You are not logged in.
I'm trying to set up a systemd service such that a VPN connection is established upon logging in or booting the PC -- either option is fine with me, whichever makes the most sense and is most convenient to set up. Right now; I'm going for a connection upon boot.
I have a working OpenVPN .conf file:
❯ sudo ls -la /etc/openvpn/client
total 12
drwxr-x--- 1 openvpn network 66 Jun 17 21:12 .
drwxr-xr-x 1 root root 38 May 30 17:15 ..
-rwxr-xr-x 1 root root 5293 Jun 10 20:56 something.protonvpn.udp.conf
-r-------- 1 root root 50 Jun 17 21:12 login.confSince the user credentials for ProtonVPN are rather random (by design), I set up the openvpn file to read the credentials from a file (login.conf). I can successfully start the VPN by running:
sudo openvpn ./client/something.protonvpn.udp.confHowever, only root-readable login.conf seems to be too strict. When trying to start it as a service, I encounter the following permission denied error:
❯ sudo systemctl enable --now openvpn-client@something.protonvpn.udp.service
Job for openvpn-client@something.protonvpn.udp.service failed because the control process exited with error code.
See "systemctl status openvpn-client@something.protonvpn.udp.service" and "journalctl -xeu openvpn-client@something.protonvpn.udp.service" for details.Journalctl provides the following details:
Jul 08 02:24:30 archlinux systemd[1]: Starting OpenVPN tunnel for something.protonvpn.udp...
░░ Subject: A start job for unit openvpn-client@something.protonvpn.udp.service has begun execution
░░ Defined-By: systemd
░░ Support: [url]https://lists.freedesktop.org/mailman/listinfo/systemd-devel[/url]
░░
░░ A start job for unit openvpn-client@something.protonvpn.udp.service has begun execution.
░░
░░ The job identifier is 13369.
Jul 08 02:24:30 archlinux openvpn[66211]: Options error: --auth-user-pass fails with '/etc/openvpn/client/login.conf': Permission denied (errno=13)
Jul 08 02:24:30 archlinux openvpn[66211]: Options error: Please correct these errors.
Jul 08 02:24:30 archlinux openvpn[66211]: Use --help for more information.
Jul 08 02:24:30 archlinux systemd[1]: openvpn-client@something.protonvpn.udp.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: [url]https://lists.freedesktop.org/mailman/listinfo/systemd-devel[/url]
░░
░░ An ExecStart= process belonging to unit openvpn-client@something.protonvpn.udp.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jul 08 02:24:30 archlinux systemd[1]: openvpn-client@something.protonvpn.udp.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: [url]https://lists.freedesktop.org/mailman/listinfo/systemd-devel[/url]
░░
░░ The unit openvpn-client@something.protonvpn.udp.service has entered the 'failed' state with result 'exit-code'.
Jul 08 02:24:30 archlinux systemd[1]: Failed to start OpenVPN tunnel for something.protonvpn.udp.
░░ Subject: A start job for unit openvpn-client@something.protonvpn.udp.service has failed
░░ Defined-By: systemd
░░ Support: [url]https://lists.freedesktop.org/mailman/listinfo/systemd-devel[/url]
░░
░░ A start job for unit openvpn-client@something.protonvpn.udp.service has finished with a failure.
░░
░░ The job identifier is 13369 and the job result is failed.So my questions around this are:
1. Which file permissions do I need to assign to login.conf so that the service would work?
2. Which users/processes need read access for such a service to work?
3. Why does it work when invoking it directly, but not as a service?
Many thanks in advance for any pointers.
Last edited by bgmeulem (2024-08-05 11:13:54)
Offline
From /usr/lib/systemd/system/openvpn-client@.service
User=openvpn
Group=network1. 600 for permissions and openvpn:openvpn as owner
2. user openvpn and process openvpn
3. you run it as root (also the root is owner for auth file and permissions are 600)
Offline
Perfect answer, thanks! It works now. Marking as solved.
Offline