Use service or systemctl to control openvpn daemon on boot

openvpnservices

I'm working on a debian-based system and am still learning about systemctl vs service, but am trying to use my openvpn configuration as a use-case for working through this.

In my current setup, I'm really confused as to how openvpn appears to be starting on boot and how to manage them.

On boot, these are the openvpn processes that have been started:

> ps aux | ag 'openvpn'
nobody     952  0.0  0.0   5800  1108 ?        Ss   13:29   0:00 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf
root      1537  0.0  0.1   6088  2544 ?        Ss   13:30   0:00 /usr/sbin/openvpn --daemon --auth-nocache --config /root/.vpn_conf/pia.ovpn

I still don't know what's controlling these to start on boot.

The first proc is the server (which I wish to disable), and the other is the client which I wish to keep and continue to use.

My understanding is that one can use systemctl to list all services:

> systemctl list-unit-files --type=service | ag 'openvpn'
openvpn.service                               disabled
openvpn@.service                              disabled

What are the differences between these two? Are these the two services controlling the processes above? If they are disabled, why are they still starting on boot?

If I try and use service to get the status of openvpn, I get:

> service openvpn status
● openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; disabled)
   Active: active (exited) since Sun 2017-02-19 13:29:51 PST; 18min ago
  Process: 936 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 936 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/openvpn.service

Feb 19 13:29:51 systemd[1]: Started OpenVPN service

Which prompts me to ask:

If there are two entries in systemctl for openvpn, what is the second one called when using service openvpn_2nd? status?

Just in case, there is a /etc/init.d/openvpn script.

Any insight into some of the questions above would be greatly appreciated.

Best Answer

OpenVPN is not the best place to start if one is learning systemd, because OpenVPN is not a simple service.

OpenVPN is a templatized service under systemd. The service units are named openvpn@config.service, all derived from a single service unit file named openvpn@.service. So you are starting your /etc/openvpn/server.conf instance with 

systemctl start openvpn@server.service
and having it auto-start on bootstrap with 

systemctl enable openvpn@server.service
Obviously, you stop and disable it with the analogous commands.

This is not what is running your OpenVPN client, though. To locate the service unit for that, one can locate the unit name from the control group name, by running 

systemd-cgls /

The non-template openvpn.service is explained in the commentary at the top of its service unit file. It is something else that, again, makes this a more complex thing to learn as a novice's first experience of systemd.

Further reading

Related Question