I have a script --------------------------------- #! /bin/sh sudo systemctl restart openvpn@client.service --------------------------------- which I run (under Fedora-17) if vpn is not connected when I logon (normally after hibernating).
I'm wondering if there is a "systemctl enable" or similar command which will do this more simply?
On 08/25/2012 07:26 PM, Timothy Murphy wrote:
I have a script
#! /bin/sh sudo systemctl restart openvpn@client.service
which I run (under Fedora-17) if vpn is not connected when I logon (normally after hibernating).
I'm wondering if there is a "systemctl enable" or similar command which will do this more simply?
Which desktop do you use? KDE has an Autostart capability. You could modify your script to detect if the connection is active and if so do nothing and if not run the "systemctl restart" which you currently run by hand...which is what I think you are doing.
Ed Greshko wrote:
I have a script
#! /bin/sh sudo systemctl restart openvpn@client.service
which I run (under Fedora-17) if vpn is not connected when I logon (normally after hibernating).
I'm wondering if there is a "systemctl enable" or similar command which will do this more simply?
Which desktop do you use? KDE has an Autostart capability. You could modify your script to detect if the connection is active and if so do nothing and if not run the "systemctl restart" which you currently run by hand...which is what I think you are doing.
Thanks for your response. But that's essentially what I do. I can see if vpn is active. If it isn't I run the script. (I do run KDE, incidentally.)
But surely there should be a way of enabling this service, as there used to be? Wouldn't it be much simpler just to default to client, which I imagine is what 99% of users want? Why can't openvpn run like every other service?
Simplicity ... simplicity ... simplicity
On Sat, Aug 25, 2012 at 4:26 AM, Timothy Murphy gayleard@eircom.net wrote:
I have a script
#! /bin/sh sudo systemctl restart openvpn@client.service
which I run (under Fedora-17) if vpn is not connected when I logon (normally after hibernating).
I'm wondering if there is a "systemctl enable" or similar command which will do this more simply?
Have you looked at NetworkManager?
-- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Saturday, 25. August 2012. 17.55.26 Timothy Murphy wrote:
But surely there should be a way of enabling this service, as there used to be? Wouldn't it be much simpler just to default to client, which I imagine is what 99% of users want? Why can't openvpn run like every other service?
In what sense openvpn *doesn't* run like every other service?
I have openvpn set up and running here on my laptop. The client is basically always active and retries periodically to reconnect to the remote server until success (laptop might not always have a connection to the Internet). I never hibernate the machine, but suspending to RAM and back is completely transparent, openvpn stays active all the time.
I'm on F16 here, but there should be no difference to F17 AFAIK, since both use systemd.
All I did to set up openvpn with systemd was to follow instructions on the Fedora wiki:
http://fedoraproject.org/wiki/Openvpn#Working_with_systemd
What exactly is the problem in your case?
HTH, :-) Marko
On 08/25/2012 11:55 PM, Timothy Murphy wrote:
Thanks for your response. But that's essentially what I do. I can see if vpn is active. If it isn't I run the script. (I do run KDE, incidentally.)
I don't get from what you said if your process is a manual or automatic process. Which?
But surely there should be a way of enabling this service, as there used to be? Wouldn't it be much simpler just to default to client, which I imagine is what 99% of users want? Why can't openvpn run like every other service?
I may have misunderstood....but your openvpn@client.service brings up a tunnel, right? I've never tried getting the client side to create a tunnel on login. Is it safe to say that the tunnel is created on system boot?
Marko Vojinovic wrote:
But surely there should be a way of enabling this service, as there used to be? Wouldn't it be much simpler just to default to client, which I imagine is what 99% of users want? Why can't openvpn run like every other service?
In what sense openvpn *doesn't* run like every other service?
I have openvpn set up and running here on my laptop. The client is basically always active and retries periodically to reconnect to the remote server until success (laptop might not always have a connection to the Internet). I never hibernate the machine, but suspending to RAM and back is completely transparent, openvpn stays active all the time.
I'm on F16 here, but there should be no difference to F17 AFAIK, since both use systemd.
All I did to set up openvpn with systemd was to follow instructions on the Fedora wiki:
http://fedoraproject.org/wiki/Openvpn#Working_with_systemd
What exactly is the problem in your case?
This document is concerned with setting up an openvpn server (which I have running on a CentOS machine without problem). I was talking about running an openvpn _client_ on a Fedora machine. The only advice in the document about this is ---------------------------------- to start a connection, run systemctl start openvpn@foo.service, where the connection is defined in /etc/openvpn/foo.conf ---------------------------------- which is exactly what my script above does (with client for foo).
Actually, openvpn sometimes stays active when I hibernate, but more often it does not.
Jack Craig wrote:
On Sat, Aug 25, 2012 at 4:26 AM, Timothy Murphy gayleard@eircom.net wrote:
I have a script
#! /bin/sh sudo systemctl restart openvpn@client.service
which I run (under Fedora-17) if vpn is not connected when I logon (normally after hibernating).
I'm wondering if there is a "systemctl enable" or similar command which will do this more simply?
Have you looked at NetworkManager?
I use NM for WiFi on laptops, but I don't run it on servers. I don't really want to involve NM in OpenVPN; I don't really see what the two have to do with each other.
This is a different issue, but NM does not work perfectly for me. It works 95% of the time, but not 100%. OpenVPN works 100% of the time, so for me it would be foolish to make it depend on something that is not itself 100% dependable.
Marko Vojinovic wrote:
In what sense openvpn *doesn't* run like every other service?
Before systemd/systemctl came along I just used to say "chkconfig openvpn on". I'm just asking why I can't do the equivalent today?
As far as I know, one can "systemctl enable" every other service.
On Sunday, 26. August 2012. 0.00.16 Timothy Murphy wrote:
Marko Vojinovic wrote:
In what sense openvpn *doesn't* run like every other service?
Before systemd/systemctl came along I just used to say "chkconfig openvpn on". I'm just asking why I can't do the equivalent today?
As far as I know, one can "systemctl enable" every other service.
Well, if you take another look at the link I gave you,
http://fedoraproject.org/wiki/Openvpn#Working_with_systemd
you will see that after the server setup instructions, there are also the client setup instructions. Assuming that you have already configured keys and the openvpn configuration file /etc/openvpn/MyClient.conf, you might be interested in these particular steps:
4. cd /lib/systemd/system 5. ln openvpn@.service openvpn@MyClient.service 6. systemctl enable openvpn@MyClient.service 7. systemctl start openvpn@MyClient.service
This worked for me, openvpn client service starts automatically at boot, and never shuts down. If it doesn't work for you, look at /var/log/messages and tell us what went wrong.
HTH, :-) Marko
Am 26.08.2012 00:00, schrieb Timothy Murphy:
Marko Vojinovic wrote:
In what sense openvpn *doesn't* run like every other service?
Before systemd/systemctl came along I just used to say "chkconfig openvpn on". I'm just asking why I can't do the equivalent today?
As far as I know, one can "systemctl enable" every other service.
how often do we start this discussion how did yu enable DIFFERENT openvpn-connections before systemd? why do you no simply create ION file to do what you like?
/etc/systemd/system/openvpn.service:
[Unit] Description=OpenVPN After=syslog.target network.target network-wlan-bridge.service
[Service] Type=forking ExecStart=/usr/sbin/openvpn --daemon --cd /etc/openvpn/ --config openvpn.conf Restart=always RestartSec=1
[Install] WantedBy=multi-user.target
Marko Vojinovic wrote:
On Sunday, 26. August 2012. 0.00.16 Timothy Murphy wrote:
Marko Vojinovic wrote:
In what sense openvpn *doesn't* run like every other service?
Before systemd/systemctl came along I just used to say "chkconfig openvpn on". I'm just asking why I can't do the equivalent today?
As far as I know, one can "systemctl enable" every other service.
Well, if you take another look at the link I gave you,
http://fedoraproject.org/wiki/Openvpn#Working_with_systemd
you will see that after the server setup instructions, there are also the client setup instructions.
You are right, of course, (I assumed, since the document gave instructions for starting a client, and then went over to instructions for a server that this was all there was. I should have been more thorough.)
Assuming that you have already configured keys and the openvpn configuration file /etc/openvpn/MyClient.conf, you might be interested in these particular steps:
- cd /lib/systemd/system
- ln openvpn@.service openvpn@MyClient.service
- systemctl enable openvpn@MyClient.service
- systemctl start openvpn@MyClient.service
This worked for me, openvpn client service starts automatically at boot, and never shuts down. If it doesn't work for you, look at /var/log/messages and tell us what went wrong.
Yes, thank you very much. This seems to answer my question comprehensively.
The only excuse I have is that other people must have missed this, since various complicated suggestions have been put forward.
And I do think that this link should probably be made by default, since the instructions for setting up an openvpn client assume throughout that the config file is called client.conf .
Perhaps with a note in the documentation about what to do if one is running more than one openvpn service.
Reindl Harald wrote:
Before systemd/systemctl came along I just used to say "chkconfig openvpn on". I'm just asking why I can't do the equivalent today?
As far as I know, one can "systemctl enable" every other service.
how often do we start this discussion how did yu enable DIFFERENT openvpn-connections before systemd?
I only had (and have) one openvpn service, so the issue didn't arise.
I assume anyone running more than one openvpn service (a tiny minority, I imagine) would realise they had to take steps to deal with this.
why do you no simply create ION file to do what you like?
Because I didn't know what an ION file was until you gave an example.)
Basically, I don't like to change the default system more than is absolutely necessary, as I have little confidence in my ability to understand the implications.
/etc/systemd/system/openvpn.service:
[Unit] Description=OpenVPN After=syslog.target network.target network-wlan-bridge.service
[Service] Type=forking ExecStart=/usr/sbin/openvpn --daemon --cd /etc/openvpn/ --config openvpn.conf Restart=always RestartSec=1
[Install] WantedBy=multi-user.target
On Sunday, 26. August 2012. 17.44.25 Timothy Murphy wrote:
Marko Vojinovic wrote:
- cd /lib/systemd/system
- ln openvpn@.service openvpn@MyClient.service
And I do think that this link should probably be made by default, since the instructions for setting up an openvpn client assume throughout that the config file is called client.conf .
Perhaps with a note in the documentation about what to do if one is running more than one openvpn service.
Well, I could imagine that probably most of the people would call their config file "client.conf",but if some user chooses to give it another name, he is back to square one and has to do steps 4. and 5. anyway.
But feel free to file a RFE in the bugzilla for openvpn, maybe the devs will be forthcoming.
By the way, I was actually nicely surprised by the fact that since F16 I can run two independent openvpn clients. Before that I had one client, and a whole bunch of permissions-tweaks, to separate the "work" from "home" stuff on the same vpn. Now I just have two independent networks on two different interfaces (tap0 and tap1), two openvpn config files (home.conf and work.conf), and I can happily start/stop either of them (or both) on the same laptop, simply by saying
systemctl stop openvpn@work.service systemctl start openvpn@home.service
etc., regardless where on the planet I may be physically. Extremely neat, comparing to what I had to do before.
So this feature can be actually quite useful, and the only drawback is that setting up openvpn requires two extra steps 4. and 5. above (done only once, of course). I understand that most people probably don't have a need for two or more vpn's, but overall there is really some nonzero benefit from the "new way" of setting up openvpn. Besides, people who are able to configure and run an openvpn client (let alone server) are typically not noobs, and having to create one link to a file as an extra configuration step will not kill them. ;-)
But I do understand your side of the story as well, I had to go through it myself... :-)
HTH, :-) Marko
On 2012/08/25 15:07, Reindl Harald wrote:
Am 26.08.2012 00:00, schrieb Timothy Murphy:
Marko Vojinovic wrote:
In what sense openvpn *doesn't* run like every other service?
Before systemd/systemctl came along I just used to say "chkconfig openvpn on". I'm just asking why I can't do the equivalent today?
As far as I know, one can "systemctl enable" every other service.
how often do we start this discussion how did yu enable DIFFERENT openvpn-connections before systemd? why do you no simply create ION file to do what you like?
/etc/systemd/system/openvpn.service:
[Unit] Description=OpenVPN After=syslog.target network.target network-wlan-bridge.service
[Service] Type=forking ExecStart=/usr/sbin/openvpn --daemon --cd /etc/openvpn/ --config openvpn.conf Restart=always RestartSec=1
[Install] WantedBy=multi-user.target
So I suppose that magical incantation is so much more obvious that chkconfig, which just worked, had to be done away with. Riiiiight! If it's not broke let's fix it anyway.
{+_+}
Am 27.08.2012 00:20, schrieb jdow:
On 2012/08/25 15:07, Reindl Harald wrote:
Am 26.08.2012 00:00, schrieb Timothy Murphy:
Marko Vojinovic wrote:
In what sense openvpn *doesn't* run like every other service?
Before systemd/systemctl came along I just used to say "chkconfig openvpn on". I'm just asking why I can't do the equivalent today?
As far as I know, one can "systemctl enable" every other service.
how often do we start this discussion how did yu enable DIFFERENT openvpn-connections before systemd? why do you no simply create ION file to do what you like?
/etc/systemd/system/openvpn.service:
[Unit] Description=OpenVPN After=syslog.target network.target network-wlan-bridge.service
[Service] Type=forking ExecStart=/usr/sbin/openvpn --daemon --cd /etc/openvpn/ --config openvpn.conf Restart=always RestartSec=1
[Install] WantedBy=multi-user.target
So I suppose that magical incantation is so much more obvious that chkconfig, which just worked, had to be done away with. Riiiiight! If it's not broke let's fix it anyway.
boah you can even type "chkconfig openvpn on" if the unit-file like above exists - systemd is great, only the way it was introduced in Fedora with most packages not prepared which is still the case for a lot of is really poor
normally it owuld be the job of a DISTRIBUTIOn to take care of such conversions instead release half baken bread
BUT this doe snot change the fact that a unitfile like above is written within 20 seconds, look at the sysvinit script for openvpn - was this really easier to understand?