From 525348b6d168ced42d8e723033bd2084f6a1eea6 Mon Sep 17 00:00:00 2001 From: Hideki Saito Date: Tue, 22 Sep 2015 02:22:05 -0700 Subject: [PATCH] Systemd service configuration files for SoftEther --- systemd/softether-vpnbridge.service | 23 +++++++++++++++++++++++ systemd/softether-vpnclient.service | 25 +++++++++++++++++++++++++ systemd/softether-vpnserver.service | 25 +++++++++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 systemd/softether-vpnbridge.service create mode 100644 systemd/softether-vpnclient.service create mode 100644 systemd/softether-vpnserver.service diff --git a/systemd/softether-vpnbridge.service b/systemd/softether-vpnbridge.service new file mode 100644 index 00000000..2f508820 --- /dev/null +++ b/systemd/softether-vpnbridge.service @@ -0,0 +1,23 @@ +[Unit] +Description=SoftEther VPN Bridge +After=network.target auditd.service +ConditionPathExists=!/opt/vpnbridge/do_not_run + +[Service] +Type=forking +ExecStart=/opt/vpnbridge/vpnbridge start +ExecStop=/opt/vpnbridge/vpnbridge stop +KillMode=process +Restart=on-failure + +# Hardening +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/opt/vpnbridge +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID + +[Install] +WantedBy=multi-user.target + diff --git a/systemd/softether-vpnclient.service b/systemd/softether-vpnclient.service new file mode 100644 index 00000000..1e9dbd0e --- /dev/null +++ b/systemd/softether-vpnclient.service @@ -0,0 +1,25 @@ +[Unit] +Description=SoftEther VPN Client +After=network.target auditd.service +ConditionPathExists=!/opt/vpnclient/do_not_run + +[Service] +Type=forking +EnvironmentFile=-/opt/vpnclient +ExecStart=/opt/vpnclient/vpnclient start +ExecStop=/opt/vpnclient/vpnclient stop +KillMode=process +Restart=on-failure + +# Hardening +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/opt/vpnclient +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID + +[Install] +WantedBy=multi-user.target + + diff --git a/systemd/softether-vpnserver.service b/systemd/softether-vpnserver.service new file mode 100644 index 00000000..951b13db --- /dev/null +++ b/systemd/softether-vpnserver.service @@ -0,0 +1,25 @@ +[Unit] +Description=SoftEther VPN Server +After=network.target auditd.service +ConditionPathExists=!/opt/vpnserver/do_not_run + +[Service] +Type=forking +EnvironmentFile=-/opt/vpnserver +ExecStart=/opt/vpnserver/vpnserver start +ExecStop=/opt/vpnserver/vpnserver stop +KillMode=process +Restart=on-failure + +# Hardening +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/opt/vpnserver +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID + +[Install] +WantedBy=multi-user.target + +