Ask Your Question
0

openvpn will not start via systemd after upgrade to f25

asked 2017-11-20 15:10:10 -0500

zebee gravatar image

I've been running openvpn happily on 23 and 24. Finally get to 25 and my previously working systemd start fails with openvpn@vpn-home.service : Start operation timed out. Terminating.

I can start openvpn manually as root with

/usr/sbin/openvpn --daemon --writepid /var/run/openvpn-server/vpn-home.pid --cd /etc/openvpn/ --config vpn-home.conf

so there's something about the systemd setup.

[root@paddy ~]# more /lib/systemd/system/openvpn@vpn-home.service 
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target

[Service]
PrivateTmp=true
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn-server/%i.pid --cd /etc/openvpn/ --config %i.conf

[Install]
WantedBy=multi-user.target
[root@paddy ~]#

I'm not using network manager to do my networking (using /etc/sysconfig/network-scripts), could that be interfering in some way?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-11-23 02:37:46 -0500

A current OpenVPN server systemd unit file looks like this one:

[Unit]
Description=OpenVPN service for %I
After=syslog.target network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
RestartSec=5s
Restart=on-failure

[Install]
WantedBy=multi-user.target

So slightly different actions as yours, for example no need to set a PID file. Maybe that helps.

edit flag offensive delete link more

Comments

More important: Type=notify and not specifying --daemon.

villykruse gravatar imagevillykruse ( 2017-11-23 04:32:39 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-11-20 15:10:10 -0500

Seen: 133 times

Last updated: Nov 23 '17