[solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

Convergence · 2014-11-06 01:26:13

I need my computer to automatically connect to my VPN provider when it has network access. This worked perfectly before I went wireless. It seems that the problem is that openvpn tries to connect to my vpn provider before I can even resolve DNS (I'm guessing that my computer/router haven't even finished their handshake yet). When I run (systemctl status openvpn@netctrl.service) it says something like "couldn't resolve address.vpn.provider.com". If I manually restart (systemctl restart openvpn@netctrl.service), then it works perfectly.

So, it seems like there are three potential ways to fix this problem:
1. Configure systemd to not start openvpn until wireless networking is 100% (I read some stuff already, but what I found didn't talk about how to achieve this with netctl, they used a different network daemon--and it seemed problematic)
2. Configure openvpn to be aware of network status, and respond appropriately (this would probably be best if possible, but my googling hasn't been productive at all)
3. Somehow work some magic with netctl. (seems least likely)

Which study path would be most productive? Of course if anyone already knows how to fix this problem, I'm all ears.

Last edited by Convergence (2014-11-20 07:26:39)

hydrosIII · 2014-11-06 06:07:06

You can reorder the start of services in systemd, Also you can make a service depedent in another see: https://wiki.archlinux.org/index.php/systemd in the chapter name dependencies.
Also depending of how your network is configured you could use static routes instead of dhcp to speed up the network when it goes up. Maybe that is the problem relating to wifi, wired connections just negotiate everything faster.

Convergence · 2014-11-07 00:48:08

Thanks for the response! I re-read what I thought were the relevant sections of the wiki, and this is what I came up with: I added "After=netctl@.service" to [units] section of /usr/lib/systemd/system/openvpn@.service. So this is what that file looks like:

[Unit]
Description=OpenVPN connection to %i
After=netctl@.service

[Service]
Type=forking
ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid
PIDFile=/run/openvpn@%i.pid

[Install]
WantedBy=multi-user.target

That didn't seem to work. I still get: "RESOLVE: Cannot resolve host address: " I'll give the static IP thing a shot. I think I'll first undo the changes I made to that unit.

PS: Don't these unit files get overwritten with updates? In this case, that could present a security problem. If I ran a system update, this file was overwritten, I wasn't paying attention, I would connect to the bare internet without realizing it. It really seems like the best place to address this problem would be in the vpn software.

jasonwryan · 2014-11-07 01:00:33

Files in /usr/lib will get overwritten, that is why any customisations should be in /etc/systemd/...

Convergence · 2014-11-07 01:39:40

@JasonWryan: Thanks for clearing that up.

I am giving up for tonight. Embarrassingly I can't get static IP addresses working. I used them for YEARS until I figured that it would be easier to just assign IPs in the router rather than in each client. Before I go, here is my static-wireless-confi:

Description='A simple WPA encrypted wireless connection using a static IP'
Interface=wlp4s0
Connection=wireless
Security=wpa
ESSID='MyWirelessNetwork'
Key='12345'
IP=static
Address='192.168.1.14'
Gateway='192.168.1.1'
DNS=('209.222.18.222')
# Uncomment this if your ssid is hidden
#Hidden=yes

Any obvious errors there?

By the way, my essid and pw have been altered of course, that's the combination to my luggage. (space balls reference)

Last edited by Convergence (2014-11-07 01:41:03)

jasonwryan · 2014-11-07 02:19:23

I don't use netctl, so someone else will have to comment on your config.

You do need to make sure that your router is assigning that IP address, though...

hydrosIII · 2014-11-07 19:34:12

I dont use netctl either, but i think you have to setup the netmask:

netmask 255.255.255.0

or the one you are using, also setting up the broadcast address won't hurt either.

broadcast 192.168.1.254

Obviously the sintax is not like the one above, it is just an example , also the DNS in LAN tend to be the router, for checking what is the correct DNS, do a dchp connection and then check the /etc/resolv.conf, just copy the namerserver address that it is in there.

Check the netctl wiki: https://wiki.archlinux.org/index.php/ne … rom_netcfg

Convergence · 2014-11-20 07:26:15

I messed with it and messed with it. Finally I decided to use NetworkManager, and everything works fine now. Thanks for the help guys.

Arch Linux

#1 2014-11-06 01:26:13

[solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

#2 2014-11-06 06:07:06

Re: [solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

#3 2014-11-07 00:48:08

Re: [solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

#4 2014-11-07 01:00:33

Re: [solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

#5 2014-11-07 01:39:40

Re: [solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

#6 2014-11-07 02:19:23

Re: [solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

#7 2014-11-07 19:34:12

Re: [solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

#8 2014-11-20 07:26:15

Re: [solved]Openvpn + Netctl + Systemd (possibly a systemd timing problem)

Board footer