I am certain that the new port number 5001 is not used in any other configuration nor does it show up with
Code: Select all
# lsof -nP |grep 5001
It starts just fine if I run it on the command line using the same parameters shown in the ps output for voyage:
Code: Select all
# openvpn --daemon cem9909 --status /run/openvpn/cem9909.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/cem9909.conf
The process detaches normally and keeps running.
However (with that process NOT running) if I try:
Code: Select all
# systemctl start openvpn@cem9909
It fails.
Code: Select all
# journalctl -xe
Oct 25 20:08:57 VM-CEML systemd[1]: systemd-networkd.socket: Socket service systemd-networkd.service already active, refusing.
Oct 25 20:08:57 VM-CEML systemd[1]: Failed to listen on Network Service Netlink Socket.
-- Subject: Unit systemd-networkd.socket has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit systemd-networkd.socket has failed.
--
-- The result is RESULT.
Oct 25 20:08:57 VM-CEML systemd[1]: Dependency failed for OpenVPN connection to cem9909.
-- Subject: Unit openvpn@cem9909.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit openvpn@cem9909.service has failed.
--
-- The result is RESULT.
Oct 25 20:08:57 VM-CEML systemd[1]: openvpn@cem9909.service: Job openvpn@cem9909.service/start failed with result 'dependency'.
Once again, I am certain that there is no overlap of the same IP and the same port for different tunnels, which is proven because I can start the daemon from the command line, just not using systemctl. And for the same reason, and because of being based on a working config, I don't think there is a configuration error.
Ownership and permissions of all files for both the working and non-working version are the same: all root.root, 600 for keys and 644 for certs and the configs. Both working and non-working version contain user nobody and group nobody.
Any ideas welcome!