LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   openvpn server on centos (http://www.linuxquestions.org/questions/linux-networking-3/openvpn-server-on-centos-923832/)

pendrive 01-14-2012 10:50 PM

openvpn server on centos
 
Hi broes.

I've got a very weird problem in setting up the openvpn server on centos.

Everything went fine and I did run the openvpn on standalone mode With

#pwd
/etc/openvpn

#openvpn server.conf

and again everything goes well in this standalone run.

The problem comes When I'm gonna run openvpn in service mode. When I come issue this command:
# /etc/init.d/openvpn start (Even for making sure I did restart instead)

it gives me failed. So I checked out the /etc/openvpn/openvpn.log and it said:

Code:

Sat Jan 14 20:34:51 2012 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Apr 24 2011
Sat Jan 14 20:34:51 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 14 20:34:51 2012 Note: cannot open /etc/openvpn/openvpn-status.log for WRITE
Sat Jan 14 20:34:51 2012 Note: cannot open /etc/openvpn/ipp.txt for READ/WRITE
Sat Jan 14 20:34:51 2012 Diffie-Hellman initialized with 1024 bit key
Sat Jan 14 20:34:51 2012 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jan 14 20:34:51 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sat Jan 14 20:34:51 2012 TCP/UDP: Socket bind failed on local address [undef]:1143: Permission denied
Sat Jan 14 20:34:51 2012 Exiting

you see? it gives me permission denied but I'm totally sure that I run this in root.

it gives me even Write error!!!!!

But when I run the same config on ubuntu, it runs correctly. So any ideas???????????

CTM 01-14-2012 11:59 PM

Who owns those files in /etc/openvpn/, and what are their permissions? Does your server.conf specify a user or group whose privileges will be used when root privileges are no longer necessary? If OpenVPN is expecting itself to be run as root (which is dangerous, and it doesn't need to be), double-check that the /etc/init.d/openvpn script doesn't try to drop root privileges before running OpenVPN.

pendrive 01-16-2012 06:42 AM

tnx for the reply.

the owner is root himself, permissions are 775, no I even did comment the nobody user and group from server.conf to make sure it runs with root (I know its dangerous, but I just need to run it first and then start tuning it up). also I checked up the /etc/init.d/openvpn and it has not done something like that.(even I added echo $EUID" in some places of the file to making sure and it gave me 0 as well) it's wierd :(

fritz001 01-19-2012 08:08 AM

openvpn SHOULD be started only by root !!

cware 03-06-2012 06:06 PM

@pendrive:
Did you solve the problem?
I have the same issue. This seems to be a bug. I have my share of Linux experience.
This command runs OK as root inside any script when the script is ran from command line manually or when the command itself is run from command line:
/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config /etc/openvpn/server.conf --cd /etc/openvpn --log /var/log/openvpn.log --script-security 2

When this same command is ran from within the same script at startup of the server even at the end of the boot process (/etc/rc.local), it fails as described by you.

When the command is in /etc/init.d/openvpn and ran as "service openvpn start" manually by me (root), it runs OK.
When that same service is ran by the system at boot (chkconfig openvpn on), it fails.

Strange it is.

CentOS: v. 6.2 (64-bit) (2.6.32-220.4.2.el6.x86_64)
OPenVPN: openvpn.x86_64 2.2.0-3.el6.rf

cware

cware 03-06-2012 06:48 PM

Solved
 
SOLVED
I just uninstalled the 2.2.0 version and installed the latest 2.2.2 (http://swupdate.openvpn.org/communit...n-2.2.2.tar.gz) from source.
Now it works.
I only needed to put back the openvpn startup script that was renamed by the rpm uninstaller (rpm -e).
cp /etc/init.d/openvpn.rpmsave /etc/init.d/openvpn
chmod a+x /etc/init.d/openvpn

... and that was it.

The rpm 2.2.0 version was from rpmforge. In retrospect, it was not a good idea.

cware

pendrive 03-15-2012 06:45 AM

hi cware

I did not test it more on centos and used debian as well

but thank you you did well and it'd help the others seeking for

tarantinos 01-13-2013 12:19 AM

I believe that the problem was that: You use a non-default port for openvpn.
The openvpn's default port for SElinux is 1194. You can see this by running :

> semanage -l | grep openvpn

If you like to add a port (e.g. 1143) to be allowed, you can run:

> semanage port -a -t openvpn_port_t -p udp 1143

(change 'udp' to 'tcp' if is necessary)

pbijnens 02-07-2013 02:31 AM

I have the same problem on CentOS 6, with openvpn-2.2.2-1.el6.rf.i686 from rpmforge.
(and also using udp 1194 -- even with selinux in permissive mode, it fails).

Messages in the log file:

Jan 28 18:35:55 bourgueil openvpn[25143]: OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Jan 28 18:35:55 bourgueil openvpn[25143]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 28 18:35:55 bourgueil openvpn[25143]: Note: cannot open openvpn-status.log for WRITE
Jan 28 18:35:55 bourgueil openvpn[25143]: Note: cannot open ipp.txt for READ/WRITE
Jan 28 18:35:55 bourgueil openvpn[25143]: Diffie-Hellman initialized with 1024 bit key

I did not try yet with a self-compiled program.


All times are GMT -5. The time now is 02:15 PM.