LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-04-2015, 12:54 AM   #1
akashi
LQ Newbie
 
Registered: Dec 2010
Posts: 18

Rep: Reputation: 0
OpenVPN on Debian 8


I need help please!

I managed to install and configure OpenVPN 2.3.4

The OpenVPN service does not load during boot because it is loaded before the network is up

Code:
Jul 04 04:47:45 osmc systemd[1]: openvpn@server.service: control process exited, code=exited status=1
Jul 04 04:47:45 osmc systemd[1]: Failed to start OpenVPN connection to server.
Jul 04 04:47:45 osmc systemd[1]: Unit openvpn@server.service entered failed state.
Jul 04 04:47:45 osmc dbus[279]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkitd.service'
Jul 04 04:47:46 osmc polkitd[394]: started daemon version 0.105 using authority implementation `local' version `0.105'
Jul 04 04:47:46 osmc dbus[279]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
Jul 04 04:47:46 osmc udisks-glue[378]: Device file /dev/mmcblk0 inserted
Jul 04 04:47:46 osmc udisks-glue[378]: Device file /dev/sda inserted
Jul 04 04:47:46 osmc sudo[408]: osmc : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/hdparm -S 240 /dev/sda
Jul 04 04:47:46 osmc sudo[408]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jul 04 04:47:46 osmc udisks-glue[378]: /dev/sda:
Jul 04 04:47:46 osmc udisks-glue[378]: setting standby to 240 (20 minutes)
Jul 04 04:47:46 osmc sudo[408]: pam_unix(sudo:session): session closed for user root
Jul 04 04:47:46 osmc kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Jul 04 04:47:46 osmc connmand[286]: eth0 {add} route fe80:: gw :: scope 0 <UNIVERSE>
Jul 04 04:47:46 osmc connmand[286]: eth0 {update} flags 102467 <UP,RUNNING,LOWER_UP>
Jul 04 04:47:46 osmc connmand[286]: eth0 {newlink} index 2 address B8:27:EB:BB:BC:85 mtu 1500
Jul 04 04:47:46 osmc connmand[286]: eth0 {newlink} index 2 operstate 6 <UP>
Jul 04 04:47:46 osmc kernel: smsc95xx 1-1.1:1.0 eth0: link up, 100Mbps, full-duplex, lpa 0xCDE1
Jul 04 04:47:46 osmc kernel: 8021q: 802.1Q VLAN Support v1.8
Jul 04 04:47:46 osmc connmand[286]: Skipping disconnect of carrier, network is connecting.
Jul 04 04:47:46 osmc minidlna[304]: Starting minidlna: minidlna.
Jul 04 04:47:46 osmc avahi-daemon[277]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.100.
Jul 04 04:47:46 osmc avahi-daemon[277]: New relevant interface eth0.IPv4 for mDNS.
Jul 04 04:47:46 osmc avahi-daemon[277]: Registering new address record for 192.168.1.100 on eth0.IPv4.
The network is managed by connman

I read online about editing the openvpn@.service and adding

Code:
[Unit]
...
Wants=network-online.target
After=network-online.target
Unfortunately this did not help.

OpenVPN error:
Code:
Sat Jul  4 05:36:21 2015 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  1 2014
Sat Jul  4 05:36:21 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Sat Jul  4 05:36:21 2015 Control Channel Authentication: using '/usr/share/easy-rsa/keys/ta.key' as a OpenVPN static key file
Sat Jul  4 05:36:21 2015 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.1.100:443: Cannot assign requested address
Sat Jul  4 05:36:21 2015 Exiting due to fatal error
If I restart the OpenVPN service once the system has booted, it works perfectly:

Code:
Sat Jul  4 05:52:49 2015 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  1 2014
Sat Jul  4 05:52:49 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Sat Jul  4 05:52:49 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Jul  4 05:52:49 2015 Control Channel Authentication: using '/usr/share/easy-rsa/keys/ta.key' as a OpenVPN static key file
Sat Jul  4 05:52:49 2015 TUN/TAP device tun0 opened
Sat Jul  4 05:52:49 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jul  4 05:52:49 2015 /sbin/ip link set dev tun0 up mtu 1500
Sat Jul  4 05:52:49 2015 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sat Jul  4 05:52:49 2015 GID set to nogroup
Sat Jul  4 05:52:49 2015 UID set to nobody
Sat Jul  4 05:52:49 2015 Listening for incoming TCP connection on [AF_INET]192.168.1.100:443
Sat Jul  4 05:52:49 2015 TCPv4_SERVER link local (bound): [AF_INET]192.168.1.100:443
Sat Jul  4 05:52:49 2015 TCPv4_SERVER link remote: [undef]
Sat Jul  4 05:52:49 2015 Initialization Sequence Completed
Please bare in mind I am still learning the basics of Linux.

Thanks in advance.
 
Old 07-04-2015, 07:01 AM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,185

Rep: Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991
I'm wondering if it's because nothing else is configured to make sure network is actually up before network-online.target is reached. For those of us who use NetworkManager, there is a NetworkManager-Wait-Online.service that helps with this. (A ConMan-Wait-Online.service would be nice.) Anyway, you could check this with
Code:
systemctl list-dependencies network-online.target --reverse
FWIW, a similar discussion here:
http://unix.stackexchange.com/questi...ng-has-started

Some general workarounds...
1. What you could do is write a script called by a custom service that checks that network connectivity has been established, looping until this condition is met. That could use the ordering
Code:
Wants=network.target
Before=network.target network-online.target
so that the openvpn@server.service only starts when this service has determined that the network is active.

2. The other possible quick and dirty solution might be to introduce a delay in the execution of the command called by openvpn@server.service using the sleep command for example.
 
1 members found this post helpful.
Old 07-04-2015, 06:16 PM   #3
akashi
LQ Newbie
 
Registered: Dec 2010
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by ferrari View Post
Anyway, you could check this with
Code:
systemctl list-dependencies network-online.target --reverse
Thank you for providing multiple possible solutions. Here is my command output:
Code:
network-online.target
* |-aria2.service
* |-minidlna.service
* |-ntp.service
* |-nzbdrone.service
* |-nzbget.service
* `-rpcbind.service
The services listed above all work correctly.

Can you please provide the command to add in the unit file to introduce a delay start with the sleep command?

Thanks again.
 
Old 07-04-2015, 06:59 PM   #4
akashi
LQ Newbie
 
Registered: Dec 2010
Posts: 18

Original Poster
Rep: Reputation: 0
ferrari, I was finally able to solve this annoying problem with your guidance.

I investigated the boot log with 'journalctl -b' and noticed after the eth0 was up, the NTP service was started.

I simply edit my openvpn@.service and added 'After=ntp.service' and now OpenVPN is loading on every boot.

You can also add 'After=multi-user.target' instead as it works too.

Many thanks for your help.

Last edited by akashi; 07-04-2015 at 07:47 PM.
 
Old 07-04-2015, 07:36 PM   #5
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,185

Rep: Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991Reputation: 991
Well done.
 
1 members found this post helpful.
Old 11-07-2015, 03:18 PM   #6
joshuambenhase
LQ Newbie
 
Registered: Nov 2015
Posts: 11

Rep: Reputation: Disabled
Im sorry, I am somewhat new to Linux as well and I have realized that this is my issue as well. My problem now is, I do not quite understand when you say 'edit openvpn@.service'? Where is that file? How do I edit that and add the new line so when system boots, it starts at the correct time?
 
Old 11-07-2015, 03:37 PM   #7
joshuambenhase
LQ Newbie
 
Registered: Nov 2015
Posts: 11

Rep: Reputation: Disabled
Okay, I found what I was looking for but it doesn't seem to fix the issue. This is what is happening. Connected to VPN fine, reboot, can't connect, reload VPN, can connect. I thought this topic was exactly the solution and it may be but it doesnt seem to be working. I may be adding it to wrong file or wrong part of file. Help greatly appreciated. Thanks in advance!
 
Old 02-01-2016, 02:35 PM   #8
akashi
LQ Newbie
 
Registered: Dec 2010
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by joshuambenhase View Post
Okay, I found what I was looking for but it doesn't seem to fix the issue. This is what is happening. Connected to VPN fine, reboot, can't connect, reload VPN, can connect. I thought this topic was exactly the solution and it may be but it doesnt seem to be working. I may be adding it to wrong file or wrong part of file. Help greatly appreciated. Thanks in advance!
I know I am responding to a very old post but I hope it helps someone:

Edit this file with your text editor, in my case I use nano
Code:
nano /lib/systemd/system/openvpn@.service
Add the text below in red:
Code:
[Unit]
Description=OpenVPN connection to %i
PartOf=openvpn.service
ReloadPropagatedFrom=openvpn.service
After=ntp.service

[Service]
Type=forking
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn -$
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn

[Install]
WantedBy=multi-user.target
Save and reboot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openvpn into another network on debian server casoe84dk Linux - Server 2 01-11-2014 02:42 AM
openvpn server on debian toli Linux - Server 1 12-15-2013 05:48 PM
[SOLVED] openVPN on debian Lenny astalavista2000 Linux - Networking 11 09-15-2010 04:35 PM
Problems with OpenVPN and Debian Lenny krassyo Debian 0 02-04-2010 05:25 PM
Debian OpenVPN Setup Question danmartinj Linux - Newbie 1 11-03-2009 03:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration