I can't figure out how to correctly configure OpenVPN server to auto-start and be managed by SystemD.
PROBLEM:
At first everything seems to work fine, SystemD creates and runs the services successfully. But for some reason, after around 24 hours the service stop and a new PID is trigger using similar, but not the same, commands.
After a fresh installation:
Code: Select all
$ ps aux | grep openvpn
nobody 5136 0.0 0.3 9904 7232 ? Ss 11:59 0:00 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
$ sudo systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-07-29 11:59:58 UTC; 3min 21s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 5136 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 2324)
Memory: 1.1M
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
└─5136 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: /sbin/ip route add 10.0.2.0/24 via 10.0.2.2
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: UDPv4 link local (bound): [AF_INET][undef]:1195
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: UDPv4 link remote: [AF_UNSPEC]
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: GID set to nogroup
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: UID set to nobody
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: MULTI: multi_init called, r=256 v=256
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: IFCONFIG POOL: base=10.0.2.4 size=62, ipv6=0
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: IFCONFIG POOL LIST
Jul 29 11:59:58 ip-10-0-0-2 ovpn-server[5136]: Initialization Sequence Completed
Code: Select all
$ ps aux | grep openvpn
nobody 3563 0.0 0.3 10704 6344 ? Ss 06:21 0:00 /usr/sbin/openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf
● openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2021-07-29 06:22:00 UTC; 5h 48min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 1069 (code=exited, status=0/SUCCESS)
Status: "Initialization Sequence Completed"
Jul 29 06:21:58 ip-10-0-0-2 ovpn-server[1069]: event_wait : Interrupted system call (code=4)
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: /sbin/ip route del 10.0.1.0/24
Jul 29 06:22:00 ip-10-0-0-2 openvpn[3551]: RTNETLINK answers: Operation not permitted
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: Closing TUN/TAP interface
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: /sbin/ip addr del dev tun0 local 10.0.1.1 peer 10.0.1.2
Jul 29 06:22:00 ip-10-0-0-2 openvpn[3552]: RTNETLINK answers: Operation not permitted
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: Linux ip addr del failed: external program exited with error status: 2
Jul 29 06:22:00 ip-10-0-0-2 ovpn-server[1069]: SIGTERM[hard,] received, process exiting
Jul 29 06:22:00 ip-10-0-0-2 systemd[1]: openvpn@server.service: Succeeded.
$ [b]sudo systemctl status 3563[/b]
● apt-daily-upgrade.service - Daily apt upgrade and clean activities
Loaded: loaded (/lib/systemd/system/apt-daily-upgrade.service; static; vendor preset: enabled)
Active: inactive (dead) since Thu 2021-07-29 06:22:03 UTC; 5h 37min ago
TriggeredBy: ● apt-daily-upgrade.timer
Docs: man:apt(8)
Process: 3374 ExecStart=/usr/lib/apt/apt.systemd.daily install (code=exited, status=0/SUCCESS)
Main PID: 3374 (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 2324)
Memory: 22.7M
CGroup: /system.slice/apt-daily-upgrade.service
└─3563 /usr/sbin/openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf
Jul 29 11:45:48 ip-10-0-0-2 ovpn-server[3539]: 193.162.99.53:31278 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Jul 29 11:45:48 ip-10-0-0-2 ovpn-server[3539]: 193.162.99.53:31278 [myUserName] Peer Connection Initiated with [AF_INET]193.162.99.53:31278
sudo systemctl stop / start / restart openvpn@server.service
INFO
- In AWS using an EC2 instance (Ubuntu 20.04) I have installed OpenVPN 2.4.7.
All config files are in /etc/openvpn/ (server.conf)