OpenVPN: T3350: Changed custom options for OpenVPN processing

Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.

1 files changed, 13 insertions, 0 deletions

diff --git a/src/etc/systemd/system/openvpn@.service.d/10-override.conf b/src/etc/systemd/system/openvpn@.service.d/10-override.conf
new file mode 100644
index 000000000..03fe6b587
--- /dev/null
+++ b/src/etc/systemd/system/openvpn@.service.d/10-override.conf
@@ -0,0 +1,13 @@
+[Unit]
+After=
+After=vyos-router.service
+
+[Service]
+WorkingDirectory=
+WorkingDirectory=/run/openvpn
+ExecStart=
+ExecStart=/usr/sbin/openvpn --daemon openvpn-%i --config %i.conf --status %i.status 30 --writepid %i.pid
+User=openvpn
+Group=openvpn
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE