diff -Nur --no-dereference smeserver-openvpn-bridge-2.1.old/createlinks smeserver-openvpn-bridge-2.1/createlinks
--- smeserver-openvpn-bridge-2.1.old/createlinks	2021-03-23 15:47:30.917000000 -0400
+++ smeserver-openvpn-bridge-2.1/createlinks	2021-03-23 16:04:59.303000000 -0400
@@ -6,15 +6,6 @@
 safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/openvpn-bridge");
 safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/openvpn-bridge");
 
-#service_link_enhanced("openvpn-bridge", "S80", "7");
-#service_link_enhanced("openvpn-bridge", "K25", "6");
-#service_link_enhanced("openvpn-bridge", "K25", "0");
-
-
-#safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/openvpn-bridge');
-safe_symlink("/var/service/openvpn-bridge" , 'root/service/openvpn-bridge');
-
-safe_touch("root/var/service/openvpn-bridge/down");
 
 panel_link("openvpnbridge", 'manager');
 
@@ -46,8 +37,8 @@
 }
 
 #action needed in case we have a systemd unit
-event_link("systemd-default", $event, "10");
-event_link("systemd-reload", $event, "50");
+event_link("systemd-default", $event, "88");
+event_link("systemd-reload", $event, "89");
 
 #action specific to this package
 event_link("openvpn-bridge-update", $event, "60");
diff -Nur --no-dereference smeserver-openvpn-bridge-2.1.old/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/cipher smeserver-openvpn-bridge-2.1/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/cipher
--- smeserver-openvpn-bridge-2.1.old/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/cipher	1969-12-31 19:00:00.000000000 -0500
+++ smeserver-openvpn-bridge-2.1/root/etc/e-smith/db/configuration/defaults/openvpn-bridge/cipher	2021-03-23 16:37:14.278000000 -0400
@@ -0,0 +1 @@
+AES-256-CBC
diff -Nur --no-dereference smeserver-openvpn-bridge-2.1.old/root/usr/lib/systemd/system/openvpn-bridge.service smeserver-openvpn-bridge-2.1/root/usr/lib/systemd/system/openvpn-bridge.service
--- smeserver-openvpn-bridge-2.1.old/root/usr/lib/systemd/system/openvpn-bridge.service	2021-03-23 15:47:30.918000000 -0400
+++ smeserver-openvpn-bridge-2.1/root/usr/lib/systemd/system/openvpn-bridge.service	2021-03-23 16:42:01.732000000 -0400
@@ -1,9 +1,27 @@
 [Unit]
 Description=OpenVPN Server to Server
 After=network.service
+After=bridge.service
+Requires=bridge.service
+
 [Service]
-Type=forking
-ExecStart=/usr/sbin/systemd/openvpn-bridge
+Type=notify
+PrivateTmp=true
+WorkingDirectory=/etc/openvpn/bridge
+
+ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-bridge/status.log --status-version 2 --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config /etc/openvpn/bridge/openvpn.conf --cd /etc/openvpn/bridge 
+
+PrivateTmp=true
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+LimitNPROC=10
+DeviceAllow=/dev/null rw
+DeviceAllow=/dev/net/tun rw
+ProtectSystem=true
+ProtectHome=true
+KillMode=process
+RestartSec=5s
+Restart=on-failure
+
 [Install]
 WantedBy=sme-server.target
 
diff -Nur --no-dereference smeserver-openvpn-bridge-2.1.old/root/usr/sbin/systemd/openvpn-bridge smeserver-openvpn-bridge-2.1/root/usr/sbin/systemd/openvpn-bridge
--- smeserver-openvpn-bridge-2.1.old/root/usr/sbin/systemd/openvpn-bridge	2021-03-23 15:47:30.918000000 -0400
+++ smeserver-openvpn-bridge-2.1/root/usr/sbin/systemd/openvpn-bridge	1969-12-31 19:00:00.000000000 -0500
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-exec 2>&1
-
-exec /usr/sbin/openvpn --config /etc/openvpn/bridge/openvpn.conf --cd /etc/openvpn/bridge
diff -Nur --no-dereference smeserver-openvpn-bridge-2.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm smeserver-openvpn-bridge-2.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm
--- smeserver-openvpn-bridge-2.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm	2013-11-11 12:27:02.000000000 -0500
+++ smeserver-openvpn-bridge-2.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpnbridge.pm	2021-03-23 16:42:01.498000000 -0400
@@ -650,7 +650,8 @@
     }
     print KEY $key;
     close KEY;
-
+    chmod(0600, "$privdir/key.pem" );
+    esmith::util::chownFile("root", "root","$privdir/key.pem" );
     if (! open (DH, ">$pubdir/dh.pem")){
         $fm->error('ERROR_OPEN_DH','FIRST');
         # Tell the user something bad has happened
@@ -666,6 +667,8 @@
     }
     print TA $ta;
     close TA;
+    chmod(0600, "$privdir/takey.pem" );
+    esmith::util::chownFile("root", "root","$privdir/takey.pem" );
 
     # Restrict permissions on sensitive data
     esmith::util::chownFile("root", "root","$privdir");
diff -Nur --no-dereference smeserver-openvpn-bridge-2.1.old/root/var/service/openvpn-bridge/log/run smeserver-openvpn-bridge-2.1/root/var/service/openvpn-bridge/log/run
--- smeserver-openvpn-bridge-2.1.old/root/var/service/openvpn-bridge/log/run	2013-11-11 12:27:02.000000000 -0500
+++ smeserver-openvpn-bridge-2.1/root/var/service/openvpn-bridge/log/run	1969-12-31 19:00:00.000000000 -0500
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-#----------------------------------------------------------------------
-# copyright (C) 2003-2006 Mitel Networks Corporation
-# 
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#               
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#               
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
-#----------------------------------------------------------------------
-exec                                    \
-    /usr/local/bin/setuidgid smelog     \
-    /usr/local/bin/multilog t s5000000  \
-    /var/log/openvpn-bridge
diff -Nur --no-dereference smeserver-openvpn-bridge-2.1.old/root/var/service/openvpn-bridge/run smeserver-openvpn-bridge-2.1/root/var/service/openvpn-bridge/run
--- smeserver-openvpn-bridge-2.1.old/root/var/service/openvpn-bridge/run	2013-11-11 12:27:01.000000000 -0500
+++ smeserver-openvpn-bridge-2.1/root/var/service/openvpn-bridge/run	1969-12-31 19:00:00.000000000 -0500
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-exec 2>&1
-
-BRIDGE=$(/sbin/e-smith/db configuration getprop bridge status)
-
-[ $BRIDGE == 'enabled' ] || exit 1
-
-exec /usr/sbin/openvpn --config /etc/openvpn/bridge/openvpn.conf --cd /etc/openvpn/bridge
-