I didnt find documentation on how to do what i wanted so i had ti figure out on my own how to make it work
basically i added all iptables commands and ip route commands inside the softether-vpnclient.service and softether-vpnserver.service
but i do get some errors on the systemd status for DHCLIENT so i feel i could have done it better maybe someone can advise how i can improve this?
Here is my config:
Code: Select all
[Unit]
Description=SoftEther VPN Client
After=network.target auditd.service
ConditionPathExists=!/usr/local/libexec/softether/vpnclient/do_not_run
[Service]
Type=forking
EnvironmentFile=-/usr/local/libexec/softether/vpnclient
ExecStart=/usr/local/libexec/softether/vpnclient/vpnclient start
ExecStartPost=/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/dhclient -q vpn_sevpn
ExecStop=/usr/local/libexec/softether/vpnclient/vpnclient stop
KillMode=process
Restart=on-failure
# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/libexec/softether/vpnclient
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID
[Install]
WantedBy=multi-user.target
Code: Select all
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/libexec/softether/vpnserver/do_not_run
[Service]
Type=forking
TasksMax=infinity
EnvironmentFile=-/usr/local/libexec/softether/vpnserver
ExecStart=/usr/local/libexec/softether/vpnserver/vpnserver start
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/ip address flush tap_sevpn
ExecStartPost=/sbin/ip addr add 192.168.7.23/24 dev tap_sevpn
ExecStartPost=/sbin/ip route add 192.168.1.0/24 via 192.168.7.100
ExecStartPost=/sbin/iptables -t nat -A POSTROUTING -o enp1s0 -s 192.168.7.0/24 -j SNAT --to-source 192.168.1.23
ExecStop=/usr/local/libexec/softether/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/libexec/softether/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID
[Install]
WantedBy=multi-user.target