PDA

View Full Version : open-vpn service not working any more after upgrade fc26->fc27



saeru
19th November 2017, 01:28 PM
open-vpn service not working any more after upgrade fc26->fc27

[root@ system]# systemctl status openvpn-server.service
● openvpn-server.service - OpenVPN service for
Loaded: loaded (/usr/lib/systemd/system/openvpn-server.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sun 2017-11-19 15:24:10 MSK; 3s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 7181 ExecStart=/usr/sbin/openvpn --status /run/openvpn-server/status-.log --status-version 2 --suppress-timestamps --ciph
Main PID: 7181 (code=exited, status=1/FAILURE)

Nov 19 15:24:10 systemd[1]: Failed to start OpenVPN service for .
Nov 19 15:24:10 systemd[1]: openvpn-server.service: Unit entered failed state.
Nov 19 15:24:10 systemd[1]: openvpn-server.service: Failed with result 'exit-code'.

no more errors.. only this..

Zebee
21st November 2017, 11:27 AM
No help. just another data point.

For me it was upgrade from 24 to 25. The working systemd startup failed.

There is a change in where it has to write its pid, but I fixed that but it still fails claiming a timeout.

But if I run the exec line by hand the daemon starts fine and all is well

So if you run the Exec line from your systemd file (/lib/systemd/system/openvpn@<configname>.service) as root on the command line, does your openvpn start and work?

saeru
21st November 2017, 11:40 AM
I found the problem..
/etc/systemd/system/multi-user.target.wants/@openvpn-server.service

the systemd script have not insert %i and %t varibles - it's empty ...

ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC:BF-CBC --config %i.conf

So, I write it manually. So it's working fine now.
ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-server-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --cd /etc/openvpn/ --config server.conf

Zebee
21st November 2017, 11:59 AM
Don't think that's my issue

it isn't in multi user target but it times out if I start it using systemctl start openvpn@vpn-home.service so it is something about the systemd start - maybe it is expecting an exit code and not getting it or something.

run the exec by hand, no issue. start using service or systemctl and no go.

BOBofBORG
8th February 2018, 03:55 PM
Don't think that's my issue

it isn't in multi user target but it times out if I start it using systemctl start openvpn@vpn-home.service so it is something about the systemd start - maybe it is expecting an exit code and not getting it or something.

run the exec by hand, no issue. start using service or systemctl and no go.

Not sure if your still having the issue but i just upgraded and had an issue and was able to fix it.

Seems there were 2 major changes within openvpn
- 2 directories were added into /etc/openvpn. client & server
- Systemd units are now openvpn-client@ and openvpn-server@

I had to copy my config files into the new folder /etc/openvpn/client.
I also had to fix the symlink and rename it to openvpn-client@. If you don't, it doesn't work.