You are not logged in.

Pages: 1

#1 2018-04-03 17:25:27

geekinthesticks
Member
From: England
Registered: 2011-09-21
Posts: 143
Website

[solved] Openvpn Service Can't Find Keys.

I have a server where openvpn worked fine, but I haven't used it for a while, so I disabled the service. I have now re-enabled the service and get the following error when I start it:

Apr 03 17:17:41 mail2.wilkesley.net systemd[1]: Starting OpenVPN service for server...
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: Options error: --dh fails with '/root/easy-rsa/keys/dh2048.pem': No such file or directory (errno=2)
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: Options error: --ca fails with '/root/easy-rsa/keys/ca.crt': No such file or directory (errno=2)
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: Options error: --cert fails with '/root/easy-rsa/keys/wilkesley.org.crt': No such file or directory (errn>
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: WARNING: cannot stat file '/root/easy-rsa/keys/wilkesley.org.key': No such file or directory (errno=2)
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: Options error: --key fails with '/root/easy-rsa/keys/wilkesley.org.key': No such file or directory (errno>
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: WARNING: cannot stat file '/etc/openvpn/keys/ta.key': No such file or directory (errno=2)
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: Options error: --tls-auth fails with '/etc/openvpn/keys/ta.key': No such file or directory (errno=2)
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: Options error: Please correct these errors.
Apr 03 17:17:41 mail2.wilkesley.net openvpn[21925]: Use --help for more information.
Apr 03 17:17:41 mail2.wilkesley.net systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
Apr 03 17:17:41 mail2.wilkesley.net systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Apr 03 17:17:41 mail2.wilkesley.net systemd[1]: Failed to start OpenVPN service for server.

The files exist in the correct place:

[root@mail2 server]# ls -la /root/easy-rsa/keys/dh2048.pem
-rw------- 1 root root 424 Jun  4  2016 /root/easy-rsa/keys/dh2048.pem

If I start the server from the command line, rather than systemd it starts correctly:

[root@mail2 server]# openvpn server.conf
Tue Apr  3 17:24:05 2018 OpenVPN 2.4.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar  1 2018
Tue Apr  3 17:24:05 2018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.10
Tue Apr  3 17:24:05 2018 Diffie-Hellman initialized with 2048 bit key
Tue Apr  3 17:24:05 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr  3 17:24:05 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr  3 17:24:05 2018 ROUTE_GATEWAY 176.58.110.1/255.255.255.0 IFACE=enp0s4 HWADDR=f2:3c:91:56:f0:0f
Tue Apr  3 17:24:05 2018 TUN/TAP device tun0 opened
Tue Apr  3 17:24:05 2018 TUN/TAP TX queue length set to 100
Tue Apr  3 17:24:05 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Apr  3 17:24:05 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Tue Apr  3 17:24:05 2018 /usr/bin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Tue Apr  3 17:24:05 2018 /usr/bin/ip route add 10.8.0.0/24 via 10.8.0.2
Tue Apr  3 17:24:05 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Apr  3 17:24:05 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Apr  3 17:24:05 2018 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Apr  3 17:24:05 2018 UDPv4 link remote: [AF_UNSPEC]
Tue Apr  3 17:24:05 2018 GID set to nobody
Tue Apr  3 17:24:05 2018 UID set to nobody
Tue Apr  3 17:24:05 2018 MULTI: multi_init called, r=256 v=256
Tue Apr  3 17:24:05 2018 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Apr  3 17:24:05 2018 ifconfig_pool_read(), in='client.wilkesley.org,10.8.0.4', TODO: IPv6
Tue Apr  3 17:24:05 2018 succeeded -> ifconfig_pool_set()
Tue Apr  3 17:24:05 2018 IFCONFIG POOL LIST
Tue Apr  3 17:24:05 2018 client.wilkesley.org,10.8.0.4
Tue Apr  3 17:24:05 2018 Initialization Sequence Completed

So what am I doing wrong?

Last edited by geekinthesticks (2018-04-04 07:33:31)

Offline

#2 2018-04-03 19:14:13

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,597
Website

Re: [solved] Openvpn Service Can't Find Keys.

You don't have the files where openvpn expects them... read you own output.  Carefully follow the openvpn wiki page.

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#3 2018-04-04 07:10:24

geekinthesticks
Member
From: England
Registered: 2011-09-21
Posts: 143
Website

Re: [solved] Openvpn Service Can't Find Keys.

I am probably being especially dumb here, but the files exist for all the "No such file or directory (errno=2)" errors in the directory where systemd says they don't exist. Also, I can start openvpn server from the command line using the same configuration file. I only get the errors when trying to start the service using systemd.

Offline

#4 2018-04-04 07:32:55

geekinthesticks
Member
From: England
Registered: 2011-09-21
Posts: 143
Website

Re: [solved] Openvpn Service Can't Find Keys.

OK, finally solved it. Looking at the systemd file:

WorkingDirectory=/etc/openvpn/server

Moving the keys to /etc/openvpn/server/keys fixed it. I guess that openvpn expects to find the keys somewhere in the WorkingDirectory, or  sub directory.

Offline

Pages: 1

Board footer

Powered by FluxBB