Duplicate services under ubuntu

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
maxburn
OpenVPN Power User
Posts: 65
Joined: Mon Dec 12, 2016 6:07 pm

Duplicate services under ubuntu

Post by maxburn » Sat Nov 11, 2017 1:34 am

Edit I misstated the issue originally. Present state is VPN clients will not connect after a reboot. I have to SSH into the server and

Code: Select all

sudo systemctl stop openvpn@server
sudo systemctl start openvpn@server
It's like it isn't starting the right config file at first????

Somehow I messed up when installing the service and have two entries. Mostly I followed the digital ocean guide but I used some config files from work, which worked fine for me until I messed up and got duplicate services, don't remember what I did.

Code: Select all

$ sudo systemctl list-unit-files | grep vpn
openvpn.service                            disabled
openvpn@.service                           enabled 
Before when I had both services enabled I was starting with two vtun# connections which broke all sorts of things, including remote SSH.

I think somehow the errors I get when removing the one I don't want are involved. It's like it starts the one I don't want first anyway.

Code: Select all

$ sudo systemctl disable openvpn
Synchronizing state of openvpn.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install disable openvpn
insserv: warning: current start runlevel(s) (empty) of script `openvpn' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `openvpn' overrides LSB defaults (0 1 6).
insserv: warning: current start runlevel(s) (empty) of script `openvpn' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `openvpn' overrides LSB defaults (0 1 6).

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Duplicate services under ubuntu

Post by TinCanTech » Sat Nov 11, 2017 12:24 pm

There is a new README.systemd (which is not in the release version yet):
distro/systemd/README.systemd wrote:OpenVPN and systemd
===================

As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a
fine grained control of each OpenVPN configuration as well as trying to
restrict the capabilities the OpenVPN process have on a system.


Configuration profile types
---------------------------
These new unit files separates between client and server profiles. The
configuration files are kept in separate directories, to provide clarity
of the profile they run under.

Typically the client profile cannot bind to any ports below port 1024
and the client configuration is always started with --nobind.

The server profile is allowed to bind to any ports. In addition it enables
a client status file, usually found in the /run/openvpn-server directory.
The status format is set to version 2 by default. These settings may be
overridden by adding --status and/or --status-version in the OpenVPN
configuration file.

Neither of these profiles makes use of PID files, but OpenVPN reports back to
systemd its PID once it has initialized.

For configuration using a peer-to-peer mode (not using --mode server on one
of the sides) it is recommended to use the client profile.


Configuration files
-------------------
These new unit files expects client configuration files to be made available
in /etc/openvpn/client. Similar for the server configurations, it is expected
to be found in /etc/openvpn/server. The configuration files must have a .conf
file extension.


Managing VPN tunnels
--------------------
Use the normal systemctl tool to start, stop VPN tunnels, as well as enable
and disable tunnels at boot time. The syntax is:

- client configurations:
# systemctl $OPER openvpn-client@$CONFIGNAME

- server configurations:
# systemctl $OPER openvpn-server@$CONFIGNAME

Similarly, to view the OpenVPN journal log use a similar syntax:

# journalctl -u openvpn-client@$CONFIGNAME
or
# journalctl -u openvpn-server@$CONFIGNAME

* Examples
Say your server configuration is /etc/openvpn/server/tun0.conf, you
start this VPN service like this:

# systemctl start openvpn-server@tun0

A client configuration file in /etc/openvpn/client/corpvpn.conf is
started like this:

# systemctl start openvpn-client@corpvpn

To view the server configuration's journal only listing entries from
yesterday and until today:

# journalctl --since yesterday -u openvpn-server@tun0

maxburn
OpenVPN Power User
Posts: 65
Joined: Mon Dec 12, 2016 6:07 pm

Re: Duplicate services under ubuntu

Post by maxburn » Sat Nov 11, 2017 3:18 pm

Yes, based on the extra service name I believe I messed up along the lines of "systemctl enable openvpn" and didn't put in the @configname. What I really don't get is with it disabled openvpn does not work after a reboot. Walking through this:

Code: Select all

$ sudo systemctl list-unit-files | grep vpn
[sudo] password for scottjal: 
openvpn.service                            disabled
openvpn@.service                           disabled
enable, start and check the one I want

Code: Select all

$ sudo systemctl enable openvpn@server
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn@server.service to /lib/systemd/system/openvpn@.service.
$ sudo systemctl start openvpn@server
$ sudo systemctl status openvpn@server
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2017-11-11 10:02:42 EST; 7s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 6834 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exi
 Main PID: 6836 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─6836 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: TCPv4_SERVER link remote: [undef]
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: MULTI: multi_init called, r=256 v=256
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: ifconfig_pool_read(), in='client4,10.8.0.4', TODO: IPv6
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: succeeded -> ifconfig_pool_set()
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: IFCONFIG POOL LIST
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: client4,10.8.0.4
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: MULTI: TCP INIT maxclients=1024 maxevents=1028
Nov 11 10:02:42 ubuntuserver ovpn-server[6836]: Initialization Sequence Completed
Nov 11 10:02:42 ubuntuserver systemd[1]: Started OpenVPN connection to server.

At this point I can verify that the VPN works externally through my phone. Other services like SSH, samba shares work etc. BUT if I reboot the server all those things break, SSH won't connect, samba shares won't mount, the VPN will not connect, it's a mess. If I then stop openvpn@server I can SSH again.

Why would this work if I manually start it but not after a reboot with an enabled service?

maxburn
OpenVPN Power User
Posts: 65
Joined: Mon Dec 12, 2016 6:07 pm

Re: Duplicate services under ubuntu

Post by maxburn » Sat Nov 11, 2017 3:52 pm

Hope this post gets approved, I think I have it fixed but I would like confirmation this is a good fix.

So if it works when I start it but not the service starting it during boot I was operating on the theory that openvpn was starting too soon, before the network interface was up. (I had this happen with PiHole.) Some searching around found this: https://unix.stackexchange.com/question ... et-written

I didn't follow that exactly though. Looking in /lib/systemd/system I can see my service openvpn@.service and in that file it has the quoted [unit] section. I simply added these two lines:

Code: Select all

Requires=networking.service
After=networking.service
So now everything appears to be OK after reboot?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Duplicate services under ubuntu

Post by TinCanTech » Sat Nov 11, 2017 4:24 pm

maxburn wrote:
Sat Nov 11, 2017 3:52 pm
Looking in /lib/systemd/system I can see my service openvpn@.service and in that file it has the quoted [unit] section. I simply added these two lines:
I think the preferred way is to put your customisation into a unit file which is located in /etc/systemd/system .. so that future up dates do not over write your changes.

maxburn
OpenVPN Power User
Posts: 65
Joined: Mon Dec 12, 2016 6:07 pm

Re: Duplicate services under ubuntu

Post by maxburn » Sat Nov 11, 2017 5:12 pm

Right, did that following the linked guide. Still seems to work after reboot.

I guess the real question is why isn't this already in the stock config? I'm a complete novice and I've already run into this twice.

Post Reply