1 files changed, 13 insertions, 1 deletions

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 7f4aa367f..735b39ba3 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -66,6 +66,7 @@ cfg_file = '/run/openvpn/{ifname}.conf'
 otp_path = '/config/auth/openvpn'
 otp_file = '/config/auth/openvpn/{ifname}-otp-secrets'
 secret_chars = list('ABCDEFGHIJKLMNOPQRSTUVWXYZ234567')
+service_file = '/run/systemd/system/openvpn@{ifname}.service.d/20-override.conf'
 
 def get_config(config=None):
     """
@@ -98,7 +99,7 @@ def get_config(config=None):
     # originate comes with defaults, which will enable the
     # totp plugin, even when not set via CLI so we
     # need to check this first and drop those keys
-    if 'totp' not in tmp_openvpn['server']:
+    if dict_search('server.totp', tmp_openvpn) == None:
         del openvpn['server']['mfa']['totp']
         
     return openvpn
@@ -584,6 +585,11 @@ def generate(openvpn):
     if os.path.isdir(ccd_dir):
         rmtree(ccd_dir, ignore_errors=True)
 
+    # Remove systemd directories with overrides
+    service_dir = os.path.dirname(service_file.format(**openvpn))
+    if os.path.isdir(service_dir):
+        rmtree(service_dir, ignore_errors=True)
+
     if 'deleted' in openvpn or 'disable' in openvpn:
         return None
 
@@ -619,6 +625,12 @@ def generate(openvpn):
     render(cfg_file.format(**openvpn), 'openvpn/server.conf.tmpl', openvpn,
            formater=lambda _: _.replace(""", '"'), user=user, group=group)
 
+    # Render 20-override.conf for OpenVPN service
+    render(service_file.format(**openvpn), 'openvpn/service-override.conf.tmpl', openvpn,
+           formater=lambda _: _.replace(""", '"'), user=user, group=group)
+    # Reload systemd services config to apply an override
+    call(f'systemctl daemon-reload')
+
     return None
 
 def apply(openvpn):