You are not logged in.

#1 2014-07-05 07:52:39

alecl
Member
Registered: 2014-07-05
Posts: 3

OpenVPN Server working but not at startup!

Hi all,

First post here! nice to see such a strong community.

I have got OpenVPN installed (my intention is to use it only in server mode).

The good news is, with a basic configuration, it works. I can connect to my VPN from my android phone with no problems.

The bad news is, I can only get it to work when ran manually using:

$ systemctl start openvpn@server.service

If I try and run it on start up:

$ systemctl enable openvpn@server.service

The command works, but upon reboot, it is not running.

$ systemctl status openvpn@server.service
   openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
   Active: failed (Result: exit-code) since Sat 2014-07-05 08:29:20 BST; 2min 12s ago
  Process: 167 ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid (code=exited, status=1/FAILURE)

if it is ran manually, the status output is:

$ sudo systemctl start openvpn@server.service

$ sudo systemctl status openvpn@server.service
   openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
   Active: active (running) since Sat 2014-07-05 08:48:08 BST; 16s ago
  Process: 277 ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid (code=exited, status=0/SUCCESS)
 Main PID: 287 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─287 /usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/server.conf --daemon openvpn@...

....

The server.conf is the very basics until I get this working on startup, if any part of it helps let me know and I will post it. However, I'm not sure it is the config as it starts manually just fine.

The permissions on the config are as such:

$ ls -l /etc/openvpn/server.conf
-rw-r--r-- 1 root root 10374 Jul  5 08:36 /etc/openvpn/server.conf

Hope someone can help!

Offline

#2 2014-07-05 08:00:39

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 27,517
Website

Re: OpenVPN Server working but not at startup!

You'll need to debug more about why it is failing: https://wiki.archlinux.org/index.php/Sy … emd_errors


Not a Sysadmin issue, moving to NC...


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#3 2014-07-05 08:09:43

alecl
Member
Registered: 2014-07-05
Posts: 3

Re: OpenVPN Server working but not at startup!

After following that through,

running journalctl -b _PID=** gives:

openvpn@server[166]: OpenVPN 2.3.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May  3 2014
openvpn@server[166]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.08
openvpn@server[166]: Diffie-Hellman initialized with 2048 bit key
openvpn@server[166]: Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
openvpn@server[166]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn@server[166]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn@server[166]: Socket Buffers: R=[212992->131072] S=[212992->131072]
openvpn@server[166]: TCP/UDP: Socket bind failed on local address [AF_INET]192.168.1.2:1194: Cannot assign requested address
openvpn@server[166]: Exiting due to fatal error

So I'm assuming it is trying to start before the static IP has been assigned? If that is the case, how do I get that to happen before this is run? I guess that explains why I can start it manually.

Or is it best to not specify a local IP in the config?

# Which local IP address should OpenVPN
# listen on? (optional)
local 192.168.1.2

Offline

#4 2014-07-05 09:29:39

alecl
Member
Registered: 2014-07-05
Posts: 3

Re: OpenVPN Server working but not at startup!

Removing the "Local 192.168.1.2" binding from the configuration file has fixed it. it now starts at boot.

I suppose there is no real benefit even having that line, as the machine only has the one IP anyway.

in any event, it would be nice to know why it is not working with the explicit binding

Offline

#5 2014-07-05 09:32:27

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 27,517
Website

Re: OpenVPN Server working but not at startup!

You could have the openvpn service wait until the network is up:

After=network-online.target
Wants=network-online.target

Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

Board footer

Powered by FluxBB