Merge pull request #180 from hsaito/master

Systemd service configuration files for SoftEther

systemd/softether-vpnbridge.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=SoftEther VPN Bridge
+After=network.target auditd.service
+ConditionPathExists=!/opt/vpnbridge/do_not_run
+
+[Service]
+Type=forking
+ExecStart=/opt/vpnbridge/vpnbridge start
+ExecStop=/opt/vpnbridge/vpnbridge stop
+KillMode=process
+Restart=on-failure
+
+# Hardening
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/opt/vpnbridge
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
+
+[Install]
+WantedBy=multi-user.target
+

systemd/softether-vpnclient.service

@@ -0,0 +1,25 @@
+[Unit]
+Description=SoftEther VPN Client
+After=network.target auditd.service
+ConditionPathExists=!/opt/vpnclient/do_not_run
+
+[Service]
+Type=forking
+EnvironmentFile=-/opt/vpnclient
+ExecStart=/opt/vpnclient/vpnclient start
+ExecStop=/opt/vpnclient/vpnclient stop
+KillMode=process
+Restart=on-failure
+
+# Hardening
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/opt/vpnclient
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
+
+[Install]
+WantedBy=multi-user.target
+
+

systemd/softether-vpnserver.service

@@ -0,0 +1,25 @@
+[Unit]
+Description=SoftEther VPN Server
+After=network.target auditd.service
+ConditionPathExists=!/opt/vpnserver/do_not_run
+
+[Service]
+Type=forking
+EnvironmentFile=-/opt/vpnserver
+ExecStart=/opt/vpnserver/vpnserver start
+ExecStop=/opt/vpnserver/vpnserver stop
+KillMode=process
+Restart=on-failure
+
+# Hardening
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/opt/vpnserver
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
+
+[Install]
+WantedBy=multi-user.target
+
+