Folks,
Trying to move my openvpn configuration to fully systemd modified.
I've compiled openvpn with systemd support and fundamentally it works
with the most recent systemd recipe's in the style of openvpn@.service
Systemd until has this:
[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/opt/aa/config/aalan
ExecStart=/opt/aa/sbin/openvpnĀ --suppress-timestamps --config
/opt/aa/config/aalan/%i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE
CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUD>
LimitNPROC=20
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=control-group
RestartSec=30s
Restart=always
However it appears this is not allowing plug-ins to fork properly.
-PLUGIN: Thread creation failed.
If I use a much more primitive unit file from the early days of systemd
usage where the Type=forking was used to essentially just run the daemon
the exact same configuration file works.
As well instance without plugin also works.
I'm assuming it's some CapabilityBoundingSet issue. The daemon starts,
management console is available, accepts connections attempts etc but
when the fork to the plug-in goes it fails.
Thoughts
Colin
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
