What is the purpose of OpenVPN's /etc/openvpn/{client,server} directories?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







5















Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



dpkg -L openvpn

...

/etc/openvpn/client

/etc/openvpn/server

...


I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



Chroot? But then, why 2?






vpn openvpn debian







share|improve this question





























    5















    Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



    dpkg -L openvpn
    
...
    
/etc/openvpn/client
    
/etc/openvpn/server
    
...


    I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



    Chroot? But then, why 2?






    vpn openvpn debian







    share|improve this question

























      5












      5








      5


      2






      Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



      dpkg -L openvpn
      
...
      
/etc/openvpn/client
      
/etc/openvpn/server
      
...


      I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



      Chroot? But then, why 2?






      vpn openvpn debian







      share|improve this question














      Ubuntu/Debian OpenVPN package contains 2 mysterious directories:



      dpkg -L openvpn
      
...
      
/etc/openvpn/client
      
/etc/openvpn/server
      
...


      I'm wondering what is the purpose of those directories? All tutorials advice placing files directly in /etc/openvpn/ and init/systemd scripts also pick config files from there.



      Chroot? But then, why 2?






      vpn openvpn debian




      vpn openvpn debian






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jun 21 '18 at 5:46









      ezaquariiezaquarii

      1335




      1335






















          2 Answers
          2






          active

          oldest

          votes


















          2














          In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




          As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
          a fine grained control of each OpenVPN configuration as well as trying
          to restrict the capabilities the OpenVPN process have on a system.



          These new unit files separates between client and server profiles.
          The configuration files are kept in separate directories, to provide
          clarity of the profile they run under.



          Typically the client profile cannot bind to any ports below port 1024
          and the client configuration is always started with --nobind.




          source



          It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




          • If your configuration is in /etc/openvpn/MyVpn.conf,

            use systemctl start openvpn@MyVpn.service to start the service


          • If your configuration is in /etc/openvpn/client/MyVpn.conf,

            use systemctl start openvpn-client@MyVpn.service to start the service


          • If your configuration is in /etc/openvpn/server/MyVpn.conf,

            use systemctl start openvpn-server@MyVpn.service to start the service







          share|improve this answer

































            1














            I'm unable to post a comment above in response to 3dGrabber's answer since my reputation in this neck of the SE woods is too low. I wanted to point out a mistake in said answer for those who come via searching so they aren't left scratching their heads when this fails somewhat cryptically.



            systemctl start openvpn-client@MyVpn.service should be:



            systemctl start openvpn-client@MyVpn



            and



            systemctl start openvpn-server@MyVpn.service should be:



            systemctl start openvpn-server@MyVpn



            The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






            share|improve this answer


























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "89"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1048429%2fwhat-is-the-purpose-of-openvpns-etc-openvpn-client-server-directories%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              2














              In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




              As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
              a fine grained control of each OpenVPN configuration as well as trying
              to restrict the capabilities the OpenVPN process have on a system.



              These new unit files separates between client and server profiles.
              The configuration files are kept in separate directories, to provide
              clarity of the profile they run under.



              Typically the client profile cannot bind to any ports below port 1024
              and the client configuration is always started with --nobind.




              source



              It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




              • If your configuration is in /etc/openvpn/MyVpn.conf,

                use systemctl start openvpn@MyVpn.service to start the service


              • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                use systemctl start openvpn-client@MyVpn.service to start the service


              • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                use systemctl start openvpn-server@MyVpn.service to start the service







              share|improve this answer






























                2














                In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




                As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
                a fine grained control of each OpenVPN configuration as well as trying
                to restrict the capabilities the OpenVPN process have on a system.



                These new unit files separates between client and server profiles.
                The configuration files are kept in separate directories, to provide
                clarity of the profile they run under.



                Typically the client profile cannot bind to any ports below port 1024
                and the client configuration is always started with --nobind.




                source



                It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




                • If your configuration is in /etc/openvpn/MyVpn.conf,

                  use systemctl start openvpn@MyVpn.service to start the service


                • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                  use systemctl start openvpn-client@MyVpn.service to start the service


                • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                  use systemctl start openvpn-server@MyVpn.service to start the service







                share|improve this answer




























                  2












                  2








                  2







                  In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




                  As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
                  a fine grained control of each OpenVPN configuration as well as trying
                  to restrict the capabilities the OpenVPN process have on a system.



                  These new unit files separates between client and server profiles.
                  The configuration files are kept in separate directories, to provide
                  clarity of the profile they run under.



                  Typically the client profile cannot bind to any ports below port 1024
                  and the client configuration is always started with --nobind.




                  source



                  It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




                  • If your configuration is in /etc/openvpn/MyVpn.conf,

                    use systemctl start openvpn@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                    use systemctl start openvpn-client@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                    use systemctl start openvpn-server@MyVpn.service to start the service







                  share|improve this answer















                  In v2.4 they introduced new systemd service profiles tailored for client resp. server applications.




                  As of OpenVPN v2.4, upstream is shipping systemd unit files to provide
                  a fine grained control of each OpenVPN configuration as well as trying
                  to restrict the capabilities the OpenVPN process have on a system.



                  These new unit files separates between client and server profiles.
                  The configuration files are kept in separate directories, to provide
                  clarity of the profile they run under.



                  Typically the client profile cannot bind to any ports below port 1024
                  and the client configuration is always started with --nobind.




                  source



                  It remains backward compatible, i.e. you can still store your .conf file in /etc/openvpn.




                  • If your configuration is in /etc/openvpn/MyVpn.conf,

                    use systemctl start openvpn@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/client/MyVpn.conf,

                    use systemctl start openvpn-client@MyVpn.service to start the service


                  • If your configuration is in /etc/openvpn/server/MyVpn.conf,

                    use systemctl start openvpn-server@MyVpn.service to start the service








                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Oct 23 '18 at 13:58

























                  answered Oct 23 '18 at 13:47









                  3dGrabber3dGrabber

                  1365




                  1365

























                      1














                      I'm unable to post a comment above in response to 3dGrabber's answer since my reputation in this neck of the SE woods is too low. I wanted to point out a mistake in said answer for those who come via searching so they aren't left scratching their heads when this fails somewhat cryptically.



                      systemctl start openvpn-client@MyVpn.service should be:



                      systemctl start openvpn-client@MyVpn



                      and



                      systemctl start openvpn-server@MyVpn.service should be:



                      systemctl start openvpn-server@MyVpn



                      The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






                      share|improve this answer






























                        1














                        I'm unable to post a comment above in response to 3dGrabber's answer since my reputation in this neck of the SE woods is too low. I wanted to point out a mistake in said answer for those who come via searching so they aren't left scratching their heads when this fails somewhat cryptically.



                        systemctl start openvpn-client@MyVpn.service should be:



                        systemctl start openvpn-client@MyVpn



                        and



                        systemctl start openvpn-server@MyVpn.service should be:



                        systemctl start openvpn-server@MyVpn



                        The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






                        share|improve this answer




























                          1












                          1








                          1







                          I'm unable to post a comment above in response to 3dGrabber's answer since my reputation in this neck of the SE woods is too low. I wanted to point out a mistake in said answer for those who come via searching so they aren't left scratching their heads when this fails somewhat cryptically.



                          systemctl start openvpn-client@MyVpn.service should be:



                          systemctl start openvpn-client@MyVpn



                          and



                          systemctl start openvpn-server@MyVpn.service should be:



                          systemctl start openvpn-server@MyVpn



                          The .service suffix was likely mistaken from the file that's created upon systemctl enable ...






                          share|improve this answer















                          I'm unable to post a comment above in response to 3dGrabber's answer since my reputation in this neck of the SE woods is too low. I wanted to point out a mistake in said answer for those who come via searching so they aren't left scratching their heads when this fails somewhat cryptically.



                          systemctl start openvpn-client@MyVpn.service should be:



                          systemctl start openvpn-client@MyVpn



                          and



                          systemctl start openvpn-server@MyVpn.service should be:



                          systemctl start openvpn-server@MyVpn



                          The .service suffix was likely mistaken from the file that's created upon systemctl enable ...







                          share|improve this answer














                          share|improve this answer



                          share|improve this answer








                          edited Feb 20 at 4:51

























                          answered Feb 20 at 1:45









                          szrszr

                          112




                          112






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Ask Ubuntu!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1048429%2fwhat-is-the-purpose-of-openvpns-etc-openvpn-client-server-directories%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              -

                              Popular posts from this blog

                              Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

                              Image
                              2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
                              Read more

                              ComboBox Display Member on multiple fields

                              Image
                              2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
                              Read more

                              Is it possible to collect Nectar points via Trainline?

                              Image
                              2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
                              Read more