dariusz wrote: ↑Mon Jul 17, 2017 7:03 pm
and systemd. It is relatively simple and you will find plenty of info on the net.
quick hack as you have already 2.3.4 installed is just edit /lib/systemd/system/openvpn@.service
and make sure that below line points into your 2.4 openvpn file instead of 2.3
ExecStart=/usr/local/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf
also you will have to recompile your openvpn to enable systemd if not done already.
./configure \
--enable-systemd \
--with-crypto-library=mbedtls
Happy tinkering:)
I've just been looking at this - i.e. amending systemd config to use my self-built version of OpenVPN rather than the system default version.
I'm not an expert on systemd by any stretch, but I worked out a 'better' way to override the vendor-supplied systemd file with local customisations, without touching the original service template (which is considered bad practice). I thought I'd share it here in case it helps anyone else.
You need to create an 'override.conf' file for the relevant service. In this case, it's a service template, because you can have multiple instances of openvpn-client and/or openvpn-server on the same box (running on different ports, of course).
The template I wanted to override was:
Code: Select all
/lib/systemd/system/openvpn-server@.service
Which means I need to create the following path/file:
Code: Select all
/etc/systemd/system/openvpn-server@.service.d/override.conf
Rather than creating the correct path and file myself, systemd can do it. You just:
Code: Select all
sudo systemctl edit openvpn-server@
This will open your default text editor with a blank document (unless you've already got an override file with previous changes), into which you can insert new sections or items in the unit file, or if you re-use exiting sections/items, you *override* the existing values with your own new ones.
In this case, we want to amend the
ExecStart item within the
[Service] section:
Code: Select all
[Service]
ExecStart=
ExecStart=/usr/local/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
Notice that the first, empty, setting for ExecStart effectively resets it to blank. This is necessary for the next line (with our new path to openvpn executable) to work properly, as you can only have one ExecStart item.
Save and exit, then you'll find the override file has been created in the correct location for you.
To apply the new override, you just need to:
Then, if you (stop and) start a openvpn-server service instance, you'll find it uses your custom version of openvpn. So, for example, if your openvpn server config is at
/etc/openvpn/server/myudpserver.conf, then you'd stop, start, enable and check the service using these commands:
Code: Select all
sudo systemctl stop openvpn-server@myudpserver
sudo systemctl start openvpn-server@myudpserver
sudo systemctl enable openvpn-server@myudpserver
sudo systemctl status openvpn-server@myudpserver