3 files changed, 23 insertions, 5 deletions

diff --git a/usr/lib/systemd/system/anytun-control@.service b/usr/lib/systemd/system/anytun-control@.service
index e8a2289..4a4fd5e 100644
--- a/usr/lib/systemd/system/anytun-control@.service
+++ b/usr/lib/systemd/system/anytun-control@.service
@@ -1,7 +1,9 @@
 [Unit]
-Description=secure anycast tunneling config daemon
-After=syslog.target network.target
+Description=secure anycast tunneling config daemon for %i
+PartOf=anytun.service
+ReloadPropagatedFrom=anytun.service
 Requires=anytun@%i.service
+Documentation=man:anytun-controld(8)
 
 [Service]
 Type=simple
diff --git a/usr/lib/systemd/system/anytun.service b/usr/lib/systemd/system/anytun.service
new file mode 100644
index 0000000..46386f4
--- /dev/null
+++ b/usr/lib/systemd/system/anytun.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Anytun Service
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecReload=/bin/true
+WorkingDirectory=/etc/anytun
+
+[Install]
+WantedBy=multi-user.target
diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service
index 70fbd17..4b09163 100644
--- a/usr/lib/systemd/system/anytun@.service
+++ b/usr/lib/systemd/system/anytun@.service
@@ -1,6 +1,8 @@
 [Unit]
-Description=secure anycast tunneling daemon
-After=syslog.target network.target
+Description=secure anycast tunneling daemon for %i
+PartOf=anytun.service
+ReloadPropagatedFrom=anytun.service
+Documentation=man:anytun(8)
 
 [Service]
 Type=simple
@@ -9,9 +11,10 @@ Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun"
 ExecStart=/usr/local/lib/anytun-launcher vpn
 Restart=on-failure
 PrivateTmp=yes
-PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=yes
+DeviceAllow=/dev/net/tun rw
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target