openvpn-install: FIX - Error opening configuration file: server.conf
Recurring problem on fresh Centos 7 installations:
service openvpn@server status -l Redirecting to /bin/systemctl status -l openvpn@server.service ● openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2019-09-12 20:04:37 EDT; 17s ago Process: 11239 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE) Main PID: 11239 (code=exited, status=1/FAILURE)
Sep 12 20:04:37 server.masked.com systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server… Sep 12 20:04:37 server.masked.com openvpn[11239]: Options error: In [CMD-LINE]:1: Error opening configuration file: server.conf Sep 12 20:04:37 server.masked.com openvpn[11239]: Use --help for more information. Sep 12 20:04:37 server.masked.com systemd[1]: openvpn@server.service: main process exited, code=exited, status=1/FAILURE Sep 12 20:04:37 server.masked.com systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On server. Sep 12 20:04:37 server.masked.com systemd[1]: Unit openvpn@server.service entered failed state. Sep 12 20:04:37 server.masked.com systemd[1]: openvpn@server.service failed.
FIX:
sed -i 's#/etc/openvpn/ --config#/etc/openvpn/server/ --config#g' /usr/lib/systemd/system/openvpn@.service
systemctl daemon-reload
service openvpn@server restart
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 17 (4 by maintainers)
also did fix this issue on Rocky Linux 9. Thanks @Sispheor
Tried that first time it didn’t work and got sudo: fixfiles: command not found. Did apt-get install policycoreutils which after that, I retyped sudo fixfiles -R openvpn restore got this error /sbin/fixfiles: line 204: rpm: command not found openvpn not found
openvpn-server@server.service
(which is the right service) is not the same asopenvpn@server.service
(which is the one where you are seeing errors).Use the script in a clean system and don’t mess with the services, it will work.
On my side the error was due to selinux (centos8) I used this to fix
I do, see line 365.
Because the maintainers/developers decided to use a new service unit which is more flexible. The old service you were using will probably be discontinued in the future.
I’m from the upstream OpenVPN core team. Please read the documentation for the systemd implementation, available here: https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/README.systemd
The separation between client and server profiles was done for 2 reasons: a) To not collide with the brokenness various Linux distros ships which has not been coordinated with the upstream OpenVPN project, and b) to allow different security hardening and behavior (like automatic service restart) in server and client roles.
The
openvpn.service
andopenvpn@.service
methods is not supported by upstream OpenVPN and considered being a broken legacy approach. Which is why upstream OpenVPN shipsopenvpn-client@.service
andopenvpn-server@.service
to provide a standardized way to manage OpenVPN configurations across all distributions.I can see why it’s happening:
openvpn
package owns/lib/systemd/system/openvpn@.service
systemd service file which has these lines:So, when template unit is instantiated as e.g. “openvpn@server.service”, it will look for config in
--config /etc/openvpn/server.conf
. Which obviously does not exist. Evenopenvpn
package itself does not provide it, nor implies that location. I checkeddpkg-query --listfiles openvpn
:— that’s all for /etc/openvpn, and it does look like server config supposed to go under
/etc/openvpn/server/
directory.Moreover, openvpn-server@.service template uses different syntax for ExecStart:
Note that different working directory and the non-absolute config path being used here.
I think the we found here is the issue with openvpn packaging and systemd integration, and should be reported to OpenVPN repository instead.
You don’t need to do that. Service should be managed like this:
systemctl status openvpn-server@server.service