Systemd file fails with timeout errors but still works

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nott240
OpenVpn Newbie
Posts: 3
Joined: Mon Jun 19, 2017 8:13 am

Systemd file fails with timeout errors but still works

Post by nott240 » Mon Jun 19, 2017 8:20 am

I compiled OpenVPN 2.4.2 from source on Ubuntu server 16.04.

This is my openvpn.service file located in /lib/systemd/system :

Code: Select all

[Unit]
Description=OpenVPN client
After=network.target

[Service]
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --cd /etc/openvpn/pia/ --config Mexico.conf
ExecStop=-/bin/kill -TERM $MAINPID
Restart=on-failure


[Install]
WantedBy=multi-user.target
I get this error

Code: Select all

Job for openvpn.service failed because a timeout was exceeded. See "systemctl status openvpn.service" and "journalctl -xe" for details.
If I run systemctl status openvpn.service I see it complaining about

Code: Select all

Jun 19 04:29:33 test systemd[1]: openvpn.service: PID file /var/run/openvpn/.pid not readable (yet?) after start: No such file or directory
But if I run ls -l in /var/run/openvpn I get :

Code: Select all

 -rw-r--r-- 1 root root 5 Jun 19 04:32 openvpn.pid
But it's working since my public IP changes after that, but it changes a lot so because openvpn is restarting.

How can I generate a more detailed log or fix this issue? I use pia and all PIA files are located in /etc/openvpn/pia and I want to use the Mexico server which I renamed to Mexico.conf

This is my Mexico.conf file :

Code: Select all

client
dev tun
proto udp
remote mexico.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
login.conf is my username and password and it's in the same directory...

I compiled OpenVPN following this guide here https://www.htpcguides.com/compile-late ... -debian-8/

nott240
OpenVpn Newbie
Posts: 3
Joined: Mon Jun 19, 2017 8:13 am

Re: Systemd file fails with timeout errors but still works

Post by nott240 » Mon Jun 19, 2017 8:41 am

I can't edit anymore so I'm posting a reply...I did more testing and found a interesting "solution" :

I found this settings in a guide so I copied it and adapted to my settings :

Code: Select all

[Unit]
Description=OpenVPN client
After=network.target

[Service]
RuntimeDirectory=openvpn
PrivateTmp=true
KillMode=mixed
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --cd /etc/openvpn/pia/ --config Mexico.conf
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn
Restart=on-failure
RestartSec=3
ProtectSystem=yes
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw


[Install]
WantedBy=multi-user.target
It works fine when the file is named as openvpn@openvpn.service but the same settings fail if the file is named openvpn.service... Is there a reason for this?

Is there any settings here that you would change ? Why? It would be really great if someone who understands also explains why some of those are needed and they do like LimitNPROC, DeviceAllow and the others...

I noticed that those settings work when named as openvpn@openvpn.service but it still give some non-fatal erros like :

Code: Select all

  ERROR: Linux route add command failed: external program exited with error status: 7
    
    WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Systemd file fails with timeout errors but still works

Post by TinCanTech » Mon Jun 19, 2017 12:05 pm

nott240 wrote:I compiled OpenVPN 2.4.2 from source
Please post

Code: Select all

$ openvpn --version

Post Reply