I configure OpenVPN on my VPS (Fedora 23) and I have an issue with starting it as systemd service.
From command line (openvpn server.conf
) all works fine, but when I try start it via systemd it fails.
systemctl status openvpn@server.service
show me this:
● openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On myvps/tcp
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2015-12-10 06:04:07 UTC; 13min ago
Main PID: 500 (code=exited, status=1/FAILURE)
Dec 10 06:04:07 myvps openvpn[500]: ROUTE: default_gateway=UNDEF
Dec 10 06:04:07 myvps openvpn[500]: TUN/TAP device tun0 opened
Dec 10 06:04:07 myvps openvpn[500]: TUN/TAP TX queue length set to 100
Dec 10 06:04:07 myvps openvpn[500]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 10 06:04:07 myvps openvpn[500]: /usr/local/sbin/unpriv-ip link set dev tun0 up mtu 1500
Dec 10 06:04:07 myvps openvpn[500]: Linux ip link set failed: could not execute external program
Dec 10 06:04:07 myvps openvpn[500]: Exiting due to fatal error
Dec 10 06:04:07 myvps systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE
Dec 10 06:04:07 myvps systemd[1]: openvpn@server.service: Unit entered failed state.
Dec 10 06:04:07 myvps systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
I see that OpenVPN can't execute ip
command, but I don't see why. When I start OpenVPN manually I don't get this error.
The unpriv-ip script is set up as described in official howto.
The OpenVPN service start after network.target
and wanted by multi-user.target
, if it matters.
Can someone explain me what is the problem?
Thank you.
UPD (for Anubioz)
# dnf install iproute
Last metadata expiration check performed 1:27:44 ago on Thu Dec 10 05:52:27 2015.
Package iproute-4.1.1-3.fc23.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!
# ls -l /usr/local/sbin/unpriv-ip
-rwxr-xr-x. 1 root root 27 Dec 10 01:23 /usr/local/sbin/unpriv-ip
UPD2 (for Anubioz)
# dnf install iputils
Last metadata expiration check performed 1:42:05 ago on Thu Dec 10 05:52:27 2015.
Package iputils-20140519-7.fc23.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!
Best Answer
/usr/local/sbin/unpriv-ip
script has execute permissions (+x chmod flag)You can set it with the following command
chmod +x /usr/local/sbin/unpriv-ip
Check that your openvpn config has the
script-security 2
line to allow execution of external scripts.Make sure you got
iproute
package installed and theip
command availible on your system.You can install it with:
yum install iproute iputils
sleep 5
to the top of your/usr/local/sbin/unpriv-ip
script to make sure it won't be executed before tun0 device is availible.