The OpenVPN package on Debian comes with some systemd .service files to
make VPN connections easier to manage. These (all located
in /lib/systemd/system/) are named
openvpn-client(a).service
openvpn-server(a).service
openvpn.service
openvpn(a).service
Note the @-signs in the names of three of them: these indicate
“template” services, each of which can be “instantiated” any number of
times, to create multiple service “instances”.
There seem to be two alternative ways of defining your OpenVPN services
here: the first two .service files let you define and manage client-end
and server-end connections individually, and require you to start and
stop them separately, while the latter two don’t bother
distinguishing between client-end and server-end (this is purely up to
the respective OpenVPN configurations), they are all defined by
instantiating “openvpn(a).service”. The non-template file,
“openvpn.service”, can then be used to start and stop all these
instances at once.
(It could be that the first two represent an older way of managing
connections, while the latter two are a newer, unified, more flexible
way. But hey...)
To illustrate how template instantiations work, I have been setting up
a VPN link between a virtual private server at Rimu Hosting and the
Internet router machine in my office. The VPS (with the fixed IP
address) is the server end, while my office end is the client.
On the server, I create a config file
named /etc/openvpn/server/office.conf that appropriately defines the
server end of the connection. The name “office” now automatically
becomes the name of the instance: to start this, I just type
systemctl start openvpn-server(a)office
and systemd automatically fills in the name “office” in place of the
“%i” placeholder in the contents of the openvpn-server(a).service template
file, and executes the appropriate openvpn command. (One of the
occurrences of %i is in the name of the config file.)
At the client end, I create a config file
named /etc/openvpn/client/vps.conf that appropriately defines the client
end of the connection. Here the instance name is “vps”, so the systemd
command to launch openvpn at the client end is
systemctl start openvpn-client(a)vps
and as before, instances of “%i” in the template are replaced with the
instance name, “vps”. (As before, %i is also used to produce the name
of the config file.)
Of course, manually starting and stopping OpenVPN instances may be fine
for testing, but for production use you want this to happen
automatically at boot time. Just change the systemctl “start” commands
to “enable”, and it’s done.