SystemD and OpenVPN Issue (ubuntu 20.04)

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kadzu
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 26, 2021 12:43 pm

SystemD and OpenVPN Issue (ubuntu 20.04)

Post by kadzu » Thu Jul 29, 2021 12:23 pm

Hi all!

I can't figure out how to correctly configure OpenVPN server to auto-start and be managed by SystemD.

PROBLEM:
At first everything seems to work fine, SystemD creates and runs the services successfully. But for some reason, after around 24 hours the service stop and a new PID is trigger using similar, but not the same, commands.


After a fresh installation:

Code: Select all

$ ps aux | grep openvpn
nobody      5136  0.0  0.3   9904  7232 ?        Ss   11:59   0:00 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

$ sudo systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
     Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-07-29 11:59:58 UTC; 3min 21s ago
       Docs: man:openvpn(8)
             https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
             https://community.openvpn.net/openvpn/wiki/HOWTO
   Main PID: 5136 (openvpn)
     Status: "Initialization Sequence Completed"
      Tasks: 1 (limit: 2324)
     Memory: 1.1M
     CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
             └─5136 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: /sbin/ip route add 10.0.2.0/24 via 10.0.2.2
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: UDPv4 link local (bound): [AF_INET][undef]:1195
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: UDPv4 link remote: [AF_UNSPEC]
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: GID set to nogroup
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: UID set to nobody
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: MULTI: multi_init called, r=256 v=256
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: IFCONFIG POOL: base=10.0.2.4 size=62, ipv6=0
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: IFCONFIG POOL LIST
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: Initialization Sequence Completed


:x Around 24 hs later: the openvpn@server.service turn down (I don't know why) and a new PID is started:

Code: Select all

$ ps aux | grep openvpn
nobody      3563  0.0  0.3  10704  6344 ?        Ss   06:21   0:00 /usr/sbin/openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf

● openvpn@server.service - OpenVPN connection to server
     Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Thu 2021-07-29 06:22:00 UTC; 5h 48min ago
       Docs: man:openvpn(8)
             https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
             https://community.openvpn.net/openvpn/wiki/HOWTO
   Main PID: 1069 (code=exited, status=0/SUCCESS)
     Status: "Initialization Sequence Completed"

Jul 29 06:21:58 ip-10-0-0-2 ovpn-server[1069]: event_wait : Interrupted system call (code=4)
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: /sbin/ip route del 10.0.1.0/24
Jul 29 06:22:00 ip-10-0-0-2 openvpn[3551]: RTNETLINK answers: Operation not permitted
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: Closing TUN/TAP interface
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: /sbin/ip addr del dev tun0 local 10.0.1.1 peer 10.0.1.2
Jul 29 06:22:00 ip-10-0-0-2 openvpn[3552]: RTNETLINK answers: Operation not permitted
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: Linux ip addr del failed: external program exited with error status: 2
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: SIGTERM[hard,] received, process exiting
Jul 29 06:22:00 ip-10-0-0-2 systemd[1]: openvpn@server.service: Succeeded.


$ [b]sudo systemctl status 3563[/b]
● apt-daily-upgrade.service - Daily apt upgrade and clean activities
     Loaded: loaded (/lib/systemd/system/apt-daily-upgrade.service; static; vendor preset: enabled)
     Active: inactive (dead) since Thu 2021-07-29 06:22:03 UTC; 5h 37min ago
TriggeredBy: ● apt-daily-upgrade.timer
       Docs: man:apt(8)
    Process: 3374 ExecStart=/usr/lib/apt/apt.systemd.daily install (code=exited, status=0/SUCCESS)
   Main PID: 3374 (code=exited, status=0/SUCCESS)
      Tasks: 1 (limit: 2324)
     Memory: 22.7M
     CGroup: /system.slice/apt-daily-upgrade.service
             └─3563 /usr/sbin/openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf

Jul 29 11:45:48 ip-10-0-0-2 ovpn-server[3539]: 193.162.99.53:31278 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Jul 29 11:45:48 ip-10-0-0-2 ovpn-server[3539]: 193.162.99.53:31278 [myUserName] Peer Connection Initiated with [AF_INET]193.162.99.53:31278

I can't manage this pids using systemd. Is there a possibility to handle openvpn with systemd? :?
sudo systemctl stop / start / restart openvpn@server.service


INFO
  • In AWS using an EC2 instance (Ubuntu 20.04) I have installed OpenVPN 2.4.7.
    All config files are in /etc/openvpn/ (server.conf)
Shall I disable the apt-daily updates or what? :roll:

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: SystemD and OpenVPN Issue (ubuntu 20.04)

Post by TinCanTech » Thu Jul 29, 2021 1:46 pm


Post Reply