Restore "openvpn@.service" from packaging of openvpn 2.3.6, so we can
start the sysmocom vpn the same way as currently described in the
manuals.
Previous patch 8439e71a99 already
attempted to do this, but only brought back "openvpn.service" and not
"openvpn@.service".
Fixes: 8439e71a ("openvpn: bring back openvpn.service file")
Related: SYS#6303
Change-Id: I28a7f491d74690409f815555743679c69e31b518
Restore the openvpn.service file from packaging of openvpn 2.3.6, so we
can still start it the same way (as currently described in manuals).
Related: SYS#6303
Change-Id: I2cf96bc1ecca79ae98be1181fbd3c15edad15ca8
Our openvpn server has meanwhile been migrated to 2.5.x, and
establishing backwards compatibility with 2.3.x means we have to
disable ciphers + tls versions that are no longer considered secure.
Related: SYS#6303
I have no idea who creates the /run/openvpn directory on Debian.
The path is not in a tmpfiles.d and I don't see the generator
creating it or the service file indicating that it needs to be
created. Place the file with openvpn.NAME.status into the /run
directory which appears to work on the device.
We want to use systemd for managing the lifetime of OpenVPN. Take
the debian generator (which should work with busybox ash) and the
openvpn.service (to inhibit the sysvinit script) and the target
file and install it.
On systems that have ran "update-rc.d openvpn defaults" one need
to manually execute a systemctl enable openvpn.service. This is
not done through a post-inst script and I am not sure if we should
do it. This means there is a danger of ending with a unit that
doesn't start OpenVPN automatically after upgrade!
The scripts/packages have not been tested on a device yet.