From 4ca1764c51128c98ab8b0161a9677bc284723740 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Tue, 3 Oct 2017 11:45:14 +0200 Subject: Remove obsolete syslog.target from debian/openvpn@.service --- debian/openvpn@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian/openvpn@.service') diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 53ff5a5..2cda6cd 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -3,7 +3,7 @@ Description=OpenVPN connection to %i PartOf=openvpn.service ReloadPropagatedFrom=openvpn.service Before=systemd-user-sessions.service -After=syslog.target network-online.target +After=network-online.target Wants=network-online.target Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage -- cgit v1.2.3 From 8b66a35385f4350db57d6a9d4f40ad732267e6b9 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Mon, 9 Oct 2017 21:25:52 +0200 Subject: openvpn@.service: Copy Restart=on-failure from upstream systemd unit --- debian/openvpn@.service | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/openvpn@.service') diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 2cda6cd..992cc3b 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -22,6 +22,8 @@ DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true +RestartSec=5s +Restart=on-failure [Install] WantedBy=multi-user.target -- cgit v1.2.3 From 1a0cdf35d6f7e3a80eaf3989e415baf23f879488 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Mon, 9 Oct 2017 21:26:31 +0200 Subject: openvpn@.service: Use KillMode=process This copies a change in the upstream systemd unit into the Debian-specific one === systemd: Ensure systemd shuts down OpenVPN in a proper way By default, when systemd is stopping OpenVPN it will send the SIGTERM to all processes within the same process control-group. This can come as a surprise to plug-ins which may have fork()ed out child processes. So we tell systemd to only send the SIGTERM signal to the main OpenVPN process and let OpenVPN take care of the shutdown process on its own. If the main OpenVPN process does not stop within 90 seconds (unless changed), it will send SIGKILL to all remaining processes within the same process control-group. This issue have been reported in both Debian and Fedora. Trac: 581 Message-Id: <20170906234705.26202-1-davids@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15369.html Signed-off-by: David Sommerseth [DS: Applied lazy-ack policy] === --- debian/openvpn@.service | 1 + 1 file changed, 1 insertion(+) (limited to 'debian/openvpn@.service') diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 992cc3b..7f0134b 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -15,6 +15,7 @@ PrivateTmp=true WorkingDirectory=/etc/openvpn ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid PIDFile=/run/openvpn/%i.pid +KillMode=process ExecReload=/bin/kill -HUP $MAINPID CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 -- cgit v1.2.3