You are not logged in.
Pages: 1
Hi all,
First post here! nice to see such a strong community.
I have got OpenVPN installed (my intention is to use it only in server mode).
The good news is, with a basic configuration, it works. I can connect to my VPN from my android phone with no problems.
The bad news is, I can only get it to work when ran manually using:
$ systemctl start openvpn@server.service
If I try and run it on start up:
$ systemctl enable openvpn@server.service
The command works, but upon reboot, it is not running.
$ systemctl status openvpn@server.service
openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: failed (Result: exit-code) since Sat 2014-07-05 08:29:20 BST; 2min 12s ago
Process: 167 ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid (code=exited, status=1/FAILURE)
if it is ran manually, the status output is:
$ sudo systemctl start openvpn@server.service
$ sudo systemctl status openvpn@server.service
openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: active (running) since Sat 2014-07-05 08:48:08 BST; 16s ago
Process: 277 ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid (code=exited, status=0/SUCCESS)
Main PID: 287 (openvpn)
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
└─287 /usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/server.conf --daemon openvpn@...
....
The server.conf is the very basics until I get this working on startup, if any part of it helps let me know and I will post it. However, I'm not sure it is the config as it starts manually just fine.
The permissions on the config are as such:
$ ls -l /etc/openvpn/server.conf
-rw-r--r-- 1 root root 10374 Jul 5 08:36 /etc/openvpn/server.conf
Hope someone can help!
Offline
You'll need to debug more about why it is failing: https://wiki.archlinux.org/index.php/Sy … emd_errors
Not a Sysadmin issue, moving to NC...
Offline
After following that through,
running journalctl -b _PID=** gives:
openvpn@server[166]: OpenVPN 2.3.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 3 2014
openvpn@server[166]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.08
openvpn@server[166]: Diffie-Hellman initialized with 2048 bit key
openvpn@server[166]: Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
openvpn@server[166]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn@server[166]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn@server[166]: Socket Buffers: R=[212992->131072] S=[212992->131072]
openvpn@server[166]: TCP/UDP: Socket bind failed on local address [AF_INET]192.168.1.2:1194: Cannot assign requested address
openvpn@server[166]: Exiting due to fatal error
So I'm assuming it is trying to start before the static IP has been assigned? If that is the case, how do I get that to happen before this is run? I guess that explains why I can start it manually.
Or is it best to not specify a local IP in the config?
# Which local IP address should OpenVPN
# listen on? (optional)
local 192.168.1.2
Offline
Removing the "Local 192.168.1.2" binding from the configuration file has fixed it. it now starts at boot.
I suppose there is no real benefit even having that line, as the machine only has the one IP anyway.
in any event, it would be nice to know why it is not working with the explicit binding
Offline
You could have the openvpn service wait until the network is up:
After=network-online.target
Wants=network-online.target
Offline
Pages: 1