[Solved] Openvp fails to access server when started as a service CentOS

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
darkwind
OpenVpn Newbie
Posts: 11
Joined: Thu Jun 09, 2016 11:10 am

Re: Openvpn client fails to access server when started as a service

Post by darkwind » Thu Jun 09, 2016 9:52 pm

The problem is solved. Almost.

The problem maker was selinux. As I usually use ubuntu and not centos I haven't made much experience with this NSA-driven security system.

How did I get to it?

After I realized that the name was the problem I made a grep on /etc

Code: Select all

grep -R /etc 2>/dev/null
and quickly I read something like that

Code: Select all

selinux/targeted/modules/active/file_contexts:/usr/sbin/openvpn --      system_u:object_r:openvpn_exec_t:s0
And then I had a way more to go. And google quickly guided me to here:
https://ask.fedoraproject.org/en/questi ... onnection/

And so I found the solution:

Code: Select all

setenforce 0
And after that - even /etc/init.d/openvpn could connect

Code: Select all

/etc/init.d/openvpn start
Happy end. And I am not fond of a sequel. :lol:

Thank you very, very much for your support. It helped me a lot to know that I wasn't alone. It prevented me from going insane. :mrgreen:

Cheers,
Alex

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn client fails to access server when started as a service

Post by TinCanTech » Thu Jun 09, 2016 10:06 pm

Thank you for your excellent feedback 8-)

darkwind
OpenVpn Newbie
Posts: 11
Joined: Thu Jun 09, 2016 11:10 am

Re: Openvpn client fails to access server when started as a service

Post by darkwind » Thu Jun 09, 2016 10:39 pm

To finalize this:

The underlying problem was, that I didn't use the openvpn tcp default port, which is 443 but used 2443
This was a non allowed port for openvpn by selinux.

This is the way to go fix this:

1) Install semanage. This is a very helpful python tool. To find out which package contains semanage run

Code: Select all

yum provides \*/semanage
2) Then install it from the package that your search told you

Code: Select all

yum install policycoreutils-python
3) Add the port to the list of allowed ports. In my case TCP-port 2443. You can do this for any udp port too which is not default (1194)

Code: Select all

semanage port -a -t openvpn_port_t -p tcp 2443
That's all. All done well. No more problems on this site. Over and out. :D

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: [Solved] Openvp fails to access server when started as a service CentOS

Post by TinCanTech » Fri Jun 10, 2016 12:16 am

Thank you for your excellent follow up.

I would recommend you join the mailing lists to keep up to date with openvpn.

Highest regards.

* Closing thread *

Post Reply