Am 04.01.19 um 17:25 schrieb David Sommerseth: Hi everyone,
> Okay, I was a bit unclear. The approach used with openvpn.service and > openvpn@.service are broken by (Debian) design. Quite many users have > reported that these service files does not work at all. But I'll admit, I'm > not really up-to-date if these service files have been updated by > distro-packagers later on. (One of the) Debian OpenVPN maintainer here. I'd like to get some input about the perceived brokenness of the openvpn@.service in Debian. Freeze is coming up, but we still have time to fix issues if they arise. I'm not aware of any major bugs reported for this. First of all, we ship both openvpn@.service (which is maintained in Debian) and openvpn-client@.service and openvpn-server@.service from the upstream sources. As a user of our package you are very much free (and encouraged) to work with OpenVPN in the officially documented way. openvpn@.service mostly comes from a compatibility layer. Since years in Debian you could drop a .conf into /etc/openvpn and had it executed at startup (controlled by a variable in /etc/default/openvpn). This is pretty much remodeled by the use of a custom generator, see https://sources.debian.org/src/openvpn/2.4.6-1/debian/openvpn-generator/ . openvpn.service just binds these instances together to allow for a service openvpn restart to work. And I currently don't see a compelling reason to drop this, since it allows upgrading users to keep working). Since the .conf files are not split between client and server we have to use one openvpn@.service that can accomodate both. But I really fail to see the problem here. openvpn@.service and openvpn-server@.service are not that much different. We do use systemd readyness notification, the capability bounding set is the same (for server), the ExecStart line is similar, we do restart on error. openvpn@.service ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid openvpn-server@.service ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf -client.service is a bit more restricted and uses --nobind and no status file, but that's about it. Bernhard _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel