View Full Version : open-vpn service not working any more after upgrade fc26->fc27

19th November 2017, 01:28 PM
open-vpn service not working any more after upgrade fc26->fc27

[root@ system]# systemctl status openvpn-server.service
● openvpn-server.service - OpenVPN service for
Loaded: loaded (/usr/lib/systemd/system/openvpn-server.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sun 2017-11-19 15:24:10 MSK; 3s ago
Docs: man:openvpn(8)
Process: 7181 ExecStart=/usr/sbin/openvpn --status /run/openvpn-server/status-.log --status-version 2 --suppress-timestamps --ciph
Main PID: 7181 (code=exited, status=1/FAILURE)

Nov 19 15:24:10 systemd[1]: Failed to start OpenVPN service for .
Nov 19 15:24:10 systemd[1]: openvpn-server.service: Unit entered failed state.
Nov 19 15:24:10 systemd[1]: openvpn-server.service: Failed with result 'exit-code'.

no more errors.. only this..

21st November 2017, 11:27 AM
No help. just another data point.

For me it was upgrade from 24 to 25. The working systemd startup failed.

There is a change in where it has to write its pid, but I fixed that but it still fails claiming a timeout.

But if I run the exec line by hand the daemon starts fine and all is well

So if you run the Exec line from your systemd file (/lib/systemd/system/openvpn@<configname>.service) as root on the command line, does your openvpn start and work?

21st November 2017, 11:40 AM
I found the problem..

the systemd script have not insert %i and %t varibles - it's empty ...

ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC:BF-CBC --config %i.conf

So, I write it manually. So it's working fine now.
ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-server-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --cd /etc/openvpn/ --config server.conf

21st November 2017, 11:59 AM
Don't think that's my issue

it isn't in multi user target but it times out if I start it using systemctl start openvpn@vpn-home.service so it is something about the systemd start - maybe it is expecting an exit code and not getting it or something.

run the exec by hand, no issue. start using service or systemctl and no go.