I am having an issue getting OpenVPN 2.4.8 installed and enabled on a Red Hat 8 server running as an EC2 instance on AWS.
The steps I have taken are as follows.
Added the EPEL (Extra Packages for Enterprise Linux) repository by running the following.
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
This installs the repository with no apparent issues, and I then install OpenVPN.
sudo dnf install openvpn
dnf
finds the package and it appears to install it without any issues, as per the below output.
Extra Packages for Enterprise Linux 8 - x86_64 1.5 MB/s | 4.0 MB 00:02
Last metadata expiration check: 0:00:01 ago on Thu Nov 28 16:03:24 2019.
Dependencies resolved.
======================================================================================================================================================================================================================================================================= Package Arch Version Repository Size
=======================================================================================================================================================================================================================================================================Installing:
openvpn x86_64 2.4.8-1.el8 epel 540 k
Installing dependencies:
pkcs11-helper x86_64 1.22-7.el8 epel 64 k
Transaction Summary
=======================================================================================================================================================================================================================================================================Install 2 Packages
Total download size: 604 k
Installed size: 1.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): pkcs11-helper-1.22-7.el8.x86_64.rpm 571 kB/s | 64 kB 00:00
(2/2): openvpn-2.4.8-1.el8.x86_64.rpm 4.3 MB/s | 540 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Total 197 kB/s | 604 kB 00:03
warning: /var/cache/dnf/epel-fafd94c310c51e1e/packages/openvpn-2.4.8-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x2F86D6A1:
Userid : "Fedora EPEL (8) <epel@fedoraproject.org>"
Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : pkcs11-helper-1.22-7.el8.x86_64 1/2
Running scriptlet: openvpn-2.4.8-1.el8.x86_64 2/2
Installing : openvpn-2.4.8-1.el8.x86_64 2/2
Running scriptlet: openvpn-2.4.8-1.el8.x86_64 2/2
Verifying : openvpn-2.4.8-1.el8.x86_64 1/2
Verifying : pkcs11-helper-1.22-7.el8.x86_64 2/2
Installed:
openvpn-2.4.8-1.el8.x86_64 pkcs11-helper-1.22-7.el8.x86_64
Complete!
If I then try to enable or start OpenVPN with sudo systemctl enable openvpn.service
/ sudo systemctl enable openvpn@server.service
or sudo systemctl start openvpn.service
/ sudo systemctl start openvpn@server.service
it fails to enable or start as below.
Failed to enable (or start) unit: Unit file openvpn.service does not exist.
If I run systemctl | grep openvpn
nothing at all is returned for OpenVPN.
After installing OpenVPN through apt
on Ubuntu, if I call sudo systemctl status openvpn.service
regardless of whether I have yet provided a server.conf
then systemctl
gives me a status back, as below.
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: inactive (dead)
This is not happening on Red Hat 8. So my question is how can I find out why despite installing OpenVPN through dnf
and having server.conf
and the certificates in place, when I try to manage the service with systemctl
the OpenVPN unit doesn't seem to have actually been installed?
Within the /usr/lib/systemd/system
directory the below units exist.
openvpn-client@.service
openvpn-server@.service
If I run sudo systemctl status openvpn-server@server
then I do actually get something back, but I can't start it, because it immediately fails.
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
I have searched for a solution to no avail, so I hope somebody can help!
Best Answer
For lack of detailed error logs from the poster, I will provide my solution here. Having had the same problem on an AWS RHEL 8.2 instance, I found a few configuration details needed tweaking to get the service running. These may differ across templates & tutorials/blogs being used.
Ensure
server.conf
is in the correct directoryDepending on the tutorial you are following, the location of the
server.conf
will differ (if they mention this detail at all!).Having set up server on Ubuntu before, I would usually store them in
/etc/openvpn/
. However, apparently for RHEL 8, it should be in/etc/openvpn/server
, i.e.:Create the log folder
I found that it was necessary to create the
/var/log/openvpn
folder:Once these commands were run, I found that the directory had been magically populated with the necessary files. I'm curiuos to see if anyone has the same results.
Change
nogroup
tonobody
In
server.conf
, change the line that readgroup nogroup
togroup nobody
. This may be how it is in your config already but, coming from an Ubuntu background, I found this to be the most head scratching issue.Finally - Starting the service
Since the OP has listed quite a few commands that he tried - and other posters suggested more - I'll give the commands that worked for me:
Note: Some source suggest using the
-f
flag to force it:sudo systemctl -f enable openvpn-server@server.service
, but I didn't find this necessary.Then:
And you're done!