VPN client service on Linux ARMv7

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
zero88
Posts: 1
Joined: Fri Mar 19, 2021 10:29 am
Contact:

VPN client service on Linux ARMv7

Post by zero88 » Fri Mar 19, 2021 10:55 am

Hi, and thanks to your VPN
I'm using your Softether VPN to manage a tons of IoT board linux armv7. I used `v4.29-9680-rtm`
Current, I wrote a python script to collect vpn artifact from github and auto build/deploy/connect per each device.
My requirements is `vpnclient` must auto restart after device is restarted then I used linux service.
However, one issue that I have not yet understand: after sometime, vpnclient has some zombie process or many vpnclient process(>2).
1. is it safe if I start vpnclient only with using linux service? I saw after starting `vpnclient`, softether will auto create PID file is `.pid_[uuid-without-dash]`.
2. When I tried with linux service, I set `type=forking` because it is best practice for background service like `vpnclient start`. but I don't know how to get PID correctly in programmatic. So should I switch to `type=simple` and let softether manage its PID.

Code: Select all

[Unit]
Description=NubeIO VPN Client
After=network.target auditd.service network-online.target
ConditionPathExists=!{{INSTALL_DIR}}/vpnclient/do_not_run

[Service]
Type=forking
Restart=on-failure
KillMode=control-group
TimeoutStartSec=0
EnvironmentFile=-{{INSTALL_DIR}}/vpnclient
ExecStart={{INSTALL_DIR}}/vpnclient/vpnclient start
ExecStop={{INSTALL_DIR}}/vpnclient/vpnclient stop

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-{{INSTALL_DIR}}/vpnclient
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target

Post Reply