OpenVPN Server Service Won't Start After Upgrade to Fedora 27
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Wed Nov 01, 2017 5:24 pm
OpenVPN Server Service Won't Start After Upgrade to Fedora 27
After upgrading to Fedora Server 27, the openvpn@server.service wouldn't start and said that it couldn't find the unit. Prior to upgrading openvpn was working fine, and I was able to establish connections. I tried removing the symlink and adding a new one, but that didn't work. So I tried uninstalling and reinstalling openvpn. Now the service is enabled, but it won't start. Reviewing journalctl -xe shows the error message:
pam_systemd(sudo:session): Cannot create session: Already running in a session.
Has anyone see this or might know how to resolve this? I saw a few bug reports that may be related, but none with a solution.
pam_systemd(sudo:session): Cannot create session: Already running in a session.
Has anyone see this or might know how to resolve this? I saw a few bug reports that may be related, but none with a solution.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
It looks like it is already running ..rachelb4x4 wrote: ↑Tue Nov 28, 2017 4:38 amthe service is enabled, but it won't start. Reviewing journalctl -xe shows the error message:
pam_systemd(sudo:session): Cannot create session: Already running in a session
See:
https://github.com/OpenVPN/openvpn/blob ... ME.systemd
-
- OpenVpn Newbie
- Posts: 7
- Joined: Wed Nov 01, 2017 5:24 pm
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
When I run the systemctl status it says enabled but excited with status=1/Failure. That's why I thought it might not be starting. Hmm. I'm not sure what to do here.
When I run systemctl status it says:
Here is what the log says:
When I run systemctl status it says:
Code: Select all
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 08:40:55 PST; 2s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 31843 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-
Main PID: 31843 (code=exited, status=1/FAILURE)
Nov 28 08:40:55 systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:40:55 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Code: Select all
Nov 28 08:29:07 <hostname redacted> systemd[1]: Starting OpenVPN service for server...
Nov 28 08:29:07 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
ESCOD
Nov 28 08:28:51 systemd[1]: Starting OpenVPN service for server...
Nov 28 08:28:51 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 28 08:28:51 systemd[1]: Failed to start OpenVPN service for server.
Nov 28 08:28:51 systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:28:51 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Nov 28 08:28:56 systemd[1]: openvpn-server@server.service: Service hold-off time over, scheduling restart.
Nov 28 08:28:56 systemd[1]: Stopped OpenVPN service for server.
Nov 28 08:28:56 systemd[1]: Starting OpenVPN service for server...
Nov 28 08:28:56 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 28 08:28:56 systemd[1]: Failed to start OpenVPN service for server.
Nov 28 08:28:56 z systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:28:56 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Nov 28 08:29:01 systemd[1]: openvpn-server@server.service: Service hold-off time over, scheduling restart.
Nov 28 08:29:01 systemd[1]: Stopped OpenVPN service for server.
Nov 28 08:29:01 systemd[1]: Starting OpenVPN service for server...
Nov 28 08:29:01 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
Nov 28 08:29:01 systemd[1]: Failed to start OpenVPN service for server.
Nov 28 08:29:01 systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:29:01 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
Nov 28 08:29:07 systemd[1]: openvpn-server@server.service: Service hold-off time over, scheduling restart.
Nov 28 08:29:07 systemd[1]: Stopped OpenVPN service for server.
Nov 28 08:29:07 systemd[1]: Starting OpenVPN service for server...
Nov 28 08:29:07 systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
-
- OpenVpn Newbie
- Posts: 7
- Joined: Wed Nov 01, 2017 5:24 pm
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
When I run systemctl status it says the service is enabled, but exited with Status=1/failure. The only error message I can find is the one listed above.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Wed Nov 01, 2017 5:24 pm
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
Here is the message I've been getting. Everything was working well prior to the upgrade to Fedora 27. I tried selecting Fedora 25 and 26 at startup, but it hasn't helped either. Honestly, I just don't understand what has gone awry.
~]$ sudo systemctl status openvpn-server@server
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 08:59:56 PST; 452ms ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 1238 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AE
Main PID: 1238 (code=exited, status=1/FAILURE)
Nov 28 08:59:56 systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:59:56 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
~]$ sudo systemctl status openvpn-server@server
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 08:59:56 PST; 452ms ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 1238 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AE
Main PID: 1238 (code=exited, status=1/FAILURE)
Nov 28 08:59:56 systemd[1]: openvpn-server@server.service: Unit entered failed state.
Nov 28 08:59:56 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
You are missing the config file ..rachelb4x4 wrote: ↑Tue Nov 28, 2017 5:08 pmProcess: 1238 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AE
Main PID: 1238 (code=exited, status=1/FAILURE)
Try:
Code: Select all
$ cd /etc/openvpn
$ sudo openvpn myconfig.conf
-
- OpenVpn Newbie
- Posts: 7
- Joined: Wed Nov 01, 2017 5:24 pm
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
You're right about the path. Thank you!. I added it back using the absolute path, but that still didn't get it going.
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 11:07:33 PST; 4s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 4824 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps ---cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config /etc/openvpn/server/server.conf
Main PID: 4824 (code=exited, status=1/FAILURE)
Status: "Pre-connection initialization successful"
Nov 28 11:07:33 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
I tried starting it manually as you suggested above, but it seems like it just hung. So I ran ps -aux, and found that the Status code is S+. That means it is sleeping, correct?
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2017-11-28 11:07:33 PST; 4s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 4824 ExecStart=/usr/sbin/openvpn --status /var/log/openvpn-status.log --status-version 2 --suppress-timestamps ---cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config /etc/openvpn/server/server.conf
Main PID: 4824 (code=exited, status=1/FAILURE)
Status: "Pre-connection initialization successful"
Nov 28 11:07:33 systemd[1]: openvpn-server@server.service: Failed with result 'exit-code'.
I tried starting it manually as you suggested above, but it seems like it just hung. So I ran ps -aux, and found that the Status code is S+. That means it is sleeping, correct?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 7
- Joined: Wed Nov 01, 2017 5:24 pm
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
Oh thank you! It has been some time since I set it up, and I had the logs backwards. I was checking /var/log/openvpn-status.log, when I should have been checking /var/log/openvpn.log. It said that the the cipher AES-256-GCM was not supported. I changed the service file back to AES-256-CBC, and now the service will start. Yay! It still won't connect, but at least the service is running. The server log says it is sending a response, so it must be an issue with the firewall...hopefully.
-
- OpenVPN Super User
- Posts: 310
- Joined: Tue Apr 12, 2011 6:22 am
Re: OpenVPN Server Service Won't Start After Upgrade to Fedora 27
i see that you added openvpn options in systemctl service unit , why would you do that ... why not just specify them in server/client conf ?