FedoraForum.org - Fedora Support Forums and Community
Page 1 of 3 1 2 3 LastLast
Results 1 to 15 of 33
  1. #1
    Join Date
    Nov 2011
    Posts
    11

    Question F16 - how to get openvpn running as a daemon/service

    Hello,

    I can not find any documentation how one is supposed to run openvpn as a daemon/service in Fedora 16.

    I would like to have openvpn running as a service as soon as the F16 machine is up so I can connect to it from a remote location.
    With most services moved to systemd in Fedora 16 i checked both chkconfig --list and systemctl -all, but did not find anything to configure that openvpn should be started.

    What is the 'intended' way to set this up in Fedora 16 ?

  2. #2
    Join Date
    Apr 2004
    Posts
    194

    Re: F16 - how to get openvpn running as a daemon/service

    i second the motion. i thought that if a vpn connection under NetworkManager was a 'system' connection and stored its secrets unencrypted (in a protected file), that it was supposed to be automatically activated at boot time. but even as of FC16, that does not appear to be the case.

    i'd like to see a statement from the NetworkManager guys about when we can have vpn connections activated at boot time without a login.

    /mark

  3. #3
    Join Date
    Nov 2008
    Location
    Canada
    Posts
    2,719

    Re: F16 - how to get openvpn running as a daemon/service

    I can not find any documentation how one is supposed to run openvpn as a daemon/service in Fedora 16.
    Lots of documentation over here http://openvpn.net/ . Sorry but I can't hold your hand today.

  4. #4
    Join Date
    Nov 2011
    Posts
    11

    Question Re: F16 - how to get openvpn running as a daemon/service

    Quote Originally Posted by beaker_
    Lots of documentation over here http://openvpn.net/ . Sorry but I can't hold your hand today.
    Getting openvpn to 'work' was not the issue (which is what the documentation on the openvpn website you referred to is addressing imho). openvpn is working fine for me when started manually.

    I am looking for documentation on how to get openvpn running automatically, which seems a systemd and/or F16 specific topic. This seems not covered by documentation on openvpn.net. I could add/script something myself, but I would prefer to adhere to the method intended by the people who put the Fedora 16 distribution together.
    Please hold my hand

  5. #5
    Join Date
    Nov 2008
    Location
    Canada
    Posts
    2,719

    Re: F16 - how to get openvpn running as a daemon/service

    Well, now let me buy you a drink first. openvpn (many others for that matter) and systemd don't or didn't play nice in F15 & systemd. However opensuse released a patch months ago for openvpn. Argh... I see what you mean. What a piece of @#$!.

    Dump the command into rc.local and maybe cron something to periodically check and restart it.

    ---------- Post added at 04:04 PM ---------- Previous post was at 03:58 PM ----------

    Sorry for the double post but I see something there for it. I'm digging into it.

    ---------- Post added at 04:11 PM ---------- Previous post was at 04:04 PM ----------

    Yeah that's what I feared. From hear it looks like it won't run as a service and it's tied into network manager. Someone has a sense of humour. Use Network Manager's applet and define your vpn(s) as "system connections' & available to all users, same is true for your nic, then hope it works. If not; copy or rebuild the init scripts from F14 to restore it as a SysV service.

  6. #6
    Join Date
    Apr 2004
    Posts
    194

    Re: F16 - how to get openvpn running as a daemon/service

    i have seen suggestions that setting up your vpn as a 'system' vpn (which implies that is available to all users) using unencrypted secrets (so that no keyring need be consulted in order to decrypt the vpn connection info) should allow it to be automatically started at boot time.

    but i have NEVER seen that work ever under any version of fedora (14, 15, and now 16).

    i'd love to see a definitive statement from the NetworkManager crew about whether it should
    work or not.

  7. #7
    Join Date
    Nov 2008
    Location
    Canada
    Posts
    2,719

    Re: F16 - how to get openvpn running as a daemon/service

    Openvpn can run as a service in Fedora 14. NetworkManager not required.

    Note. All my keys are encrypted.

    I see two prerequisites (default location and selinux context) to your keys & certs but it just doesn't start automatically. And all users must be-able to reach your keys & cert. Assuming you don't want to drop your tunnel ie., cnetworkmanager could be a band-aid but I have no confidence in either.

    I can start it manually and it will behave as a system-connection. Maybe you can create a ifcfg-(?) in /etc/NetworkManager/system-connections to make it fly straight. But, personally, I'd sooner rewrite the SysV init scripts and watch systemd chock on it.

  8. #8
    Join Date
    Mar 2009
    Location
    Broomfield, CO
    Posts
    438

    Re: F16 - how to get openvpn running as a daemon/service

    ln -s /lib/systemd/system/openvpn@.service /etc/systemd/system/multi-user.target.wants/openvpn@<yourconfignamehere>.service

    Then:

    systemctl start openvpn@<yourconfignamehere>.service

    where <yourconfignamehere> is /etc/openvpn/yourconfigname.conf

    Theres a systemd bug still about enabling them right on boot. I think it works, but the status messages are messed up currently. Anyhow, the above should get it running.

  9. #9
    Join Date
    Dec 2007
    Posts
    249

    Re: F16 - how to get openvpn running as a daemon/service

    High I certainly am no expert and I'm not sure if this is any good but I managed to get vpn pppd up and running at boot in f16 the same way I had it running in f15. After setting up the vpn config files esp in /etc/ppp/peers/vpn I then could log into my vpn by command line like
    pppd call vpn
    route add default dev ppp0

    I finally put pppd add vpn in a script in /etc/init.d/ (but without the route command) called it vpn, made it executable and sudo chkconfig --add vpn.
    I then added 'route add default dev pp0' to /etc/ppp/ip-up.local. Rebooted and vpn was up automatically.

    Now this was done by trial and error so don't ask tech questions but bottom line is I got it up and running at boot.

  10. #10
    Join Date
    Nov 2005
    Location
    Brisbane
    Posts
    26

    Re: F16 - how to get openvpn running as a daemon/service

    Having worked through this issue on my vpn server the solution I found was in a Bugzilla report: https://bugzilla.redhat.com/show_bug.cgi?id=744244

    The sequence was:

    1. Start the service

    #systemctl start openvpn@server.service

    The important thing is that the name of the openvpn config file you wish to use is the one placed after the @. In my case my server config file is named "server.conf"

    Once the service was running I could then add a link.

    # ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/openvpn\@server.service

    Next I re-enabled selinux and it broke.

    In my directory searches before, that file was not there. My assumption is that when I ran the service for the first time it created it. I found the command that nirik had posted above in the thread and tried it with no success. It worked after I ran the service for the first time.
    Next I reloaded the daemon

    #systemctl daemon-reload

    Then checked it was still working

    [root@vpn ~]# systemctl status openvpn@server.service
    openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
    Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled)
    Active: active (running) since Mon, 12 Dec 2011 21:34:41 +1000; 2min 16s ago
    Main PID: 14553 (openvpn)
    CGroup: name=systemd:/system/openvpn@.service/server
    14553 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --cd /etc/openvpn/ --config server.conf
    Last edited by au_squirrel; 12th December 2011 at 12:55 PM.
    ASUS Sabertooth Z170
    Intel i7
    16G Ram
    F 25 - Windows 10
    Thermaltake Core P5 Open Case watercooled on the wall.

  11. #11
    Join Date
    Nov 2008
    Location
    Canada
    Posts
    2,719

    Re: F16 - how to get openvpn running as a daemon/service

    You do know that you could have started the service out of rc.local right?

    systemctl restart openpvn@WHATEVER.service

  12. #12
    Join Date
    Nov 2005
    Location
    Brisbane
    Posts
    26

    Re: F16 - how to get openvpn running as a daemon/service

    True I could have done that and it would have been a quick and simple solution. What I was trying to do was integrate it into the systemctl the way all the other packages have mostly been done for consistency.

    The base yum install on FC 16 did not completely integrate the package into systemctl. The normal process for enabling a package:

    #systemctl enable <service name>.service
    #systemctl start <sevice name>.service

    doesn't work out of the box for openvpn and also for tigervnc-server (and probably an number of others I haven't found). Having found a posted solution for tigervnc-server, I next looked at my openvpn problem. As all the service are migrating to use the systemctl, I decided to integrate it how the system "should" work for standardisation. Training people on the new systemctl as the "correct" way of controlling your services "should" make life easier.

    I do quite like the way that systemctl reduces the steps for administration to enable a service to three steps. The catch seems to be that if you are passing information in the service name, after an '@', there is no defined standard. In the case of openvpn the lack of a distro README doesn't help.

    Downside is that not all the services have been integrated and standardised. An interesting comment in the bug listed above was about the lack of documentation on systemctl. After spending the last week building a bunch of FC 16 servers, I am starting to see how it hangs together and concur.
    ASUS Sabertooth Z170
    Intel i7
    16G Ram
    F 25 - Windows 10
    Thermaltake Core P5 Open Case watercooled on the wall.

  13. #13
    Join Date
    May 2007
    Posts
    41

    Re: F16 - how to get openvpn running as a daemon/service

    Great post guys! good for a noob like me to learn the FC16 specifics. I read openvpn.net, but the problem for me goes beyond there base.

    The other part I am still struggling is with DHCP options. I can't get the script to work correctly yet.

    I tried the ones distributed in /usr/share/openvpn-*/sample/ etc... (client.up client.down). Also I found a link (I don't have now) claming to work, but that didnt work for me neither.

    So if we compile this info and other good info about how to use client.up/down will help a lot. For example explain other how to use and why --security-level or options..

    Thanks

  14. #14
    Join Date
    Sep 2010
    Location
    /dev/null
    Posts
    4
    I've openvpn running as daemon and starts automatically at boot on F16.. just make sure you run as openvpn uid and gid as you described at openvpn conf..

    I'm using latest openvpn tar ball from openvpn.net and build manually with rpmbuild btw..

    Sent from my GT-I9100 using Tapatalk 2

  15. #15
    Join Date
    May 2012
    Location
    United States
    Posts
    23

    Re: F16 - how to get openvpn running as a daemon/service

    Hi all,
    I would like to get this figured out as well. I can launch openvpn successfully with the following command:
    Code:
    systemctl start openvpn@server.service
    I get no errors when using the enable command as described below:
    Code:
    systemctl enable openvpn@.service
    However, it does not launch for me upon startup...
    I tried a 'systemctl status openvpn@server.service' which showed:
    Code:
    openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
    	  Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled)
    	  Active: failed since Sun, 27 May 2012 14:41:39 -0700; 3min 13s ago
    	 Process: 1115 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
    	  CGroup: name=systemd:/system/openvpn@.service/server
    Not sure what is going on. I can start it manually just fine as said before.
    I even tried adding 'systemctl start openvpn@server.service' to my gnome-session-properties, but still no luck. An excerpt from my /var/log/messages says:
    Code:
    May 27 14:44:02 Corellian dbus-daemon[1055]: dbus[1055]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.90" (uid=1000 pid=2434 comm="systemctl start openvpn@server.service ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Would anyone be able to help with this? I'd really like to get openvpn working on startup...

Page 1 of 3 1 2 3 LastLast

Similar Threads

  1. OpenVPN service is dead
    By FSLLL in forum Fedora 13 Development Branch
    Replies: 7
    Last Post: 21st May 2010, 10:13 AM
  2. [SOLVED] openvpn service is dead
    By vofka in forum Servers & Networking
    Replies: 1
    Last Post: 17th April 2010, 02:08 PM
  3. OpenVPN service is dead
    By litikiti in forum Servers & Networking
    Replies: 5
    Last Post: 18th January 2010, 02:10 PM
  4. Why my OpenVPN service can't start up ?
    By yu xintian in forum Using Fedora
    Replies: 1
    Last Post: 24th November 2009, 11:16 AM
  5. OpenVPN service failure
    By madplague in forum Servers & Networking
    Replies: 0
    Last Post: 31st July 2004, 03:11 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •