OpenVPN Server Service Won't Start After Upgrade to Fedora 27

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
rachelb4x4
OpenVpn Newbie
Posts: 7
Joined: Wed Nov 01, 2017 5:24 pm

OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by rachelb4x4 » Tue Nov 28, 2017 4:38 am

After upgrading to Fedora Server 27, the openvpn@server.service wouldn't start and said that it couldn't find the unit. Prior to upgrading openvpn was working fine, and I was able to establish connections. I tried removing the symlink and adding a new one, but that didn't work. So I tried uninstalling and reinstalling openvpn. Now the service is enabled, but it won't start. Reviewing journalctl -xe shows the error message:
pam_systemd(sudo:session): Cannot create session: Already running in a session.

Has anyone see this or might know how to resolve this? I saw a few bug reports that may be related, but none with a solution.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4063
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by TinCanTech » Tue Nov 28, 2017 12:02 pm

rachelb4x4 wrote:
Tue Nov 28, 2017 4:38 am
the service is enabled, but it won't start. Reviewing journalctl -xe shows the error message:
pam_systemd(sudo:session): Cannot create session: Already running in a session
It looks like it is already running ..

See:
https://github.com/OpenVPN/openvpn/blob ... ME.systemd

rachelb4x4
OpenVpn Newbie
Posts: 7
Joined: Wed Nov 01, 2017 5:24 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by rachelb4x4 » Tue Nov 28, 2017 4:49 pm

When I run the systemctl status it says enabled but excited with status=1/Failure. That's why I thought it might not be starting. Hmm. I'm not sure what to do here.
When I run systemctl status it says:

Code: Select all

● openvpn-server@server.service - OpenVPN service for server
   Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
   Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 08:40:55 PST; 2s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 31843 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-
 Main PID: 31843 (code=exited, status=1/FAILURE)

Nov 28 08:40:55 systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:40:55 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Here is what the log says:

Code: Select all

 
Nov 28 08:29:07 <hostname redacted> systemd[1]: Starting OpenVPN service for server...
Nov 28 08:29:07 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
 ESCOD
Nov 28 08:28:51  systemd[1]: Starting OpenVPN service for server...
Nov 28 08:28:51 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 28 08:28:51 systemd[1]: Failed to start OpenVPN service for server.
Nov 28 08:28:51  systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:28:51  systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Nov 28 08:28:56  systemd[1]: openvpn-server@server.service: Service hold-off time over, scheduling restart.
Nov 28 08:28:56  systemd[1]: Stopped OpenVPN service for server.
Nov 28 08:28:56  systemd[1]: Starting OpenVPN service for server...
Nov 28 08:28:56  systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 28 08:28:56  systemd[1]: Failed to start OpenVPN service for server.
Nov 28 08:28:56 z systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:28:56  systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Nov 28 08:29:01  systemd[1]: openvpn-server@server.service: Service hold-off time over, scheduling restart.
Nov 28 08:29:01  systemd[1]: Stopped OpenVPN service for server.
Nov 28 08:29:01  systemd[1]: Starting OpenVPN service for server...
Nov 28 08:29:01 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 28 08:29:01 systemd[1]: Failed to start OpenVPN service for server.
Nov 28 08:29:01  systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:29:01  systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Nov 28 08:29:07 systemd[1]: openvpn-server@server.service: Service hold-off time over, scheduling restart.
Nov 28 08:29:07  systemd[1]: Stopped OpenVPN service for server.
Nov 28 08:29:07 systemd[1]: Starting OpenVPN service for server...
Nov 28 08:29:07  systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE

rachelb4x4
OpenVpn Newbie
Posts: 7
Joined: Wed Nov 01, 2017 5:24 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by rachelb4x4 » Tue Nov 28, 2017 4:51 pm

When I run systemctl status it says the service is enabled, but exited with Status=1/failure. The only error message I can find is the one listed above.

rachelb4x4
OpenVpn Newbie
Posts: 7
Joined: Wed Nov 01, 2017 5:24 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by rachelb4x4 » Tue Nov 28, 2017 5:08 pm

Here is the message I've been getting. Everything was working well prior to the upgrade to Fedora 27. I tried selecting Fedora 25 and 26 at startup, but it hasn't helped either. Honestly, I just don't understand what has gone awry.

~]$ sudo systemctl status openvpn-server@server
openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 08:59:56 PST; 452ms ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 1238 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AE
Main PID: 1238 (code=exited, status=1/FAILURE)

Nov 28 08:59:56 systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:59:56 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4063
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by TinCanTech » Tue Nov 28, 2017 6:07 pm

rachelb4x4 wrote:
Tue Nov 28, 2017 5:08 pm
Process: 1238 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AE
Main PID: 1238 (code=exited, status=1/FAILURE)
You are missing the config file ..

Try:

Code: Select all

$ cd /etc/openvpn
$ sudo openvpn myconfig.conf

rachelb4x4
OpenVpn Newbie
Posts: 7
Joined: Wed Nov 01, 2017 5:24 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by rachelb4x4 » Tue Nov 28, 2017 7:18 pm

You're right about the path. Thank you!. I added it back using the absolute path, but that still didn't get it going. :(
openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 11:07:33 PST; 4s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 4824 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps ---cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config /etc/openvpn/server/server.conf
Main PID: 4824 (code=exited, status=1/FAILURE)
Status: "Pre-connection initialization successful"

Nov 28 11:07:33 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.

I tried starting it manually as you suggested above, but it seems like it just hung. So I ran ps -aux, and found that the Status code is S+. That means it is sleeping, correct?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4063
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by TinCanTech » Tue Nov 28, 2017 7:35 pm

See your log file as per --log in your config.

See --log & --verb in The Manual v24x

rachelb4x4
OpenVpn Newbie
Posts: 7
Joined: Wed Nov 01, 2017 5:24 pm

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by rachelb4x4 » Tue Nov 28, 2017 8:23 pm

Oh thank you! It has been some time since I set it up, and I had the logs backwards. I was checking /var/log/openvpn-status.log, when I should have been checking /var/log/openvpn.log. It said that the the cipher AES-256-GCM was not supported. I changed the service file back to AES-256-CBC, and now the service will start. Yay! It still won't connect, but at least the service is running. The server log says it is sending a response, so it must be an issue with the firewall...hopefully.

TiTex
OpenVPN Expert
Posts: 267
Joined: Tue Apr 12, 2011 6:22 am

Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27

Post by TiTex » Tue Nov 28, 2017 8:33 pm

i see that you added openvpn options in systemctl service unit , why would you do that ... why not just specify them in server/client conf ?

Post Reply