LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-14-2012, 11:50 PM   #1
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Rep: Reputation: 2
openvpn server on centos


Hi broes.

I've got a very weird problem in setting up the openvpn server on centos.

Everything went fine and I did run the openvpn on standalone mode With

#pwd
/etc/openvpn

#openvpn server.conf

and again everything goes well in this standalone run.

The problem comes When I'm gonna run openvpn in service mode. When I come issue this command:
# /etc/init.d/openvpn start (Even for making sure I did restart instead)

it gives me failed. So I checked out the /etc/openvpn/openvpn.log and it said:

Code:
Sat Jan 14 20:34:51 2012 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Apr 24 2011
Sat Jan 14 20:34:51 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 14 20:34:51 2012 Note: cannot open /etc/openvpn/openvpn-status.log for WRITE
Sat Jan 14 20:34:51 2012 Note: cannot open /etc/openvpn/ipp.txt for READ/WRITE
Sat Jan 14 20:34:51 2012 Diffie-Hellman initialized with 1024 bit key
Sat Jan 14 20:34:51 2012 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jan 14 20:34:51 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sat Jan 14 20:34:51 2012 TCP/UDP: Socket bind failed on local address [undef]:1143: Permission denied
Sat Jan 14 20:34:51 2012 Exiting
you see? it gives me permission denied but I'm totally sure that I run this in root.

it gives me even Write error!!!!!

But when I run the same config on ubuntu, it runs correctly. So any ideas???????????
 
Old 01-15-2012, 12:59 AM   #2
CTM
Member
 
Registered: Apr 2004
Distribution: Slackware64 14.0 / 14.1
Posts: 131

Rep: Reputation: 50
Who owns those files in /etc/openvpn/, and what are their permissions? Does your server.conf specify a user or group whose privileges will be used when root privileges are no longer necessary? If OpenVPN is expecting itself to be run as root (which is dangerous, and it doesn't need to be), double-check that the /etc/init.d/openvpn script doesn't try to drop root privileges before running OpenVPN.
 
Old 01-16-2012, 07:42 AM   #3
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Original Poster
Rep: Reputation: 2
tnx for the reply.

the owner is root himself, permissions are 775, no I even did comment the nobody user and group from server.conf to make sure it runs with root (I know its dangerous, but I just need to run it first and then start tuning it up). also I checked up the /etc/init.d/openvpn and it has not done something like that.(even I added echo $EUID" in some places of the file to making sure and it gave me 0 as well) it's wierd
 
Old 01-19-2012, 09:08 AM   #4
fritz001
Member
 
Registered: Aug 2004
Posts: 127

Rep: Reputation: 18
openvpn SHOULD be started only by root !!
 
Old 03-06-2012, 07:06 PM   #5
cware
LQ Newbie
 
Registered: Mar 2012
Posts: 2

Rep: Reputation: Disabled
@pendrive:
Did you solve the problem?
I have the same issue. This seems to be a bug. I have my share of Linux experience.
This command runs OK as root inside any script when the script is ran from command line manually or when the command itself is run from command line:
/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config /etc/openvpn/server.conf --cd /etc/openvpn --log /var/log/openvpn.log --script-security 2

When this same command is ran from within the same script at startup of the server even at the end of the boot process (/etc/rc.local), it fails as described by you.

When the command is in /etc/init.d/openvpn and ran as "service openvpn start" manually by me (root), it runs OK.
When that same service is ran by the system at boot (chkconfig openvpn on), it fails.

Strange it is.

CentOS: v. 6.2 (64-bit) (2.6.32-220.4.2.el6.x86_64)
OPenVPN: openvpn.x86_64 2.2.0-3.el6.rf

cware
 
Old 03-06-2012, 07:48 PM   #6
cware
LQ Newbie
 
Registered: Mar 2012
Posts: 2

Rep: Reputation: Disabled
Solved

SOLVED
I just uninstalled the 2.2.0 version and installed the latest 2.2.2 (http://swupdate.openvpn.org/communit...n-2.2.2.tar.gz) from source.
Now it works.
I only needed to put back the openvpn startup script that was renamed by the rpm uninstaller (rpm -e).
cp /etc/init.d/openvpn.rpmsave /etc/init.d/openvpn
chmod a+x /etc/init.d/openvpn

... and that was it.

The rpm 2.2.0 version was from rpmforge. In retrospect, it was not a good idea.

cware
 
1 members found this post helpful.
Old 03-15-2012, 07:45 AM   #7
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Original Poster
Rep: Reputation: 2
hi cware

I did not test it more on centos and used debian as well

but thank you you did well and it'd help the others seeking for
 
Old 01-13-2013, 01:19 AM   #8
tarantinos
LQ Newbie
 
Registered: Jan 2013
Posts: 1

Rep: Reputation: Disabled
I believe that the problem was that: You use a non-default port for openvpn.
The openvpn's default port for SElinux is 1194. You can see this by running :

> semanage -l | grep openvpn

If you like to add a port (e.g. 1143) to be allowed, you can run:

> semanage port -a -t openvpn_port_t -p udp 1143

(change 'udp' to 'tcp' if is necessary)
 
Old 02-07-2013, 03:31 AM   #9
pbijnens
LQ Newbie
 
Registered: Jan 2009
Posts: 1

Rep: Reputation: 0
I have the same problem on CentOS 6, with openvpn-2.2.2-1.el6.rf.i686 from rpmforge.
(and also using udp 1194 -- even with selinux in permissive mode, it fails).

Messages in the log file:

Jan 28 18:35:55 bourgueil openvpn[25143]: OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Jan 28 18:35:55 bourgueil openvpn[25143]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 28 18:35:55 bourgueil openvpn[25143]: Note: cannot open openvpn-status.log for WRITE
Jan 28 18:35:55 bourgueil openvpn[25143]: Note: cannot open ipp.txt for READ/WRITE
Jan 28 18:35:55 bourgueil openvpn[25143]: Diffie-Hellman initialized with 1024 bit key

I did not try yet with a self-compiled program.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection to CentOs Server with OpenVPN... Then what? acschnabel Linux - Server 2 09-27-2011 09:45 PM
TUT Centos OpenVPN Multi-server jojit_0024 Linux - Newbie 1 05-27-2011 06:34 AM
How to set a route for Eth1 (DHCP clients) to reach Tun0 (openvpn server)? CentOS torontob Linux - Networking 2 09-22-2010 01:14 AM
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 03:20 AM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM


All times are GMT -5. The time now is 01:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration