984322c464041478b This generally seems to be the wrong knob to protect against runaway forks (as it does not limit per instance, but per user systemwide), but a general mediation is still under discussion. Meanwhile bump the limit for the Debian unit to 100. Upstream openvpn-client@.service and openvpn-server@.service still use 10 See Bug#861923 for discussion. 
This generally seems to be the wrong knob to protect against runaway
forks (as it does not limit per instance, but per user systemwide), but
a general mediation is still under discussion. Meanwhile bump the limit
for the Debian unit to 100.

Upstream openvpn-client@.service and openvpn-server@.service still use
10

See Bug#861923 for discussion.
Add CAP_AUDIT_WRITE for auth_pam 2019-02-20T13:27:32+00:00 Bernhard Schmidt berni@debian.org 2019-02-20T13:27:32+00:00 d391b6992cfe5223aa58e714ec6710bd63013db4 Same change has been done upstream in 2.4.7 Closes: #868806 
Same change has been done upstream in 2.4.7

Closes: #868806
openvpn@.service: Use KillMode=process 2017-10-09T19:26:31+00:00 Bernhard Schmidt berni@debian.org 2017-10-09T19:26:31+00:00 1a0cdf35d6f7e3a80eaf3989e415baf23f879488 This copies a change in the upstream systemd unit into the Debian-specific one === systemd: Ensure systemd shuts down OpenVPN in a proper way By default, when systemd is stopping OpenVPN it will send the SIGTERM to all processes within the same process control-group. This can come as a surprise to plug-ins which may have fork()ed out child processes. So we tell systemd to only send the SIGTERM signal to the main OpenVPN process and let OpenVPN take care of the shutdown process on its own. If the main OpenVPN process does not stop within 90 seconds (unless changed), it will send SIGKILL to all remaining processes within the same process control-group. This issue have been reported in both Debian and Fedora. Trac: 581 Message-Id: <20170906234705.26202-1-davids@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15369.html Signed-off-by: David Sommerseth <davids@openvpn.net> [DS: Applied lazy-ack policy] === 
This copies a change in the upstream systemd unit into the Debian-specific
one

===
systemd: Ensure systemd shuts down OpenVPN in a proper way
By default, when systemd is stopping OpenVPN it will send the SIGTERM
to all processes within the same process control-group.  This can come
as a surprise to plug-ins which may have fork()ed out child processes.

So we tell systemd to only send the SIGTERM signal to the main OpenVPN
process and let OpenVPN take care of the shutdown process on its own.

If the main OpenVPN process does not stop within 90 seconds (unless
changed), it will send SIGKILL to all remaining processes within
the same process control-group.

This issue have been reported in both Debian and Fedora.

Trac: 581
Message-Id: <20170906234705.26202-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15369.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
[DS: Applied lazy-ack policy]
===
openvpn@.service: Copy Restart=on-failure from upstream systemd unit 2017-10-09T19:25:52+00:00 Bernhard Schmidt berni@debian.org 2017-10-09T19:25:52+00:00 8b66a35385f4350db57d6a9d4f40ad732267e6b9 






Remove obsolete syslog.target from debian/openvpn@.service
2017-10-03T09:45:14+00:00

Jörg Frings-Fürst
debian@jff-webhosting.net

2017-10-03T09:45:14+00:00

4ca1764c51128c98ab8b0161a9677bc284723740












Adjust debian openvpn@.service
2017-06-30T13:39:48+00:00

Bernhard Schmidt
berni@debian.org

2017-06-30T13:39:48+00:00

5fe7875501a2560542b462f9af5bb3346214147f

Adjust openvpn@.service to be similar to the upstream
openvpn-server@,service

In detail:
* Adjust Documentation URL to OpenVPN 2.4
* use systemd READY signalling (Type=notify)
* add ProtectHome=true
* Add After/Wants network-online.target, this should fix a few
  bugs happening due to OpenVPN starting too early
* adjust CapabililtyBoundingSet

Closes: #858558, #864031





Adjust openvpn@.service to be similar to the upstream
openvpn-server@,service

In detail:
* Adjust Documentation URL to OpenVPN 2.4
* use systemd READY signalling (Type=notify)
* add ProtectHome=true
* Add After/Wants network-online.target, this should fix a few
  bugs happening due to OpenVPN starting too early
* adjust CapabililtyBoundingSet

Closes: #858558, #864031







Fix #803032
2016-01-20T16:33:12+00:00

Alberto Gonzalez Iniesta
agi@inittab.org

2016-01-20T16:33:12+00:00

e1189bfcd3a87747e1b9262623414aed1b735eb0












Fix #795313
2016-01-20T16:30:10+00:00

Alberto Gonzalez Iniesta
agi@inittab.org

2016-01-20T16:30:10+00:00

c7db1569e9ff2b00683027cda315662304d9d772












Fix #811010
2016-01-20T11:18:45+00:00

Alberto Gonzalez Iniesta
agi@inittab.org

2016-01-20T11:18:33+00:00

12e09aa53c44a997888b28533f44a3cc887cd36e












Fix #792907 and improve @.service options
2015-08-13T09:55:01+00:00

Alberto Gonzalez Iniesta
agi@inittab.org

2015-08-13T09:55:01+00:00

ef0882c8f90de0ee421ce243b263e806ffb714cc