From: David Sommerseth Date: Wed, 6 Sep 2017 23:47:05 +0000 (+0200) Subject: systemd: Ensure systemd shuts down OpenVPN in a proper way X-Git-Tag: v2.4.4~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b49c1ca407e046debebf5633c117d679b9e20555;p=thirdparty%2Fopenvpn.git systemd: Ensure systemd shuts down OpenVPN in a proper way By default, when systemd is stopping OpenVPN it will send the SIGTERM to all processes within the same process control-group. This can come as a surprise to plug-ins which may have fork()ed out child processes. So we tell systemd to only send the SIGTERM signal to the main OpenVPN process and let OpenVPN take care of the shutdown process on its own. If the main OpenVPN process does not stop within 90 seconds (unless changed), it will send SIGKILL to all remaining processes within the same process control-group. This issue have been reported in both Debian and Fedora. Trac: 581 Message-Id: <20170906234705.26202-1-davids@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15369.html Signed-off-by: David Sommerseth [DS: Applied lazy-ack policy] (cherry picked from commit 29446a18e1f2b52d20f359253b085e96fe458367) --- diff --git a/distro/systemd/openvpn-client@.service.in b/distro/systemd/openvpn-client@.service.in index 49e3f51cc..cbcef6533 100644 --- a/distro/systemd/openvpn-client@.service.in +++ b/distro/systemd/openvpn-client@.service.in @@ -17,6 +17,7 @@ DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true +KillMode=process [Install] WantedBy=multi-user.target diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in index 9a8a2c730..b343868a9 100644 --- a/distro/systemd/openvpn-server@.service.in +++ b/distro/systemd/openvpn-server@.service.in @@ -17,6 +17,7 @@ DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true +KillMode=process [Install] WantedBy=multi-user.target