Hi,
I have a couple of new machines with Fedora 28 installed that I'm trying to configure to connect to our VPN server. I can get the clients to connect successfully by manually entering openvpn --config client.conf, but I can't get the connection to start on boot.
I've spent some time troubleshooting and researching, but I've come up empty on a solution.
Some quick notes to eliminate certain troubleshooting:
- The client.conf file is located in /etc/openvpn
- The client.conf file permissions are set to 400
- The client certificates are located in /etc/openvpn/client
After some research I found that I may need to specify the client file when starting the service, so I tried this:
systemctl start openvpn-client@client
and I receive the following:
Job for openvpn-client@client.service failed because the control process exited with error code.
See "systemctl status openvpn-client@client.service" and "journalctl -xe" for details.
systemctl status output:
â openvpn-client@client.service - OpenVPN tunnel for client
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2018-10-17 12:34:36 NDT; 11s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 25332 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config client.conf (code=exited, status=1/FAILURE)
Main PID: 25332 (code=exited, status=1/FAILURE)
Oct 17 12:34:36 ava-silvaco systemd[1]: Starting OpenVPN tunnel for client...
Oct 17 12:34:36 ava-silvaco openvpn[25332]: Options error: In [CMD-LINE]:1: Error opening configuration file: client.conf
Oct 17 12:34:36 ava-silvaco openvpn[25332]: Use --help for more information.
Oct 17 12:34:36 ava-silvaco systemd[1]: openvpn-client@client.service: Main process exited, code=exited, status=1/FAILURE
Oct 17 12:34:36 ava-silvaco systemd[1]: openvpn-client@client.service: Failed with result 'exit-code'.
Oct 17 12:34:36 ava-silvaco systemd[1]: Failed to start OpenVPN tunnel for client.
Journalctl -xe output:
-- Subject: Unit openvpn-client@client.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/l ... temd-devel
--
-- Unit openvpn-client@client.service has failed.
--
-- The result is RESULT.
Oct 17 12:34:36 ava-silvaco audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=openvpn-client@client comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Any help or suggestions anyone can offer with this would be great!
Thanks.
Fedora clients can't start openvpn on boot
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
Chrismur91
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Oct 17, 2018 2:55 pm
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Fedora clients can't start openvpn on boot
I think the file is not where systemd is looking for it.Chrismur91 wrote: ↑Wed Oct 17, 2018 3:12 pmOct 17 12:34:36 ava-silvaco openvpn[25332]: Options error: In [CMD-LINE]:1: Error opening configuration file: client.conf
-
Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Fedora clients can't start openvpn on boot
Put client.conf in /etc/openvpn/client and try again.
-
ishotgreedo
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Mar 28, 2020 3:20 pm
Re: Fedora clients can't start openvpn on boot
The following worked for me in Fedora 31:
1. OpenVPN came pre-installed in the ISO for Fedora Workstation, as obtained from https://getfedora.org/en/
2. Place your ca.crt, client.conf, client.crt, client.key, and ta.key files in /etc/openvpn/client/
How to create these files is whole other topic; I used this guide: https://kifarunix.com/install-and-setup ... -centos-7/
3. Make a backup copy of the service configuration unit file for OpenVPN located at /usr/lib/systemd/system/openvpn-client@.service
4. Open /usr/lib/systemd/system/openvpn-client@.service (if this file isn't already there, then these steps probably won't work) using your preferred text editor, e.g.
5. Edit the following line as shown:
should read:
Note that you can specify the --nobind flag, etc etc, in your /etc/openvpn/client/client.conf file.
6. Start the service; enable it so it starts itself
7. If there are errors, the following additional command may be useful for debugging:
1. OpenVPN came pre-installed in the ISO for Fedora Workstation, as obtained from https://getfedora.org/en/
2. Place your ca.crt, client.conf, client.crt, client.key, and ta.key files in /etc/openvpn/client/
How to create these files is whole other topic; I used this guide: https://kifarunix.com/install-and-setup ... -centos-7/
3. Make a backup copy of the service configuration unit file for OpenVPN located at /usr/lib/systemd/system/openvpn-client@.service
Code: Select all
cp /usr/lib/systemd/system/openvpn-client@.service ~/openvpn-client@.service.originalCode: Select all
sudo nano /usr/lib/systemd/system/openvpn-client@.serviceCode: Select all
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.confCode: Select all
ExecStart=/usr/sbin/openvpn /etc/openvpn/client/client.conf6. Start the service; enable it so it starts itself
Code: Select all
sudo systemctl start openvpn-client@client.serviceCode: Select all
sudo systemctl enable openvpn-client@client.serviceCode: Select all
jounralctl -u openvpn-client@client-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Fedora clients can't start openvpn on boot
Users should absolutely not need to edit systemd unit files provided by openvpn.