Fedora Linux Support Community & Resources Center
  #1  
Old 16th November 2011, 05:05 PM
AzertyNL Offline
Registered User
 
Join Date: Nov 2011
Posts: 11
windows_7firefox
Question F16 - how to get openvpn running as a daemon/service

Hello,

I can not find any documentation how one is supposed to run openvpn as a daemon/service in Fedora 16.

I would like to have openvpn running as a service as soon as the F16 machine is up so I can connect to it from a remote location.
With most services moved to systemd in Fedora 16 i checked both chkconfig --list and systemctl -all, but did not find anything to configure that openvpn should be started.

What is the 'intended' way to set this up in Fedora 16 ?
Reply With Quote
  #2  
Old 16th November 2011, 07:54 PM
mtk Offline
Registered User
 
Join Date: Apr 2004
Posts: 194
linuxchrome
Re: F16 - how to get openvpn running as a daemon/service

i second the motion. i thought that if a vpn connection under NetworkManager was a 'system' connection and stored its secrets unencrypted (in a protected file), that it was supposed to be automatically activated at boot time. but even as of FC16, that does not appear to be the case.

i'd like to see a statement from the NetworkManager guys about when we can have vpn connections activated at boot time without a login.

/mark
Reply With Quote
  #3  
Old 16th November 2011, 08:03 PM
beaker_'s Avatar
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,718
linuxfirefox
Re: F16 - how to get openvpn running as a daemon/service

Quote:
I can not find any documentation how one is supposed to run openvpn as a daemon/service in Fedora 16.
Lots of documentation over here http://openvpn.net/ . Sorry but I can't hold your hand today.
Reply With Quote
  #4  
Old 16th November 2011, 08:47 PM
AzertyNL Offline
Registered User
 
Join Date: Nov 2011
Posts: 11
windows_7firefox
Question Re: F16 - how to get openvpn running as a daemon/service

Quote:
Originally Posted by beaker_ View Post
Lots of documentation over here http://openvpn.net/ . Sorry but I can't hold your hand today.
Getting openvpn to 'work' was not the issue (which is what the documentation on the openvpn website you referred to is addressing imho). openvpn is working fine for me when started manually.

I am looking for documentation on how to get openvpn running automatically, which seems a systemd and/or F16 specific topic. This seems not covered by documentation on openvpn.net. I could add/script something myself, but I would prefer to adhere to the method intended by the people who put the Fedora 16 distribution together.
Please hold my hand
Reply With Quote
  #5  
Old 16th November 2011, 09:11 PM
beaker_'s Avatar
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,718
linuxfirefox
Re: F16 - how to get openvpn running as a daemon/service

Well, now let me buy you a drink first. openvpn (many others for that matter) and systemd don't or didn't play nice in F15 & systemd. However opensuse released a patch months ago for openvpn. Argh... I see what you mean. What a piece of @#$!.

Dump the command into rc.local and maybe cron something to periodically check and restart it.

---------- Post added at 04:04 PM ---------- Previous post was at 03:58 PM ----------

Sorry for the double post but I see something there for it. I'm digging into it.

---------- Post added at 04:11 PM ---------- Previous post was at 04:04 PM ----------

Yeah that's what I feared. From hear it looks like it won't run as a service and it's tied into network manager. Someone has a sense of humour. Use Network Manager's applet and define your vpn(s) as "system connections' & available to all users, same is true for your nic, then hope it works. If not; copy or rebuild the init scripts from F14 to restore it as a SysV service.
Reply With Quote
  #6  
Old 16th November 2011, 09:20 PM
mtk Offline
Registered User
 
Join Date: Apr 2004
Posts: 194
linuxchrome
Re: F16 - how to get openvpn running as a daemon/service

i have seen suggestions that setting up your vpn as a 'system' vpn (which implies that is available to all users) using unencrypted secrets (so that no keyring need be consulted in order to decrypt the vpn connection info) should allow it to be automatically started at boot time.

but i have NEVER seen that work ever under any version of fedora (14, 15, and now 16).

i'd love to see a definitive statement from the NetworkManager crew about whether it should
work or not.
Reply With Quote
  #7  
Old 16th November 2011, 10:40 PM
beaker_'s Avatar
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,718
linuxfirefox
Re: F16 - how to get openvpn running as a daemon/service

Openvpn can run as a service in Fedora 14. NetworkManager not required.

Note. All my keys are encrypted.

I see two prerequisites (default location and selinux context) to your keys & certs but it just doesn't start automatically. And all users must be-able to reach your keys & cert. Assuming you don't want to drop your tunnel ie., cnetworkmanager could be a band-aid but I have no confidence in either.

I can start it manually and it will behave as a system-connection. Maybe you can create a ifcfg-(?) in /etc/NetworkManager/system-connections to make it fly straight. But, personally, I'd sooner rewrite the SysV init scripts and watch systemd chock on it.
Reply With Quote
  #8  
Old 19th November 2011, 06:32 AM
nirik's Avatar
nirik Offline
Registered User
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 438
macosmidori
Re: F16 - how to get openvpn running as a daemon/service

ln -s /lib/systemd/system/openvpn@.service /etc/systemd/system/multi-user.target.wants/openvpn@<yourconfignamehere>.service

Then:

systemctl start openvpn@<yourconfignamehere>.service

where <yourconfignamehere> is /etc/openvpn/yourconfigname.conf

Theres a systemd bug still about enabling them right on boot. I think it works, but the status messages are messed up currently. Anyhow, the above should get it running.
Reply With Quote
  #9  
Old 19th November 2011, 01:12 PM
lmcogs Offline
Registered User
 
Join Date: Dec 2007
Posts: 249
linuxfirefox
Re: F16 - how to get openvpn running as a daemon/service

High I certainly am no expert and I'm not sure if this is any good but I managed to get vpn pppd up and running at boot in f16 the same way I had it running in f15. After setting up the vpn config files esp in /etc/ppp/peers/vpn I then could log into my vpn by command line like
pppd call vpn
route add default dev ppp0

I finally put pppd add vpn in a script in /etc/init.d/ (but without the route command) called it vpn, made it executable and sudo chkconfig --add vpn.
I then added 'route add default dev pp0' to /etc/ppp/ip-up.local. Rebooted and vpn was up automatically.

Now this was done by trial and error so don't ask tech questions but bottom line is I got it up and running at boot.
Reply With Quote
  #10  
Old 12th December 2011, 12:48 PM
au_squirrel Offline
Registered User
 
Join Date: Nov 2005
Location: Brisbane
Posts: 26
windows_7firefox
Re: F16 - how to get openvpn running as a daemon/service

Having worked through this issue on my vpn server the solution I found was in a Bugzilla report: https://bugzilla.redhat.com/show_bug.cgi?id=744244

The sequence was:

1. Start the service

#systemctl start openvpn@server.service

The important thing is that the name of the openvpn config file you wish to use is the one placed after the @. In my case my server config file is named "server.conf"

Once the service was running I could then add a link.

# ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/openvpn\@server.service

Next I re-enabled selinux and it broke.

In my directory searches before, that file was not there. My assumption is that when I ran the service for the first time it created it. I found the command that nirik had posted above in the thread and tried it with no success. It worked after I ran the service for the first time.
Next I reloaded the daemon

#systemctl daemon-reload

Then checked it was still working

[root@vpn ~]# systemctl status openvpn@server.service
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled)
Active: active (running) since Mon, 12 Dec 2011 21:34:41 +1000; 2min 16s ago
Main PID: 14553 (openvpn)
CGroup: name=systemd:/system/openvpn@.service/server
â 14553 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --cd /etc/openvpn/ --config server.conf
__________________
ASUS Sabertooth Z170
Intel i7
16G Ram
F 25 - Windows 10
Thermaltake Core P5 Open Case watercooled on the wall.

Last edited by au_squirrel; 12th December 2011 at 12:55 PM.
Reply With Quote
  #11  
Old 12th December 2011, 05:22 PM
beaker_'s Avatar
beaker_ Offline
Registered User
 
Join Date: Nov 2008
Location: Canada
Posts: 2,718
windows_7firefox
Re: F16 - how to get openvpn running as a daemon/service

You do know that you could have started the service out of rc.local right?

systemctl restart openpvn@WHATEVER.service
Reply With Quote
  #12  
Old 13th December 2011, 11:43 PM
au_squirrel Offline
Registered User
 
Join Date: Nov 2005
Location: Brisbane
Posts: 26
windows_7firefox
Re: F16 - how to get openvpn running as a daemon/service

True I could have done that and it would have been a quick and simple solution. What I was trying to do was integrate it into the systemctl the way all the other packages have mostly been done for consistency.

The base yum install on FC 16 did not completely integrate the package into systemctl. The normal process for enabling a package:

#systemctl enable <service name>.service
#systemctl start <sevice name>.service

doesn't work out of the box for openvpn and also for tigervnc-server (and probably an number of others I haven't found). Having found a posted solution for tigervnc-server, I next looked at my openvpn problem. As all the service are migrating to use the systemctl, I decided to integrate it how the system "should" work for standardisation. Training people on the new systemctl as the "correct" way of controlling your services "should" make life easier.

I do quite like the way that systemctl reduces the steps for administration to enable a service to three steps. The catch seems to be that if you are passing information in the service name, after an '@', there is no defined standard. In the case of openvpn the lack of a distro README doesn't help.

Downside is that not all the services have been integrated and standardised. An interesting comment in the bug listed above was about the lack of documentation on systemctl. After spending the last week building a bunch of FC 16 servers, I am starting to see how it hangs together and concur.
__________________
ASUS Sabertooth Z170
Intel i7
16G Ram
F 25 - Windows 10
Thermaltake Core P5 Open Case watercooled on the wall.
Reply With Quote
  #13  
Old 27th April 2012, 04:25 PM
hyperplus Offline
Registered User
 
Join Date: May 2007
Posts: 41
windows_7chrome
Re: F16 - how to get openvpn running as a daemon/service

Great post guys! good for a noob like me to learn the FC16 specifics. I read openvpn.net, but the problem for me goes beyond there base.

The other part I am still struggling is with DHCP options. I can't get the script to work correctly yet.

I tried the ones distributed in /usr/share/openvpn-*/sample/ etc... (client.up client.down). Also I found a link (I don't have now) claming to work, but that didnt work for me neither.

So if we compile this info and other good info about how to use client.up/down will help a lot. For example explain other how to use and why --security-level or options..

Thanks
Reply With Quote
  #14  
Old 27th April 2012, 04:35 PM
dextone's Avatar
dextone Offline
Registered User
 
Join Date: Sep 2010
Location: /dev/null
Posts: 4
I've openvpn running as daemon and starts automatically at boot on F16.. just make sure you run as openvpn uid and gid as you described at openvpn conf..

I'm using latest openvpn tar ball from openvpn.net and build manually with rpmbuild btw..

Sent from my GT-I9100 using Tapatalk 2
Reply With Quote
  #15  
Old 27th May 2012, 10:54 PM
Proxin Offline
Registered User
 
Join Date: May 2012
Location: United States
Posts: 23
linuxfirefox
Re: F16 - how to get openvpn running as a daemon/service

Hi all,
I would like to get this figured out as well. I can launch openvpn successfully with the following command:
Code:
systemctl start openvpn@server.service
I get no errors when using the enable command as described below:
Code:
systemctl enable openvpn@.service
However, it does not launch for me upon startup...
I tried a 'systemctl status openvpn@server.service' which showed:
Code:
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
	  Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled)
	  Active: failed since Sun, 27 May 2012 14:41:39 -0700; 3min 13s ago
	 Process: 1115 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
	  CGroup: name=systemd:/system/openvpn@.service/server
Not sure what is going on. I can start it manually just fine as said before.
I even tried adding 'systemctl start openvpn@server.service' to my gnome-session-properties, but still no luck. An excerpt from my /var/log/messages says:
Code:
May 27 14:44:02 Corellian dbus-daemon[1055]: dbus[1055]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.90" (uid=1000 pid=2434 comm="systemctl start openvpn@server.service ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
Would anyone be able to help with this? I'd really like to get openvpn working on startup...
Reply With Quote
Reply

Tags
daemon or service , f16 , openvpn , running

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN service is dead FSLLL Fedora 13 Development Branch 7 21st May 2010 10:13 AM
[SOLVED] openvpn service is dead vofka Servers & Networking 1 17th April 2010 02:08 PM
OpenVPN service is dead litikiti Servers & Networking 5 18th January 2010 02:10 PM
Why my OpenVPN service can't start up ? yu xintian Using Fedora 1 24th November 2009 11:16 AM
OpenVPN service failure madplague Servers & Networking 0 31st July 2004 03:11 AM


Current GMT-time: 10:36 (Thursday, 19-10-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat