kevin01523/softether-vpnserver.service

## softether-vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/opt/vpnserver/do_not_run

[Service]
Type=forking
EnvironmentFile=-/opt/vpnserver
ExecStart=/opt/vpnserver/vpnserver start
ExecStartPost=/bin/sleep 3s
ExecStartPost=/sbin/ip address add 192.168.234.1/24 dev tap_vpn
ExecStop=/opt/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/opt/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target
	[Unit]
	Description=SoftEther VPN Server
	After=network.target auditd.service
	ConditionPathExists=!/opt/vpnserver/do_not_run

	[Service]
	Type=forking
	EnvironmentFile=-/opt/vpnserver
	ExecStart=/opt/vpnserver/vpnserver start
	ExecStartPost=/bin/sleep 3s
	ExecStartPost=/sbin/ip address add 192.168.234.1/24 dev tap_vpn
	ExecStop=/opt/vpnserver/vpnserver stop
	KillMode=process
	Restart=on-failure

	# Hardening
	PrivateTmp=yes
	ProtectHome=yes
	ProtectSystem=full
	ReadOnlyDirectories=/
	ReadWriteDirectories=-/opt/vpnserver
	CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

	[Install]
	WantedBy=multi-user.target