The "ExecReload=+/bin/kill" way of reloading without needing extra caps seems sensible. That said, I'm wondering what's the use case for a reload instead of a restart as man openvpn(8) describes what happens on SIGHUP:
SIGNALS
SIGHUP Cause OpenVPN to close all TUN/TAP and network connections, restart, re-read the
configuration file (if any), and reopen TUN/TAP and network connections.
I'm wondering how it is possible when OpenVPN downgraded UID/GID? Maybe it works when using the openvpn-plugin-down-root.so plugin?
The "ExecReload= +/bin/kill" way of reloading without needing extra caps seems sensible. That said, I'm wondering what's the use case for a reload instead of a restart as man openvpn(8) describes what happens on SIGHUP:
SIGNALS
SIGHUP Cause OpenVPN to close all TUN/TAP and network connections, restart, re-read the
configuration file (if any), and reopen TUN/TAP and network connections.
I'm wondering how it is possible when OpenVPN downgraded UID/GID? Maybe it works when using the openvpn- plugin- down-root. so plugin?