Incorrect location for openvpn host-to-net drop-in file

EddieA · March 26, 2017, 2:07am

The “drop-in” file for the host-to-net OpenVPN service (host-to-net.conf) is currently located in: /etc/systemd/system/openvpn@.service.d. Having the file in this directory will cause it to be parsed for any instantiated OpenVPN service started, not just openvpn@host-to-net.

The correct location should be: /etc/systemd/system/openvpn@host-to-net.service.d

Cheers.

giacomo · March 27, 2017, 7:14am

Could you please paste an extract of the log files and give little more hints to reproduce it?

Did you create a net-to-net with road warrior server enabled?

EddieA · March 27, 2017, 5:10pm

It was displaying the status of the OpenVPN host-to-net service that got me investigating. Just displaying the status shows the issue.

With the host-to-net.conf file in the location as shipped by NS:

[root@Nethserver ~]# systemctl status openvpn@host-to-net
● openvpn@host-to-net.service - OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/openvpn@.service.d
           └─host-to-net.conf
   Active: active (running) since Fri 2017-03-24 19:18:13 PDT; 2 days ago
 Main PID: 1372 (openvpn)

[root@Nethserver ~]# systemctl status openvpn@UK-VPN2
● openvpn@UK-VPN2.service - OpenVPN Robust And Highly Flexible Tunneling Application On UK/VPN2
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/openvpn@.service.d
           └─host-to-net.conf
   Active: active (running) since Fri 2017-03-24 19:18:13 PDT; 2 days ago
 Main PID: 1379 (openvpn)

Notice that the Drop-in file is used for both instantiated services.

Now, after moving the file to the location suggested:

[root@Nethserver ~]# systemctl status openvpn@host-to-net                       ● openvpn@host-to-net.service - OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/openvpn@host-to-net.service.d
           └─host-to-net.conf
   Active: active (running) since Fri 2017-03-24 19:18:13 PDT; 2 days ago
 Main PID: 1372 (openvpn)

[root@Nethserver ~]# systemctl status openvpn@UK-VPN2                           ● openvpn@UK-VPN2.service - OpenVPN Robust And Highly Flexible Tunneling Application On UK/VPN2
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-03-24 19:18:13 PDT; 2 days ago
 Main PID: 1379 (openvpn)

Now, the Drop-in file is only being used for the service it’s designed for.

Cheers.