LINUX.ORG.RU
ФорумAdmin

Запуск OpenVPN

 


1

1

Centos7 Проблемы на самом деле у меня две: Первая -
openvpn --config /etc/openvpn/server.conf - так openvpn запускается и клиент коннектится
systemctl start openvpn@server - так выпадает с ошибкой

systemctl status openvpn@server
● openvpn@u7wrm89.service - OpenVPN Robust And Highly Flexible Tunneling Application On server

Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2018-07-13 06:51:18 EDT; 13s ago
Process: 2324 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
Main PID: 2324 (code=exited, status=1/FAILURE)

Jul 13 06:51:18 server systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server...
Jul 13 06:51:18 server openvpn[2324]: Options error: In [CMD-LINE]:1: Error opening configuration file: server.conf
Jul 13 06:51:18 server openvpn[2324]: Use --help for more information.
Jul 13 06:51:18 server systemd[1]: openvpn@server.service: main process exited, code=exited, status=1/FAILURE
Jul 13 06:51:18 server systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On server.
Jul 13 06:51:18 server systemd[1]: Unit openvpn@server.service entered failed state.
Jul 13 06:51:18 server systemd[1]: openvpn@server.service failed.

Feriwalld выключен, SElinux тоже.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

log openvpn

cat /var/log/openvpn.log
Fri Jul 13 06:52:21 2018 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Fri Jul 13 06:52:21 2018 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Fri Jul 13 06:52:21 2018 Diffie-Hellman initialized with 2048 bit key
Fri Jul 13 06:52:21 2018 TUN/TAP device tun0 opened
Fri Jul 13 06:52:21 2018 TUN/TAP TX queue length set to 100
Fri Jul 13 06:52:21 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jul 13 06:52:21 2018 /sbin/ip link set dev tun0 up mtu 1500
Fri Jul 13 06:52:21 2018 /sbin/ip addr add dev tun0
192.168.50.1/24 broadcast 192.168.50.255
Fri Jul 13 06:52:21 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Jul 13 06:52:21 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jul 13 06:52:21 2018 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Jul 13 06:52:21 2018 UDPv4 link remote: [AF_UNSPEC]
Fri Jul 13 06:52:21 2018 GID set to nobody
Fri Jul 13 06:52:21 2018 UID set to nobody
Fri Jul 13 06:52:21 2018 MULTI: multi_init called, r=256 v=256
Fri Jul 13 06:52:21 2018 IFCONFIG POOL: base=192.168.50.2 size=252, ipv6=0
Fri Jul 13 06:52:21 2018 IFCONFIG POOL LIST
Fri Jul 13 06:52:21 2018 Initialization Sequence Completed
Fri Jul 13 06:52:28 2018 event_wait : Interrupted system call (code=4)
Fri Jul 13 06:52:29 2018 event_wait : Interrupted system call (code=4)
Fri Jul 13 06:52:29 2018 Closing TUN/TAP interface
Fri Jul 13 06:52:29 2018 /sbin/ip addr del dev tun0
192.168.50.1/24 RTNETLINK answers: Operation not permitted
Fri Jul 13 06:52:29 2018 Linux ip addr del failed: external program exited with error status: 2
Fri Jul 13 06:52:29 2018 SIGINT[hard,] received, process exiting


Вторая - палится IP провайдера моего, а не ВПН. Но это надо NAT и iptables. Мне бы пока с первым решить.

Если у тебя в конфиге OpenVPN указана запись логов, посмотри их. Если нет — добавь, чтоб велась

XMs ★★★★★ ()

Вроде не должно быть, но проверь, под каким юзером systemd запускает демона. Если вдруг не рут, то у этого юзера должны быть права на чтение этого файла.

Legioner ★★★★★ ()
Ответ на: комментарий от Legioner

drwxr-xr-x. 6 root root 4096 Jul 12 18:28 .
drwxr-xr-x. 77 root root 4096 Jul 12 18:22 ..
drwxr-x---. 2 root openvpn 4096 Apr 26 11:04 client
drwxrwxr-x. 5 501 games 4096 Jul 12 16:38 EasyRSA-3.0.3
-rw------- 1 root root 17 Jul 13 07:17 ipp.txt
drwxr-xr-x. 4 root root 4096 Jul 12 16:33 keys
drwxr-x---. 2 root openvpn 4096 Apr 26 11:04 server
-rw-r--r--. 1 root root 705 Jul 13 07:06 server.conf
-rw-r--r--. 1 root root 10784 Apr 24 03:12 server.example

RockOrc ()
Ответ на: комментарий от XMs

логи есть, но там ошибок нет. выбивает только когда делаю отмену для openvpn --config /etc/openvpn/server.conf

Fri Jul 13 08:32:22 2018 event_wait : Interrupted system call (code=4)
Fri Jul 13 08:32:22 2018 SENT CONTROL [001]: 'RESTART' (status=1)
Fri Jul 13 08:32:23 2018 event_wait : Interrupted system call (code=4)
Fri Jul 13 08:32:23 2018 Closing TUN/TAP interface
Fri Jul 13 08:32:23 2018 /sbin/ip addr del dev tun0 192.168.50.1/24
RTNETLINK answers: Operation not permitted
Fri Jul 13 08:32:23 2018 Linux ip addr del failed: external program exited with error status: 2
Fri Jul 13 08:32:23 2018 SIGINT[hard,] received, process exiting

RockOrc ()

А если переложить конфиг и ключи в /etc/openvpn/server/ и запускать systemctl start openvpn-server@server ?

Deleted ()
Ответ на: комментарий от RockOrc

Лучше скинь полный лог куда-нибудь на пастбин

XMs ★★★★★ ()
Ответ на: комментарий от Deleted

хм. .стало по-другому (=
systemctl start openvpn-server@server

Job for openvpn-server@server.service failed because the control process exited with error code. See «systemctl status openvpn-server@server.service» and «journalctl -xe» for details.

[root@server server]# systemctl status openvpn-server@server

. ● openvpn-server@server.service - OpenVPN service for server Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; disabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Fri 2018-07-13 12:44:36 EDT; 833ms ago

Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 2240 ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf (code=exited, status=1/FAILURE)
Main PID: 2240 (code=exited, status=1/FAILURE)

Jul 13 12:44:36 serversystemd[1]: openvpn-server@server.service: main process exited, code=exited, st...ILURE
Jul 13 12:44:36 server systemd[1]: Failed to start OpenVPN service for server.
Jul 13 12:44:36 server systemd[1]: Unit openvpn-server@server.service entered failed state.
Jul 13 12:44:36 server systemd[1]: openvpn-server@server.service failed.
Hint: Some lines were ellipsized, use -l to show in full.


[root@server server]# date
Fri Jul 13 12:48:04 EDT 2018


Fri Jul 13 12:48:04 EDT 2018
[root@server server]# tail -f /var/log/openvpn
openvpn.log openvpn-status.log
[root@server server]# tail -f /var/log/openvpn.log
Fri Jul 13 09:15:10 2018 001/91.142.163.253:64249 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jul 13 09:15:10 2018 001/xx.xx.xx.xx:64249 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jul 13 09:16:29 2018 event_wait : Interrupted system call (code=4)
Fri Jul 13 09:16:29 2018 SENT CONTROL [001]: 'RESTART' (status=1)
Fri Jul 13 09:16:29 2018 event_wait : Interrupted system call (code=4)
Fri Jul 13 09:16:29 2018 Closing TUN/TAP interface
Fri Jul 13 09:16:29 2018 /sbin/ip addr del dev tun0
192.168.50.1/24 RTNETLINK answers: Operation not permitted
Fri Jul 13 09:16:29 2018 Linux ip addr del failed: external program exited with error status: 2
Fri Jul 13 09:16:29 2018 SIGINT[hard,] received, process exiting

И так конфиг сервера опенвпн https://pastebin.com/4neU0WFd

RockOrc ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.