mvpg/configs/systemd/vpn-killswitch.service

[Unit]
Description=VPN Killswitch - Permanent Network Protection
Documentation=https://github.com/yourusername/vpn-gateway
DefaultDependencies=no
Before=network-pre.target
Wants=network-pre.target

# This service MUST start before networking
After=local-fs.target

[Service]
Type=oneshot
RemainAfterExit=yes

# Execute killswitch enable
ExecStart=/usr/local/bin/vpn-killswitch.sh enable

# On reload, restart the killswitch
ExecReload=/usr/local/bin/vpn-killswitch.sh restart

# On stop, we still keep killswitch active for security
ExecStop=/bin/echo "Killswitch remains active for security"

# Logging
StandardOutput=journal
StandardError=journal

# Security
User=root
Group=root

# We want this to always succeed
SuccessExitStatus=0 1

[Install]
# Critical: Start at earliest possible stage
WantedBy=sysinit.target
RequiredBy=network.target
New branch 2025-08-10 15:34:34 +02:00			`[Unit]`
			`Description=VPN Killswitch - Permanent Network Protection`
			`Documentation=https://github.com/yourusername/vpn-gateway`
			`DefaultDependencies=no`
			`Before=network-pre.target`
			`Wants=network-pre.target`

			`# This service MUST start before networking`
			`After=local-fs.target`

			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=yes`

			`# Execute killswitch enable`
			`ExecStart=/usr/local/bin/vpn-killswitch.sh enable`

			`# On reload, restart the killswitch`
			`ExecReload=/usr/local/bin/vpn-killswitch.sh restart`

			`# On stop, we still keep killswitch active for security`
			`ExecStop=/bin/echo "Killswitch remains active for security"`

			`# Logging`
			`StandardOutput=journal`
			`StandardError=journal`

			`# Security`
			`User=root`
			`Group=root`

			`# We want this to always succeed`
			`SuccessExitStatus=0 1`

			`[Install]`
			`# Critical: Start at earliest possible stage`
			`WantedBy=sysinit.target`
			`RequiredBy=network.target`