Version of openvpn in the official repo does not start service automatically

[jhulio]

Previously I have openvpn 2.4.9 from Ubuntu's repo.

I had a config file in /etc/openvpn and the vpn tunnel got setup automatically at login.

I have now updated to 2.5.1 from openvpn's repo.

My config file is now in /etc/openvpn/client.

However, the VPN tunnel does not get established automatically at login.

I have to run "sudo systemctl start openvpn-client@myconf" manually after login to set it up.

How can I establish automatic connection at login?

Why the Ubuntu's version would connect automatically and the openvpn's version not?

It the openvpn's version supposed to connect automatically too?

[TinCanTech]

Please fill in the blanks ..

viewtopic.php?f=30&t=22603#p68963

[jhulio]

I am not running the server, only the client.

Operating system:

Code: Select all

$ uname -a
Linux mypc 5.8.0-44-generic #50-Ubuntu SMP Tue Feb 9 06:29:41 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release --all
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.10
Release:	20.10
Codename:	groovy
$ openvpn --version
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 24 2021
library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Network setup (after openvpn systemd service has been manually started):

Code: Select all

$ ifconfig
enp7s0f1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 98:28:a6:3f:a9:2e  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2229  bytes 180596 (180.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2229  bytes 180596 (180.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.7.2.12  netmask 255.255.255.0  destination 10.7.2.12
        inet6 fe80::719f:884b:19cf:878d  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 130978  bytes 175137748 (175.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 105183  bytes 7027519 (7.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.169.180.174  netmask 255.255.255.0  broadcast 10.169.180.255
        ether d0:c6:37:d9:cc:31  txqueuelen 1000  (Ethernet)
        RX packets 125095  bytes 187047843 (187.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68082  bytes 16549018 (16.5 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Client config file /etc/openvpn/client/[ABRIDGED].conf:

View OriginalClient config

client
dev tun
proto tcp
remote [ABRIDGED] 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

auth-user-pass [ABRIDGED]
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
[ABRIDGED]
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[ABRIDGED]
-----END OpenVPN Static key V1-----
</tls-auth>

group openvpn
auth-nocache

journalctl after starting the service manually:

Code: Select all

feb 27 23:06:47 mypc systemd[1]: Starting OpenVPN tunnel for [ABRIDGED]/it132...
feb 27 23:06:47 mypc openvpn[12364]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
feb 27 23:06:47 mypc openvpn[12364]: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 24 2021
feb 27 23:06:47 mypc openvpn[12364]: library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
feb 27 23:06:47 mypc openvpn[12364]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
feb 27 23:06:47 mypc openvpn[12364]: NOTE: --fast-io is disabled since we are not using UDP
feb 27 23:06:47 mypc systemd[1]: Started OpenVPN tunnel for [ABRIDGED]/it132.
feb 27 23:06:47 mypc openvpn[12364]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
feb 27 23:06:47 mypc openvpn[12364]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
feb 27 23:06:47 mypc openvpn[12364]: TCP/UDP: Preserving recently used remote address: [AF_INET][ABRIDGED]:443
feb 27 23:06:47 mypc openvpn[12364]: Socket Buffers: R=[131072->131072] S=[16384->16384]
feb 27 23:06:47 mypc openvpn[12364]: Attempting to establish TCP connection with [AF_INET][ABRIDGED]:443 [nonblock]
feb 27 23:06:47 mypc sudo[12361]: pam_unix(sudo:session): session closed for user root
feb 27 23:06:47 mypc openvpn[12364]: TCP connection established with [AF_INET][ABRIDGED]:443
feb 27 23:06:47 mypc openvpn[12364]: TCP_CLIENT link local: (not bound)
feb 27 23:06:47 mypc openvpn[12364]: TCP_CLIENT link remote: [AF_INET][ABRIDGED]:443
feb 27 23:06:47 mypc openvpn[12364]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
feb 27 23:06:47 mypc openvpn[12364]: TLS: Initial packet from [AF_INET][ABRIDGED]:443, sid=16523e86 192bdb42
feb 27 23:06:47 mypc openvpn[12364]: VERIFY OK: depth=2, C=PA, O=[ABRIDGED], CN=[ABRIDGED] Root CA
feb 27 23:06:48 mypc openvpn[12364]: VERIFY OK: depth=1, C=PA, O=[ABRIDGED], CN=[ABRIDGED] CA5
feb 27 23:06:48 mypc openvpn[12364]: VERIFY KU OK
feb 27 23:06:48 mypc openvpn[12364]: Validating certificate extended key usage
feb 27 23:06:48 mypc openvpn[12364]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
feb 27 23:06:48 mypc openvpn[12364]: VERIFY EKU OK
feb 27 23:06:48 mypc openvpn[12364]: VERIFY OK: depth=0, CN=it132.[ABRIDGED].com
feb 27 23:06:48 mypc openvpn[12364]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
feb 27 23:06:48 mypc openvpn[12364]: [it132.[ABRIDGED].com] Peer Connection Initiated with [AF_INET][ABRIDGED]:443
feb 27 23:06:48 mypc tracker-store[12247]: OK
feb 27 23:06:48 mypc systemd[1735]: tracker-store.service: Succeeded.
feb 27 23:06:49 mypc openvpn[12364]: SENT CONTROL [it132.[ABRIDGED].com]: 'PUSH_REQUEST' (status=1)
feb 27 23:06:49 mypc openvpn[12364]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS [ABRIDGED],dhcp-option DNS [ABRIDGED],sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway [ABRIDGED],topology subnet,ping 60,ping-restart 180,ifconfig [ABRIDGED] [ABRIDGED],peer-id 0,cipher AES-256-GCM'
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: timers and/or timeouts modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: compression parms modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
feb 27 23:06:49 mypc openvpn[12364]: Socket Buffers: R=[131072->425984] S=[87040->425984]
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --ifconfig/up options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: route options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: route-related options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: peer-id set
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: adjusting link_mtu to 1659
feb 27 23:06:49 mypc openvpn[12364]: OPTIONS IMPORT: data channel crypto options modified
feb 27 23:06:49 mypc openvpn[12364]: Data Channel: using negotiated cipher 'AES-256-GCM'
feb 27 23:06:49 mypc openvpn[12364]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
feb 27 23:06:49 mypc openvpn[12364]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
feb 27 23:06:49 mypc openvpn[12364]: ROUTE_GATEWAY [ABRIDGED]/[ABRIDGED] IFACE=wlp0s20f3 HWADDR=[ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: TUN/TAP device tun0 opened
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip link set dev tun0 up mtu 1500
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip link set dev tun0 up
feb 27 23:06:49 mypc systemd-udevd[12366]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip addr add dev tun0 [ABRIDGED]/24
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip route add [ABRIDGED]/32 via [ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip route add [ABRIDGED]/1 via [ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: /sbin/ip route add [ABRIDGED]/1 via [ABRIDGED]
feb 27 23:06:49 mypc openvpn[12364]: GID set to openvpn
feb 27 23:06:49 mypc openvpn[12364]: Initialization Sequence Completed
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4715] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4737] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4743] device (tun0): Activation: starting connection 'tun0' (acaf81f7-f597-435b-ac64-7fde2293e85c)
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4744] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4746] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4748] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4749] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc dbus-daemon[1073]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.12' (uid=0 pid=1074 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
feb 27 23:06:49 mypc systemd[1]: Starting Network Manager Script Dispatcher Service...
feb 27 23:06:49 mypc dbus-daemon[1073]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
feb 27 23:06:49 mypc systemd[1]: Started Network Manager Script Dispatcher Service.
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4860] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4861] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
feb 27 23:06:49 mypc NetworkManager[1074]: <info>  [1614463609.4869] device (tun0): Activation: successful, device activated.
feb 27 23:06:52 mypc whoopsie[1689]: [23:06:52] Cannot reach: https://daisy.ubuntu.com
feb 27 23:06:52 mypc systemd-resolved[1044]: Using degraded feature set TCP instead of UDP for DNS server [ABRIDGED].

[TinCanTech]

journalctl after starting the service manually

Your VPN client is working.

I have to run "sudo systemctl start openvpn-client@myconf" manually after login to set it up.

How can I establish automatic connection at login?

I think you can use systemd for user login but I don't know exactly how.. check systemd docs!

For a VPN established at system start it is:

Code: Select all

sudo systemctl enable openvpn-client@myconf

[TinCanTech]

Or use Network-Manager .. (but that has many, many issues..)