[Unit] Description=SoftEther VPN Server After=network.target auditd.service ConditionPathExists=!/usr/vpnserver/do_not_run [Service] Type=forking EnvironmentFile=-/usr/vpnserver ExecStart=/usr/vpnserver/vpnserver start ExecStop=/usr/vpnserver/vpnserver stop KillMode=process Restart=on-failure # Hardening PrivateTmp=yes ProtectHome=yes ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=-/usr/vpnserver CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID [Install] WantedBy=multi-user.target