Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/SoftEtherVPN/SoftEtherVPN_Stable.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHideki Saito <hideki@hidekisaito.com>2015-09-22 12:22:05 +0300
committerHideki Saito <hideki@hidekisaito.com>2015-09-22 12:22:05 +0300
commit525348b6d168ced42d8e723033bd2084f6a1eea6 (patch)
tree381611c64630c4d8b1e21dcda91ca2cc97ac3300
parent3c8abd60ed71d09dc09953712c8d5a807932efb9 (diff)
Systemd service configuration files for SoftEther
-rw-r--r--systemd/softether-vpnbridge.service23
-rw-r--r--systemd/softether-vpnclient.service25
-rw-r--r--systemd/softether-vpnserver.service25
3 files changed, 73 insertions, 0 deletions
diff --git a/systemd/softether-vpnbridge.service b/systemd/softether-vpnbridge.service
new file mode 100644
index 00000000..2f508820
--- /dev/null
+++ b/systemd/softether-vpnbridge.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=SoftEther VPN Bridge
+After=network.target auditd.service
+ConditionPathExists=!/opt/vpnbridge/do_not_run
+
+[Service]
+Type=forking
+ExecStart=/opt/vpnbridge/vpnbridge start
+ExecStop=/opt/vpnbridge/vpnbridge stop
+KillMode=process
+Restart=on-failure
+
+# Hardening
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/opt/vpnbridge
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/systemd/softether-vpnclient.service b/systemd/softether-vpnclient.service
new file mode 100644
index 00000000..1e9dbd0e
--- /dev/null
+++ b/systemd/softether-vpnclient.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=SoftEther VPN Client
+After=network.target auditd.service
+ConditionPathExists=!/opt/vpnclient/do_not_run
+
+[Service]
+Type=forking
+EnvironmentFile=-/opt/vpnclient
+ExecStart=/opt/vpnclient/vpnclient start
+ExecStop=/opt/vpnclient/vpnclient stop
+KillMode=process
+Restart=on-failure
+
+# Hardening
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/opt/vpnclient
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
+
+[Install]
+WantedBy=multi-user.target
+
+
diff --git a/systemd/softether-vpnserver.service b/systemd/softether-vpnserver.service
new file mode 100644
index 00000000..951b13db
--- /dev/null
+++ b/systemd/softether-vpnserver.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=SoftEther VPN Server
+After=network.target auditd.service
+ConditionPathExists=!/opt/vpnserver/do_not_run
+
+[Service]
+Type=forking
+EnvironmentFile=-/opt/vpnserver
+ExecStart=/opt/vpnserver/vpnserver start
+ExecStop=/opt/vpnserver/vpnserver stop
+KillMode=process
+Restart=on-failure
+
+# Hardening
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/opt/vpnserver
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
+
+[Install]
+WantedBy=multi-user.target
+
+