2

By default, the systemd openvpn client unit file assumes all config files end with .conf. Many of my config files end with .ovpn. Changing file name extensions is undesirable in my environment.

The default openvpn client unit file is /usr/lib/systemd/system/[email protected]

[Unit] Description=OpenVPN tunnel for %I After=syslog.target network-online.target Wants=network-online.target Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/client ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true KillMode=process [Install] WantedBy=multi-user.target

Is there a reason I should not edit that file and change the ExecStart line by removing the .conf extension like so?

ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i

In that case, I would pass the full config file name with extension to systemctl. Does including the extension break anything as far as systemd is concerned? Is there another reason why a filename extension cannot be used?

Related questions regarding the ExecStart line:

Normally, my openvpn command line includes --daemon. Is that not required when starting via systemd? I see that it is not included above. If I want it to run as a daemon, do I need to include it?

Also, why is --suppress-timestamps included? Currently, I do not get duplicate timestamps in the logs/journal. Will that change if I start via systemd?

The following is my proposed (untested) unit file:

[Unit] Description=OpenVPN tunnel for %i After=syslog.target network-online.target StartLimitIntervalSec=0 Wants=network-online.target [Service] Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/client ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --daemon --config %i CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true KillMode=process Restart=always RestartSec=5 [Install] WantedBy=multi-user.target
Improve this question

1 Answer 1

Reset to default
2

It should work without the extension, it is just a convention established by the unit file. systemctl doesn't complain about dots in unit names.

The systemd units normally don't daemonize the commands they start, that makes it easier for systemd to keep track of the processes that are running.

--suppress-timestamps is probably because journald adds a time anyway. Just try both and see what the difference is.

Improve this answer
1

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.