openvpn server on centos
I've got a very weird problem in setting up the openvpn server on centos.
Everything went fine and I did run the openvpn on standalone mode With
and again everything goes well in this standalone run.
The problem comes When I'm gonna run openvpn in service mode. When I come issue this command:
# /etc/init.d/openvpn start (Even for making sure I did restart instead)
it gives me failed. So I checked out the /etc/openvpn/openvpn.log and it said:
it gives me even Write error!!!!!
But when I run the same config on ubuntu, it runs correctly. So any ideas???????????
Who owns those files in /etc/openvpn/, and what are their permissions? Does your server.conf specify a user or group whose privileges will be used when root privileges are no longer necessary? If OpenVPN is expecting itself to be run as root (which is dangerous, and it doesn't need to be), double-check that the /etc/init.d/openvpn script doesn't try to drop root privileges before running OpenVPN.
tnx for the reply.
the owner is root himself, permissions are 775, no I even did comment the nobody user and group from server.conf to make sure it runs with root (I know its dangerous, but I just need to run it first and then start tuning it up). also I checked up the /etc/init.d/openvpn and it has not done something like that.(even I added echo $EUID" in some places of the file to making sure and it gave me 0 as well) it's wierd :(
openvpn SHOULD be started only by root !!
Did you solve the problem?
I have the same issue. This seems to be a bug. I have my share of Linux experience.
This command runs OK as root inside any script when the script is ran from command line manually or when the command itself is run from command line:
/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config /etc/openvpn/server.conf --cd /etc/openvpn --log /var/log/openvpn.log --script-security 2
When this same command is ran from within the same script at startup of the server even at the end of the boot process (/etc/rc.local), it fails as described by you.
When the command is in /etc/init.d/openvpn and ran as "service openvpn start" manually by me (root), it runs OK.
When that same service is ran by the system at boot (chkconfig openvpn on), it fails.
Strange it is.
CentOS: v. 6.2 (64-bit) (2.6.32-220.4.2.el6.x86_64)
OPenVPN: openvpn.x86_64 2.2.0-3.el6.rf
I just uninstalled the 2.2.0 version and installed the latest 2.2.2 (http://swupdate.openvpn.org/communit...n-2.2.2.tar.gz) from source.
Now it works.
I only needed to put back the openvpn startup script that was renamed by the rpm uninstaller (rpm -e).
cp /etc/init.d/openvpn.rpmsave /etc/init.d/openvpn
chmod a+x /etc/init.d/openvpn
... and that was it.
The rpm 2.2.0 version was from rpmforge. In retrospect, it was not a good idea.
I did not test it more on centos and used debian as well
but thank you you did well and it'd help the others seeking for
I believe that the problem was that: You use a non-default port for openvpn.
The openvpn's default port for SElinux is 1194. You can see this by running :
> semanage -l | grep openvpn
If you like to add a port (e.g. 1143) to be allowed, you can run:
> semanage port -a -t openvpn_port_t -p udp 1143
(change 'udp' to 'tcp' if is necessary)
I have the same problem on CentOS 6, with openvpn-2.2.2-1.el6.rf.i686 from rpmforge.
(and also using udp 1194 -- even with selinux in permissive mode, it fails).
Messages in the log file:
Jan 28 18:35:55 bourgueil openvpn: OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Jan 28 18:35:55 bourgueil openvpn: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 28 18:35:55 bourgueil openvpn: Note: cannot open openvpn-status.log for WRITE
Jan 28 18:35:55 bourgueil openvpn: Note: cannot open ipp.txt for READ/WRITE
Jan 28 18:35:55 bourgueil openvpn: Diffie-Hellman initialized with 1024 bit key
I did not try yet with a self-compiled program.
|All times are GMT -5. The time now is 10:05 AM.|