What is the purpose of OpenVPN's /etc/openvpn/{client,server} directories?












5















Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



dpkg -L openvpn
...
/etc/openvpn/client
/etc/openvpn/server
...


I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



Chroot? But then, why 2?










share|improve this question



























    5















    Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



    dpkg -L openvpn
    ...
    /etc/openvpn/client
    /etc/openvpn/server
    ...


    I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



    Chroot? But then, why 2?










    share|improve this question

























      5












      5








      5


      1






      Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



      dpkg -L openvpn
      ...
      /etc/openvpn/client
      /etc/openvpn/server
      ...


      I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



      Chroot? But then, why 2?










      share|improve this question














      Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



      dpkg -L openvpn
      ...
      /etc/openvpn/client
      /etc/openvpn/server
      ...


      I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



      Chroot? But then, why 2?







      vpn openvpn debian






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jun 21 '18 at 5:46









      ezaquariiezaquarii

      1334




      1334






















          2 Answers
          2






          active

          oldest

          votes


















          1














          In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




          As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
          a fine grained control of each OpenVPN configuration as well as trying
          to restrict the capabilities the OpenVPN process have on a system.



          These new unit files separates between client and server profiles.
          The configuration files are kept in separate directories, to provide
          clarity of the profile they run under.



          Typically the client profile cannot bind to any ports below port 1024
          and the client configuration is always started with --nobind.




          source



          It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




          • If your configuration is in /etc/openvpn/MyVpn.conf,

            use systemctl start openvpn@MyVpn.service to start the service


          • If your configuration is in /etc/openvpn/client/MyVpn.conf,

            use systemctl start openvpn-client@MyVpn.service to start the service


          • If your configuration is in /etc/openvpn/server/MyVpn.conf,

            use systemctl start openvpn-server@MyVpn.service to start the service







          share|improve this answer

































            0














            I'm unable to post a comment above but wanted to point out a mistake in in 3dGrabber's answer but in this neck of the SE woods my reputation is too low, but wanted to point this out for those who come to via a searching so they aren't left scratching their heads when this fails somewhat cryptically.



            systemctl start openvpn-client@MyVpn.service should be:



            systemctl start openvpn-client@MyVpn



            and



            systemctl start openvpn-server@MyVpn.service should be:



            systemctl start openvpn-server@MyVpn



            The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






            share|improve this answer










            New contributor




            szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.




















              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "89"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1048429%2fwhat-is-the-purpose-of-openvpns-etc-openvpn-client-server-directories%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              1














              In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




              As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
              a fine grained control of each OpenVPN configuration as well as trying
              to restrict the capabilities the OpenVPN process have on a system.



              These new unit files separates between client and server profiles.
              The configuration files are kept in separate directories, to provide
              clarity of the profile they run under.



              Typically the client profile cannot bind to any ports below port 1024
              and the client configuration is always started with --nobind.




              source



              It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




              • If your configuration is in /etc/openvpn/MyVpn.conf,

                use systemctl start openvpn@MyVpn.service to start the service


              • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                use systemctl start openvpn-client@MyVpn.service to start the service


              • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                use systemctl start openvpn-server@MyVpn.service to start the service







              share|improve this answer






























                1














                In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




                As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
                a fine grained control of each OpenVPN configuration as well as trying
                to restrict the capabilities the OpenVPN process have on a system.



                These new unit files separates between client and server profiles.
                The configuration files are kept in separate directories, to provide
                clarity of the profile they run under.



                Typically the client profile cannot bind to any ports below port 1024
                and the client configuration is always started with --nobind.




                source



                It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




                • If your configuration is in /etc/openvpn/MyVpn.conf,

                  use systemctl start openvpn@MyVpn.service to start the service


                • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                  use systemctl start openvpn-client@MyVpn.service to start the service


                • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                  use systemctl start openvpn-server@MyVpn.service to start the service







                share|improve this answer




























                  1












                  1








                  1







                  In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




                  As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
                  a fine grained control of each OpenVPN configuration as well as trying
                  to restrict the capabilities the OpenVPN process have on a system.



                  These new unit files separates between client and server profiles.
                  The configuration files are kept in separate directories, to provide
                  clarity of the profile they run under.



                  Typically the client profile cannot bind to any ports below port 1024
                  and the client configuration is always started with --nobind.




                  source



                  It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




                  • If your configuration is in /etc/openvpn/MyVpn.conf,

                    use systemctl start openvpn@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                    use systemctl start openvpn-client@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                    use systemctl start openvpn-server@MyVpn.service to start the service







                  share|improve this answer















                  In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




                  As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
                  a fine grained control of each OpenVPN configuration as well as trying
                  to restrict the capabilities the OpenVPN process have on a system.



                  These new unit files separates between client and server profiles.
                  The configuration files are kept in separate directories, to provide
                  clarity of the profile they run under.



                  Typically the client profile cannot bind to any ports below port 1024
                  and the client configuration is always started with --nobind.




                  source



                  It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




                  • If your configuration is in /etc/openvpn/MyVpn.conf,

                    use systemctl start openvpn@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                    use systemctl start openvpn-client@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                    use systemctl start openvpn-server@MyVpn.service to start the service








                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Oct 23 '18 at 13:58

























                  answered Oct 23 '18 at 13:47









                  3dGrabber3dGrabber

                  1264




                  1264

























                      0














                      I'm unable to post a comment above but wanted to point out a mistake in in 3dGrabber's answer but in this neck of the SE woods my reputation is too low, but wanted to point this out for those who come to via a searching so they aren't left scratching their heads when this fails somewhat cryptically.



                      systemctl start openvpn-client@MyVpn.service should be:



                      systemctl start openvpn-client@MyVpn



                      and



                      systemctl start openvpn-server@MyVpn.service should be:



                      systemctl start openvpn-server@MyVpn



                      The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






                      share|improve this answer










                      New contributor




                      szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                      Check out our Code of Conduct.

























                        0














                        I'm unable to post a comment above but wanted to point out a mistake in in 3dGrabber's answer but in this neck of the SE woods my reputation is too low, but wanted to point this out for those who come to via a searching so they aren't left scratching their heads when this fails somewhat cryptically.



                        systemctl start openvpn-client@MyVpn.service should be:



                        systemctl start openvpn-client@MyVpn



                        and



                        systemctl start openvpn-server@MyVpn.service should be:



                        systemctl start openvpn-server@MyVpn



                        The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






                        share|improve this answer










                        New contributor




                        szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                        Check out our Code of Conduct.























                          0












                          0








                          0







                          I'm unable to post a comment above but wanted to point out a mistake in in 3dGrabber's answer but in this neck of the SE woods my reputation is too low, but wanted to point this out for those who come to via a searching so they aren't left scratching their heads when this fails somewhat cryptically.



                          systemctl start openvpn-client@MyVpn.service should be:



                          systemctl start openvpn-client@MyVpn



                          and



                          systemctl start openvpn-server@MyVpn.service should be:



                          systemctl start openvpn-server@MyVpn



                          The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






                          share|improve this answer










                          New contributor




                          szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.










                          I'm unable to post a comment above but wanted to point out a mistake in in 3dGrabber's answer but in this neck of the SE woods my reputation is too low, but wanted to point this out for those who come to via a searching so they aren't left scratching their heads when this fails somewhat cryptically.



                          systemctl start openvpn-client@MyVpn.service should be:



                          systemctl start openvpn-client@MyVpn



                          and



                          systemctl start openvpn-server@MyVpn.service should be:



                          systemctl start openvpn-server@MyVpn



                          The .service suffix was likely mistaken from the file that's created upon systemctl enable ...







                          share|improve this answer










                          New contributor




                          szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.









                          share|improve this answer



                          share|improve this answer








                          edited 7 mins ago





















                          New contributor




                          szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.









                          answered 2 hours ago









                          szrszr

                          11




                          11




                          New contributor




                          szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.





                          New contributor





                          szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.






                          szr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Ask Ubuntu!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1048429%2fwhat-is-the-purpose-of-openvpns-etc-openvpn-client-server-directories%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              GameSpot

                              日野市

                              Tu-95轟炸機