[Solved] Openvp fails to access server when started as a service CentOS

This forum is for general conversation and user-user networking.
darkwind
OpenVPN User
Posts: 11
Joined: Thu Jun 09, 2016 11:10 am

Re: Openvpn client fails to access server when started as a service

Postby darkwind » Thu Jun 09, 2016 9:52 pm

The problem is solved. Almost.

The problem maker was selinux. As I usually use ubuntu and not centos I haven't made much experience with this NSA-driven security system.

How did I get to it?

After I realized that the name was the problem I made a grep on /etc

Code: Select all

grep -R /etc 2>/dev/null


and quickly I read something like that

Code: Select all

selinux/targeted/modules/active/file_contexts:/usr/sbin/openvpn --      system_u:object_r:openvpn_exec_t:s0


And then I had a way more to go. And google quickly guided me to here:
https://ask.fedoraproject.org/en/question/31989/there-is-a-conflict-between-selinux-and-openvpn-connection/

And so I found the solution:

Code: Select all

setenforce 0


And after that - even /etc/init.d/openvpn could connect

Code: Select all

/etc/init.d/openvpn start


Happy end. And I am not fond of a sequel. :lol:

Thank you very, very much for your support. It helped me a lot to know that I wasn't alone. It prevented me from going insane. :mrgreen:

Cheers,
Alex

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2721
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn client fails to access server when started as a service

Postby TinCanTech » Thu Jun 09, 2016 10:06 pm

Thank you for your excellent feedback 8-)

darkwind
OpenVPN User
Posts: 11
Joined: Thu Jun 09, 2016 11:10 am

Re: Openvpn client fails to access server when started as a service

Postby darkwind » Thu Jun 09, 2016 10:39 pm

To finalize this:

The underlying problem was, that I didn't use the openvpn tcp default port, which is 443 but used 2443
This was a non allowed port for openvpn by selinux.

This is the way to go fix this:

1) Install semanage. This is a very helpful python tool. To find out which package contains semanage run

Code: Select all

yum provides \*/semanage


2) Then install it from the package that your search told you

Code: Select all

yum install policycoreutils-python


3) Add the port to the list of allowed ports. In my case TCP-port 2443. You can do this for any udp port too which is not default (1194)

Code: Select all

semanage port -a -t openvpn_port_t -p tcp 2443


That's all. All done well. No more problems on this site. Over and out. :D

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2721
Joined: Fri Jun 03, 2016 1:17 pm

Re: [Solved] Openvp fails to access server when started as a service CentOS

Postby TinCanTech » Fri Jun 10, 2016 12:16 am

Thank you for your excellent follow up.

I would recommend you join the mailing lists to keep up to date with openvpn.

Highest regards.

* Closing thread *


Return to “Off Topic, Related”

Who is online

Users browsing this forum: No registered users and 3 guests