[Unit] Description=SoftEther VPN Bridge After=network.target auditd.service ConditionPathExists=!/usr/vpnbridge/do_not_run [Service] Type=forking ExecStart=/usr/vpnbridge/vpnbridge start ExecStop=/usr/vpnbridge/vpnbridge stop KillMode=process Restart=on-failure # Hardening PrivateTmp=yes ProtectHome=yes ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=-/usr/vpnbridge CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID [Install] WantedBy=multi-user.target