Previously I have openvpn 2.4.9 from Ubuntu's repo.
I had a config file in /etc/openvpn and the vpn tunnel got setup automatically at login.
I have now updated to 2.5.1 from openvpn's repo.
My config file is now in /etc/openvpn/client.
However, the VPN tunnel does not get established automatically at login.
I have to run "sudo systemctl start openvpn-client@myconf" manually after login to set it up.
How can I establish automatic connection at login?
Why the Ubuntu's version would connect automatically and the openvpn's version not?
It the openvpn's version supposed to connect automatically too?
Version of openvpn in the official repo does not start service automatically
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 13
- Joined: Sat Feb 27, 2021 1:36 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 13
- Joined: Sat Feb 27, 2021 1:36 pm
Re: Version of openvpn in the official repo does not start service automatically
I am not running the server, only the client.
Operating system:
Network setup (after openvpn systemd service has been manually started):
Client config file /etc/openvpn/client/[ABRIDGED].conf:
client
dev tun
proto tcp
remote [ABRIDGED] 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
remote-cert-tls server
auth-user-pass [ABRIDGED]
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
[ABRIDGED]
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[ABRIDGED]
-----END OpenVPN Static key V1-----
</tls-auth>
group openvpn
auth-nocache
journalctl after starting the service manually:
Operating system:
Code: Select all
$ uname -a
Linux mypc 5.8.0-44-generic #50-Ubuntu SMP Tue Feb 9 06:29:41 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release --all
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.10
Release: 20.10
Codename: groovy
$ openvpn --version
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 24 2021
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
Code: Select all
$ ifconfig
enp7s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 98:28:a6:3f:a9:2e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2229 bytes 180596 (180.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2229 bytes 180596 (180.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.7.2.12 netmask 255.255.255.0 destination 10.7.2.12
inet6 fe80::719f:884b:19cf:878d prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 130978 bytes 175137748 (175.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 105183 bytes 7027519 (7.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.169.180.174 netmask 255.255.255.0 broadcast 10.169.180.255
ether d0:c6:37:d9:cc:31 txqueuelen 1000 (Ethernet)
RX packets 125095 bytes 187047843 (187.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68082 bytes 16549018 (16.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Client config
client
dev tun
proto tcp
remote [ABRIDGED] 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
remote-cert-tls server
auth-user-pass [ABRIDGED]
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
[ABRIDGED]
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[ABRIDGED]
-----END OpenVPN Static key V1-----
</tls-auth>
group openvpn
auth-nocache
journalctl after starting the service manually:
Code: Select all
feb 27 23:06:47 mypc systemd[1]: Starting OpenVPN tunnel for [ABRIDGED]/it132...
feb 27 23:06:47 mypc openvpn[12364]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
feb 27 23:06:47 mypc openvpn[12364]: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 24 2021
feb 27 23:06:47 mypc openvpn[12364]: library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
feb 27 23:06:47 mypc openvpn[12364]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
feb 27 23:06:47 mypc openvpn[12364]: NOTE: --fast-io is disabled since we are not using UDP
feb 27 23:06:47 mypc systemd[1]: Started OpenVPN tunnel for [ABRIDGED]/it132.
feb 27 23:06:47 mypc openvpn[12364]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
feb 27 23:06:47 mypc openvpn[12364]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
feb 27 23:06:47 mypc openvpn[12364]: TCP/UDP: Preserving recently used remote address: [AF_INET][ABRIDGED]:443
feb 27 23:06:47 mypc openvpn[12364]: Socket Buffers: R=[131072->131072] S=[16384->16384]
feb 27 23:06:47 mypc openvpn[12364]: Attempting to establish TCP connection with [AF_INET][ABRIDGED]:443 [nonblock]
feb 27 23:06:47 mypc sudo[12361]: pam_unix(sudo:session): session closed for user root
feb 27 23:06:47 mypc openvpn[12364]: TCP connection established with [AF_INET][ABRIDGED]:443
feb 27 23:06:47 mypc openvpn[12364]: TCP_CLIENT link local: (not bound)
feb 27 23:06:47 mypc openvpn[12364]: TCP_CLIENT link remote: [AF_INET][ABRIDGED]:443
feb 27 23:06:47 mypc openvpn[12364]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
feb 27 23:06:47 mypc openvpn[12364]: TLS: Initial packet from [AF_INET][ABRIDGED]:443, sid=16523e86 192bdb42
feb 27 23:06:47 mypc openvpn[12364]: VERIFY OK: depth=2, C=PA, O=[ABRIDGED], CN=[ABRIDGED] Root CA
feb 27 23:06:48 mypc openvpn[12364]: VERIFY OK: depth=1, C=PA, O=[ABRIDGED], CN=[ABRIDGED] CA5
feb 27 23:06:48 mypc openvpn[12364]: VERIFY KU OK
feb 27 23:06:48 mypc openvpn[12364]: Validating certificate extended key usage
feb 27 23:06:48 mypc openvpn[12364]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
feb 27 23:06:48 mypc openvpn[12364]: VERIFY EKU OK
feb 27 23:06:48 mypc openvpn[12364]: VERIFY OK: depth=0, CN=it132.[ABRIDGED].com
feb 27 23:06:48 mypc openvpn[12364]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
feb 27 23:06:48 mypc openvpn[12364]: [it132.[ABRIDGED].com] Peer Connection Initiated with [AF_INET][ABRIDGED]:443
feb 27 23:06:48 mypc tracker-store[12247]: OK
feb 27 23:06:48 mypc systemd[1735]: tracker-store.service: Succeeded.
feb 27 23:06:49 mypc openvpn[12364]: SENT CONTROL [it132.[ABRIDGED].com]: 'PUSH_REQUEST' (status=1)
feb 27 23:06:49 mypc openvpn[12364]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS [ABRIDGED],dhcp-option DNS [ABRIDGED],sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway [ABRIDGED],topology subnet,ping 60,ping-restart 180,ifconfig [ABRIDGED] [ABRIDGED],peer-id 0,cipher AES-256-GCM'
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: timers and/or timeouts modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: compression parms modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
feb 27 23:06:49 mypc openvpn[12364]: Socket Buffers: R=[131072->425984] S=[87040->425984]
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --ifconfig/up options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: route options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: route-related options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: peer-id set
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: adjusting link_mtu to 1659
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: data channel crypto options modified
feb 27 23:06:49 mypc openvpn[12364]: Data Channel: using negotiated cipher 'AES-256-GCM'
feb 27 23:06:49 mypc openvpn[12364]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
feb 27 23:06:49 mypc openvpn[12364]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
feb 27 23:06:49 mypc openvpn[12364]: ROUTE_GATEWAY [ABRIDGED]/[ABRIDGED] IFACE=wlp0s20f3 HWADDR=[ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: TUN/TAP device tun0 opened
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip link set dev tun0 up mtu 1500
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip link set dev tun0 up
feb 27 23:06:49 mypc systemd-udevd[12366]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip addr add dev tun0 [ABRIDGED]/24
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip route add [ABRIDGED]/32 via [ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip route add [ABRIDGED]/1 via [ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip route add [ABRIDGED]/1 via [ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: GID set to openvpn
feb 27 23:06:49 mypc openvpn[12364]: Initialization Sequence Completed
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4715] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4737] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4743] device (tun0): Activation: starting connection 'tun0' (acaf81f7-f597-435b-ac64-7fde2293e85c)
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4744] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4746] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4748] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4749] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc dbus-daemon[1073]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.12' (uid=0 pid=1074 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
feb 27 23:06:49 mypc systemd[1]: Starting Network Manager Script Dispatcher Service...
feb 27 23:06:49 mypc dbus-daemon[1073]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
feb 27 23:06:49 mypc systemd[1]: Started Network Manager Script Dispatcher Service.
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4860] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4861] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info> [1614463609.4869] device (tun0): Activation: successful, device activated.
feb 27 23:06:52 mypc whoopsie[1689]: [23:06:52] Cannot reach: https://daisy.ubuntu.com
feb 27 23:06:52 mypc systemd-resolved[1044]: Using degraded feature set TCP instead of UDP for DNS server [ABRIDGED].
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Version of openvpn in the official repo does not start service automatically
Your VPN client is working.
I think you can use systemd for user login but I don't know exactly how.. check systemd docs!
For a VPN established at system start it is:
Code: Select all
sudo systemctl enable openvpn-client@myconf
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Version of openvpn in the official repo does not start service automatically
Or use Network-Manager .. (but that has many, many issues..)