You are not logged in.

Pages: 1

#1 2020-03-14 18:49:48

no-cheating
Member
From: Poland
Registered: 2016-04-26
Posts: 61

openvpn-client service takes very long to run

Problem

I'm using OpenVPN to connect to my employer's VPN. I have config .ovpn file provided by my employer. It's using username/password (not key) authentication.

When I connect manually, by running openvpn /etc/openvpn/client/work.conf everything works fine and I'm prompted for username and password immediately. But when I run systemctl start openvpn-client@work.service instead, I need to wait a minute or even two before I'm prompted for username and password.

I prefer using the service, because I can easily stop it, also enable it on startup. Still waiting so long is irritating and I'd like to get rid of it. Does anyone have a clue how, and why running a service has this timeout, while running openvpn command manually does not?

Debug information

This is my /etc/openvpn/client/work.conf (with sensitive information erased:

client
dev tun
proto udp
remote cvpn-endpoint-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----

</ca>
auth-user-pass
reneg-sec 0

I ran systemctl start openvpn-client@work on 13:41:30. Below is output from journalctl --unit=openvpn-client@work ran after the username prompt has already been displayed. Notice that the first entry is at 13:43:20, which is 110 seconds later. So it looks like OpenVPN was invoked only 110 seconds after I started the service.

Mar 14 13:43:20 robert-laptop systemd[1]: Starting OpenVPN tunnel for work...
Mar 14 13:43:20 robert-laptop openvpn[5900]: OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  3 2020
Mar 14 13:43:20 robert-laptop openvpn[5900]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10

Last edited by no-cheating (2020-03-14 19:46:10)

Offline

Pages: 1

Board footer

Powered by FluxBB