OpenVPN service cannot start

fedoraopenvpnsystemd

I configure OpenVPN on my VPS (Fedora 23) and I have an issue with starting it as systemd service.
From command line (openvpn server.conf) all works fine, but when I try start it via systemd it fails.

systemctl status openvpn@server.service show me this:

● openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On myvps/tcp
  Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Thu 2015-12-10 06:04:07 UTC; 13min ago
Main PID: 500 (code=exited, status=1/FAILURE)

Dec 10 06:04:07 myvps openvpn[500]: ROUTE: default_gateway=UNDEF
Dec 10 06:04:07 myvps openvpn[500]: TUN/TAP device tun0 opened
Dec 10 06:04:07 myvps openvpn[500]: TUN/TAP TX queue length set to 100
Dec 10 06:04:07 myvps openvpn[500]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 10 06:04:07 myvps openvpn[500]: /usr/local/sbin/unpriv-ip link set dev tun0 up mtu 1500
Dec 10 06:04:07 myvps openvpn[500]: Linux ip link set failed: could not execute external program
Dec 10 06:04:07 myvps openvpn[500]: Exiting due to fatal error
Dec 10 06:04:07 myvps systemd[1]: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE
Dec 10 06:04:07 myvps systemd[1]: openvpn@server.service: Unit entered failed state.
Dec 10 06:04:07 myvps systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

I see that OpenVPN can't execute ip command, but I don't see why. When I start OpenVPN manually I don't get this error.

The unpriv-ip script is set up as described in official howto.

The OpenVPN service start after network.target and wanted by multi-user.target, if it matters.

Can someone explain me what is the problem?

Thank you.

UPD (for Anubioz)

# dnf install iproute
Last metadata expiration check performed 1:27:44 ago on Thu Dec 10 05:52:27 2015.
Package iproute-4.1.1-3.fc23.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!

# ls -l /usr/local/sbin/unpriv-ip 
-rwxr-xr-x. 1 root root 27 Dec 10 01:23 /usr/local/sbin/unpriv-ip

UPD2 (for Anubioz)

# dnf install iputils
Last metadata expiration check performed 1:42:05 ago on Thu Dec 10 05:52:27 2015.
Package iputils-20140519-7.fc23.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!

Best Answer

  1. Check that /usr/local/sbin/unpriv-ip script has execute permissions (+x chmod flag)

You can set it with the following command

chmod +x /usr/local/sbin/unpriv-ip

  1. Check that your openvpn config has the script-security 2 line to allow execution of external scripts.

  2. Make sure you got iproute package installed and the ip command availible on your system.

You can install it with:

yum install iproute iputils

  1. Try adding sleep 5 to the top of your /usr/local/sbin/unpriv-ip script to make sure it won't be executed before tun0 device is availible.
Related Topic