ホーム エクスプローラ ヘルプ
サインイン
SoftwareDesign
/
csu3_am335x
8
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ブランチ: master
ブランチ タグ
csu3_am335x
/
EVSE
/
GPL
/
openvpn-2.4.9
/
distro
/
systemd
/
README.systemd

README.systemd 2.4 KB
パーマリンク 履歴 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. OpenVPN and systemd
    2. 

  2. ===================
    3. 

  3. 

  4. As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a
    5. 

  5. fine grained control of each OpenVPN configuration as well as trying to
    6. 

  6. restrict the capabilities the OpenVPN process have on a system.
    7. 

  7. 

  8. 

  9. Configuration profile types
    10. 

  10. ---------------------------
    11. 

  11. These new unit files separates between client and server profiles.  The
    12. 

  12. configuration files are kept in separate directories, to provide clarity
    13. 

  13. of the profile they run under.
    14. 

  14. 

  15. Typically the client profile cannot bind to any ports below port 1024
    16. 

  16. and the client configuration is always started with --nobind.
    17. 

  17. 

  18. The server profile is allowed to bind to any ports.  In addition it enables
    19. 

  19. a client status file, usually found in the /run/openvpn-server directory.
    20. 

  20. The status format is set to version 2 by default.  These settings may be
    21. 

  21. overridden by adding --status and/or --status-version in the OpenVPN
    22. 

  22. configuration file.
    23. 

  23. 

  24. Neither of these profiles makes use of PID files, but OpenVPN reports back to
    25. 

  25. systemd its PID once it has initialized.
    26. 

  26. 

  27. For configuration using a peer-to-peer mode (not using --mode server on one
    28. 

  28. of the sides) it is recommended to use the client profile.
    29. 

  29. 

  30. 

  31. Configuration files
    32. 

  32. -------------------
    33. 

  33. These new unit files expects client configuration files to be made available
    34. 

  34. in /etc/openvpn/client.  Similar for the server configurations, it is expected
    35. 

  35. to be found in /etc/openvpn/server.  The configuration files must have a .conf
    36. 

  36. file extension.
    37. 

  37. 

  38. 

  39. Managing VPN tunnels
    40. 

  40. --------------------
    41. 

  41. Use the normal systemctl tool to start, stop VPN tunnels, as well as enable
    42. 

  42. and disable tunnels at boot time.  The syntax is:
    43. 

  43. 

  44.  - client configurations:
    45. 

  45.     # systemctl $OPER openvpn-client@$CONFIGNAME
    46. 

  46. 

  47.  - server configurations:
    48. 

  48.     # systemctl $OPER openvpn-server@$CONFIGNAME
    49. 

  49. 

  50. Similarly, to view the OpenVPN journal log use a similar syntax:
    51. 

  51. 

  52.    # journalctl -u openvpn-client@$CONFIGNAME
    53. 

  53.  or
    54. 

  54.    # journalctl -u openvpn-server@$CONFIGNAME
    55. 

  55. 

  56. * Examples
    57. 

  57.   Say your server configuration is /etc/openvpn/server/tun0.conf, you
    58. 

  58.   start this VPN service like this:
    59. 

  59. 

  60.     # systemctl start openvpn-server@tun0
    61. 

  61. 

  62.   A client configuration file in /etc/openvpn/client/corpvpn.conf is
    63. 

  63.   started like this:
    64. 

  64. 

  65.     # systemctl start openvpn-client@corpvpn
    66. 

  66. 

  67.   To view the server configuration's journal only listing entries from
    68. 

  68.   yesterday and until today:
    69. 

  69. 

  70.     # journalctl --since yesterday -u openvpn-server@tun0
    71.