You are not logged in.
*EDIT* The path of the config file is an error, Needs to be
/etc/openvpn/client/x.conf
and the following user / group / access mask works, it doesn't need the full access I set for tests as mentioned in the lower post.
-rw-rw---- 1 openvpn network 1.7K Feb 15 09:40 x.conf
I have
/etc/openvpn/x.conf
if I run
openvpn /etc/openvpn/x.conf
It correctly sets up tunnel, and traffic is routed out. However if I run
systemctl start openvpn-client@x.service
I get the following
Job for openvpn-client@x.service failed because the control process exited with error code.
See "systemctl status openvpn-client@x.service" and "journalctl -xeu openvpn-client@x.service" for details.
systemctl status openvpn-client@x.service (with time and computer name removed)
systemd[1]: Starting OpenVPN tunnel for x...
openvpn[33543]: Options error: In [CMD-LINE]:1: Error opening configuration file: x.conf
openvpn[33543]: Use --help for more information.
systemd[1]: openvpn-client@x.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: openvpn-client@x.service: Failed with result 'exit-code'.
systemd[1]: Failed to start OpenVPN tunnel for x.
This first let me on to think couldn't read the file, but moving on to journalctl -xeu openvpn-client@x.service (with time, computer name and weblinks removed)
systemd[1]: Starting OpenVPN tunnel for x...
░░ Subject: A start job for unit openvpn-client@x.service has begun execution
░░ The job identifier is 697.
openvpn[510]: Options error: In [CMD-LINE]:1: Error opening configuration file: x.conf
openvpn[510]: Use --help for more information.
systemd[1]: openvpn-client@x.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ The process' exit code is 'exited' and its exit status is 1.
systemd[1]: openvpn-client@x.service: Failed with result 'exit-code'.
░░ The unit openvpn-client@x.service has entered the 'failed' state with result 'exit-code'.
systemd[1]: Failed to start OpenVPN tunnel for x.
░░ Subject: A start job for unit openvpn-client@x.service has failed
░░ The job identifier is 697 and the job result is failed.
Looks like it is the creation / opening of the tunnel that fails.
Turning iptables policies to accept makes no difference. So not firewall blocking.
Just updated openVPN while writing this post, there was an openvpn update, but after reboot still this problem.
Last edited by Chewie (2024-02-15 09:55:55)
Offline
The respecive config file needs to be readable by the openvpn user and / or group.
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
-rwxrwxrwx 1 openvpn openvpn 1.7K Feb 15 04:52 /etc/openvpn/x.conf
*EDIT* Hit me I actually hadn't checked /etc and /etc/openvpn for permissions.
drwxr-xr-x 63 root root 4.0K Feb 15 05:26 etc
drwxr-xr-x 4 root root 4.0K Feb 15 04:52 openvpn
Last edited by Chewie (2024-02-15 07:21:18)
Offline
Also, the client config needs to be inside of /etc/openvpn/client, not /etc/openvpn.
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
That was it, thank you. I have put it in top of the original post, together with a reduced access mask I tested works.
Offline