[SOLVED] Upgrade to openvpn-2.3.1-1.el6.x86_64 kills openvpn

[paul_rogers6]

Dear All

I previously had openvpn-2.2.2-1.el6.x86_64 installed and working on Centos 6.3, via the epel, as per the HOWTO. I was in the process of changing from certificate based authentication to username/password via pam and "plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so common-auth" (topic12959.html).

However the other evening yum updated openvpn to openvpn-2.3.1-1.el6.x86_64.

Since then openvpn will no longer start (via /etc/init.d/openvpn & the the run levels). Service openvpn restart/start doesn't work either.

In order to try and diagnose the error I ran the command:

openvpn /etc/openvpn/server.conf

This gives the error:

Sun May 26 18:38:33 2013 us=656754 PLUGIN_INIT: could not load plugin shared object /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory
Sun May 26 18:38:33 2013 us=656834 Exiting due to fatal error

Checking shows that the /usr/lib64/openvpn directory no longer exists (it was there under the previous version - I checked).

If I comment out the lines:

#plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so common-auth
#client-cert-not-required
#username-as-common-name

the command:

openvpn /etc/openvpn/server.conf

starts the server with the following output:

Sun May 26 19:17:23 2013 us=862437 Current Parameter Settings:
Sun May 26 19:17:23 2013 us=862517 config = '/etc/openvpn/server.conf'
Sun May 26 19:17:23 2013 us=862532 mode = 1
Sun May 26 19:17:23 2013 us=862543 persist_config = DISABLED
Sun May 26 19:17:23 2013 us=862554 persist_mode = 1
Sun May 26 19:17:23 2013 us=862564 show_ciphers = DISABLED
Sun May 26 19:17:23 2013 us=862575 show_digests = DISABLED
Sun May 26 19:17:23 2013 us=862585 show_engines = DISABLED
Sun May 26 19:17:23 2013 us=862595 genkey = DISABLED
Sun May 26 19:17:23 2013 us=862606 key_pass_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862616 show_tls_ciphers = DISABLED
Sun May 26 19:17:23 2013 us=862627 Connection profiles [default]:
Sun May 26 19:17:23 2013 us=862639 proto = udp
Sun May 26 19:17:23 2013 us=862649 local = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862660 local_port = 1194
Sun May 26 19:17:23 2013 us=862670 remote = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862681 remote_port = 1194
Sun May 26 19:17:23 2013 us=862692 remote_float = DISABLED
Sun May 26 19:17:23 2013 us=862702 bind_defined = DISABLED
Sun May 26 19:17:23 2013 us=862712 bind_local = ENABLED
Sun May 26 19:17:23 2013 us=862723 connect_retry_seconds = 5
Sun May 26 19:17:23 2013 us=862734 connect_timeout = 10
Sun May 26 19:17:23 2013 us=862745 connect_retry_max = 0
Sun May 26 19:17:23 2013 us=862756 socks_proxy_server = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862767 socks_proxy_port = 0
Sun May 26 19:17:23 2013 us=862777 socks_proxy_retry = DISABLED
Sun May 26 19:17:23 2013 us=862788 tun_mtu = 1500
Sun May 26 19:17:23 2013 us=862799 tun_mtu_defined = ENABLED
Sun May 26 19:17:23 2013 us=862809 link_mtu = 1500
Sun May 26 19:17:23 2013 us=862820 link_mtu_defined = DISABLED
Sun May 26 19:17:23 2013 us=862830 tun_mtu_extra = 0
Sun May 26 19:17:23 2013 us=862841 tun_mtu_extra_defined = DISABLED
Sun May 26 19:17:23 2013 us=862851 mtu_discover_type = -1
Sun May 26 19:17:23 2013 us=862862 fragment = 0
Sun May 26 19:17:23 2013 us=862873 mssfix = 1450
Sun May 26 19:17:23 2013 us=862883 explicit_exit_notification = 0
Sun May 26 19:17:23 2013 us=862896 Connection profiles END
Sun May 26 19:17:23 2013 us=862908 remote_random = DISABLED
Sun May 26 19:17:23 2013 us=862919 ipchange = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862929 dev = 'tun'
Sun May 26 19:17:23 2013 us=862940 dev_type = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862951 dev_node = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862961 lladdr = '[UNDEF]'
Sun May 26 19:17:23 2013 us=862972 topology = 1
Sun May 26 19:17:23 2013 us=862983 tun_ipv6 = DISABLED
Sun May 26 19:17:23 2013 us=862994 ifconfig_local = '10.8.0.1'
Sun May 26 19:17:23 2013 us=863005 ifconfig_remote_netmask = '10.8.0.2'
Sun May 26 19:17:23 2013 us=863016 ifconfig_noexec = DISABLED
Sun May 26 19:17:23 2013 us=863026 ifconfig_nowarn = DISABLED
Sun May 26 19:17:23 2013 us=863037 ifconfig_ipv6_local = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863048 ifconfig_ipv6_netbits = 0
Sun May 26 19:17:23 2013 us=863059 ifconfig_ipv6_remote = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863070 shaper = 0
Sun May 26 19:17:23 2013 us=863080 mtu_test = 0
Sun May 26 19:17:23 2013 us=863091 mlock = DISABLED
Sun May 26 19:17:23 2013 us=863102 keepalive_ping = 10
Sun May 26 19:17:23 2013 us=863113 keepalive_timeout = 60
Sun May 26 19:17:23 2013 us=863124 inactivity_timeout = 0
Sun May 26 19:17:23 2013 us=863134 ping_send_timeout = 10
Sun May 26 19:17:23 2013 us=863145 ping_rec_timeout = 120
Sun May 26 19:17:23 2013 us=863156 ping_rec_timeout_action = 2
Sun May 26 19:17:23 2013 us=863167 ping_timer_remote = ENABLED
Sun May 26 19:17:23 2013 us=863178 remap_sigusr1 = 0
Sun May 26 19:17:23 2013 us=863188 persist_tun = ENABLED
Sun May 26 19:17:23 2013 us=863199 persist_local_ip = DISABLED
Sun May 26 19:17:23 2013 us=863210 persist_remote_ip = DISABLED
Sun May 26 19:17:23 2013 us=863220 persist_key = ENABLED
Sun May 26 19:17:23 2013 us=863244 passtos = DISABLED
Sun May 26 19:17:23 2013 us=863257 resolve_retry_seconds = 1000000000
Sun May 26 19:17:23 2013 us=863268 username = 'nobody'
Sun May 26 19:17:23 2013 us=863279 groupname = 'nobody'
Sun May 26 19:17:23 2013 us=863290 chroot_dir = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863301 cd_dir = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863311 writepid = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863322 up_script = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863332 down_script = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863346 down_pre = DISABLED
Sun May 26 19:17:23 2013 us=863357 up_restart = DISABLED
Sun May 26 19:17:23 2013 us=863367 up_delay = DISABLED
Sun May 26 19:17:23 2013 us=863684 daemon = DISABLED
Sun May 26 19:17:23 2013 us=863703 inetd = 0
Sun May 26 19:17:23 2013 us=863714 log = DISABLED
Sun May 26 19:17:23 2013 us=863725 suppress_timestamps = DISABLED
Sun May 26 19:17:23 2013 us=863736 nice = 0
Sun May 26 19:17:23 2013 us=863746 verbosity = 5
Sun May 26 19:17:23 2013 us=863757 mute = 0
Sun May 26 19:17:23 2013 us=863768 gremlin = 0
Sun May 26 19:17:23 2013 us=863779 status_file = 'openvpn-status.log'
Sun May 26 19:17:23 2013 us=863790 status_file_version = 1
Sun May 26 19:17:23 2013 us=863801 status_file_update_freq = 60
Sun May 26 19:17:23 2013 us=863811 occ = ENABLED
Sun May 26 19:17:23 2013 us=863822 rcvbuf = 65536
Sun May 26 19:17:23 2013 us=863833 sndbuf = 65536
Sun May 26 19:17:23 2013 us=863843 mark = 0
Sun May 26 19:17:23 2013 us=863854 sockflags = 0
Sun May 26 19:17:23 2013 us=863864 fast_io = DISABLED
Sun May 26 19:17:23 2013 us=863874 lzo = 7
Sun May 26 19:17:23 2013 us=863885 route_script = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863896 route_default_gateway = '[UNDEF]'
Sun May 26 19:17:23 2013 us=863907 route_default_metric = 0
Sun May 26 19:17:23 2013 us=863918 route_noexec = DISABLED
Sun May 26 19:17:23 2013 us=863929 route_delay = 0
Sun May 26 19:17:23 2013 us=863940 route_delay_window = 30
Sun May 26 19:17:23 2013 us=863950 route_delay_defined = DISABLED
Sun May 26 19:17:23 2013 us=863961 route_nopull = DISABLED
Sun May 26 19:17:23 2013 us=863971 route_gateway_via_dhcp = DISABLED
Sun May 26 19:17:23 2013 us=863982 max_routes = 100
Sun May 26 19:17:23 2013 us=863993 allow_pull_fqdn = DISABLED
Sun May 26 19:17:23 2013 us=864004 route 10.8.0.0/255.255.255.0/nil/nil
Sun May 26 19:17:23 2013 us=864015 management_addr = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864026 management_port = 0
Sun May 26 19:17:23 2013 us=864037 management_user_pass = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864047 management_log_history_cache = 250
Sun May 26 19:17:23 2013 us=864058 management_echo_buffer_size = 100
Sun May 26 19:17:23 2013 us=864069 management_write_peer_info_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864080 management_client_user = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864090 management_client_group = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864101 management_flags = 0
Sun May 26 19:17:23 2013 us=864112 shared_secret_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864122 key_direction = 0
Sun May 26 19:17:23 2013 us=864133 ciphername_defined = ENABLED
Sun May 26 19:17:23 2013 us=864144 ciphername = 'BF-CBC'
Sun May 26 19:17:23 2013 us=864154 authname_defined = ENABLED
Sun May 26 19:17:23 2013 us=864165 authname = 'SHA1'
Sun May 26 19:17:23 2013 us=864175 prng_hash = 'SHA1'
Sun May 26 19:17:23 2013 us=864186 prng_nonce_secret_len = 16
Sun May 26 19:17:23 2013 us=864196 keysize = 0
Sun May 26 19:17:23 2013 us=864206 engine = DISABLED
Sun May 26 19:17:23 2013 us=864217 replay = ENABLED
Sun May 26 19:17:23 2013 us=864228 mute_replay_warnings = DISABLED
Sun May 26 19:17:23 2013 us=864274 replay_window = 64
Sun May 26 19:17:23 2013 us=864287 replay_time = 15
Sun May 26 19:17:23 2013 us=864297 packet_id_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864308 use_iv = ENABLED
Sun May 26 19:17:23 2013 us=864319 test_crypto = DISABLED
Sun May 26 19:17:23 2013 us=864329 tls_server = ENABLED
Sun May 26 19:17:23 2013 us=864340 tls_client = DISABLED
Sun May 26 19:17:23 2013 us=864352 key_method = 2
Sun May 26 19:17:23 2013 us=864358 ca_file = '/etc/openvpn/easy-rsa/2.0/keys/ca.crt'
Sun May 26 19:17:23 2013 us=864365 ca_path = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864372 dh_file = '/etc/openvpn/easy-rsa/2.0/keys/dh1024.pem'
Sun May 26 19:17:23 2013 us=864511 cert_file = '/etc/openvpn/easy-rsa/2.0/keys/server.crt'
Sun May 26 19:17:23 2013 us=864522 priv_key_file = '/etc/openvpn/easy-rsa/2.0/keys/server.key'
Sun May 26 19:17:23 2013 us=864530 pkcs12_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864536 cipher_list = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864542 tls_verify = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864549 tls_export_cert = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864555 verify_x509_type = 0
Sun May 26 19:17:23 2013 us=864562 verify_x509_name = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864568 crl_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864574 ns_cert_type = 0
Sun May 26 19:17:23 2013 us=864585 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864592 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864598 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864605 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864611 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864618 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864625 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864631 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864641 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864648 remote_cert_ku = 0
Sun May 26 19:17:23 2013 us=864654 remote_cert_ku[i] = 0
Sun May 26 19:17:23 2013 us=864660 remote_cert_ku[i] = 0
Sun May 26 19:17:23 2013 us=864667 remote_cert_ku[i] = 0
Sun May 26 19:17:23 2013 us=864673 remote_cert_ku[i] = 0
Sun May 26 19:17:23 2013 us=864679 remote_cert_ku[i] = 0
Sun May 26 19:17:23 2013 us=864685 remote_cert_ku[i] = 0
Sun May 26 19:17:23 2013 us=864692 remote_cert_eku = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864698 ssl_flags = 0
Sun May 26 19:17:23 2013 us=864704 tls_timeout = 2
Sun May 26 19:17:23 2013 us=864711 renegotiate_bytes = 0
Sun May 26 19:17:23 2013 us=864717 renegotiate_packets = 0
Sun May 26 19:17:23 2013 us=864724 renegotiate_seconds = 3600
Sun May 26 19:17:23 2013 us=864730 handshake_window = 60
Sun May 26 19:17:23 2013 us=864736 transition_window = 3600
Sun May 26 19:17:23 2013 us=864743 single_session = DISABLED
Sun May 26 19:17:23 2013 us=864749 push_peer_info = DISABLED
Sun May 26 19:17:23 2013 us=864755 tls_exit = DISABLED
Sun May 26 19:17:23 2013 us=864762 tls_auth_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864774 server_network = 10.8.0.0
Sun May 26 19:17:23 2013 us=864783 server_netmask = 255.255.255.0
Sun May 26 19:17:23 2013 us=864793 server_network_ipv6 = ::
Sun May 26 19:17:23 2013 us=864800 server_netbits_ipv6 = 0
Sun May 26 19:17:23 2013 us=864807 server_bridge_ip = 0.0.0.0
Sun May 26 19:17:23 2013 us=864814 server_bridge_netmask = 0.0.0.0
Sun May 26 19:17:23 2013 us=864822 server_bridge_pool_start = 0.0.0.0
Sun May 26 19:17:23 2013 us=864829 server_bridge_pool_end = 0.0.0.0
Sun May 26 19:17:23 2013 us=864835 push_entry = 'route 192.168.0.0 255.255.255.0'
Sun May 26 19:17:23 2013 us=864842 push_entry = 'route 10.8.0.1'
Sun May 26 19:17:23 2013 us=864848 push_entry = 'topology net30'
Sun May 26 19:17:23 2013 us=864855 push_entry = 'ping 10'
Sun May 26 19:17:23 2013 us=864861 push_entry = 'ping-restart 60'
Sun May 26 19:17:23 2013 us=864868 ifconfig_pool_defined = ENABLED
Sun May 26 19:17:23 2013 us=864875 ifconfig_pool_start = 10.8.0.4
Sun May 26 19:17:23 2013 us=864882 ifconfig_pool_end = 10.8.0.251
Sun May 26 19:17:23 2013 us=864889 ifconfig_pool_netmask = 0.0.0.0
Sun May 26 19:17:23 2013 us=864895 ifconfig_pool_persist_filename = 'ipp.txt'
Sun May 26 19:17:23 2013 us=864902 ifconfig_pool_persist_refresh_freq = 600
Sun May 26 19:17:23 2013 us=864909 ifconfig_ipv6_pool_defined = DISABLED
Sun May 26 19:17:23 2013 us=864915 ifconfig_ipv6_pool_base = ::
Sun May 26 19:17:23 2013 us=864922 ifconfig_ipv6_pool_netbits = 0
Sun May 26 19:17:23 2013 us=864928 n_bcast_buf = 256
Sun May 26 19:17:23 2013 us=864935 tcp_queue_limit = 64
Sun May 26 19:17:23 2013 us=864941 real_hash_size = 256
Sun May 26 19:17:23 2013 us=864947 virtual_hash_size = 256
Sun May 26 19:17:23 2013 us=864954 client_connect_script = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864960 learn_address_script = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864967 client_disconnect_script = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864973 client_config_dir = '[UNDEF]'
Sun May 26 19:17:23 2013 us=864979 ccd_exclusive = DISABLED
Sun May 26 19:17:23 2013 us=864986 tmp_dir = '/tmp'
Sun May 26 19:17:23 2013 us=864992 push_ifconfig_defined = DISABLED
Sun May 26 19:17:23 2013 us=864999 push_ifconfig_local = 0.0.0.0
Sun May 26 19:17:23 2013 us=865006 push_ifconfig_remote_netmask = 0.0.0.0
Sun May 26 19:17:23 2013 us=865013 push_ifconfig_ipv6_defined = DISABLED
Sun May 26 19:17:23 2013 us=865020 push_ifconfig_ipv6_local = ::/0
Sun May 26 19:17:23 2013 us=865027 push_ifconfig_ipv6_remote = ::
Sun May 26 19:17:23 2013 us=865033 enable_c2c = DISABLED
Sun May 26 19:17:23 2013 us=865040 duplicate_cn = DISABLED
Sun May 26 19:17:23 2013 us=865046 cf_max = 0
Sun May 26 19:17:23 2013 us=865052 cf_per = 0
Sun May 26 19:17:23 2013 us=865059 max_clients = 1024
Sun May 26 19:17:23 2013 us=865065 max_routes_per_client = 256
Sun May 26 19:17:23 2013 us=865072 auth_user_pass_verify_script = '[UNDEF]'
Sun May 26 19:17:23 2013 us=865078 auth_user_pass_verify_script_via_file = DISABLED
Sun May 26 19:17:23 2013 us=865085 port_share_host = '[UNDEF]'
Sun May 26 19:17:23 2013 us=865091 port_share_port = 0
Sun May 26 19:17:23 2013 us=865098 client = DISABLED
Sun May 26 19:17:23 2013 us=865104 pull = DISABLED
Sun May 26 19:17:23 2013 us=865111 auth_user_pass_file = '[UNDEF]'
Sun May 26 19:17:23 2013 us=865120 OpenVPN 2.3.1 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 6 2013
Sun May 26 19:17:23 2013 us=869694 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun May 26 19:17:23 2013 us=869711 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun May 26 19:17:23 2013 us=871857 Diffie-Hellman initialized with 1024 bit key
Sun May 26 19:17:23 2013 us=872201 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun May 26 19:17:23 2013 us=872226 Socket Buffers: R=[229376->131072] S=[229376->131072]
Sun May 26 19:17:23 2013 us=872716 ROUTE_GATEWAY 192.168.0.100/255.255.255.0 IFACE=eth0 HWADDR=52:54:00:63:d7:6f
Sun May 26 19:17:23 2013 us=888049 TUN/TAP device tun0 opened
Sun May 26 19:17:23 2013 us=888078 TUN/TAP TX queue length set to 100
Sun May 26 19:17:23 2013 us=888093 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun May 26 19:17:23 2013 us=888111 /sbin/ip link set dev tun0 up mtu 1500
Sun May 26 19:17:23 2013 us=893778 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sun May 26 19:17:23 2013 us=899555 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sun May 26 19:17:23 2013 us=900930 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun May 26 19:17:23 2013 us=902109 GID set to nobody
Sun May 26 19:17:23 2013 us=902126 UID set to nobody
Sun May 26 19:17:23 2013 us=902139 UDPv4 link local (bound): [undef]
Sun May 26 19:17:23 2013 us=902147 UDPv4 link remote: [undef]
Sun May 26 19:17:23 2013 us=902157 MULTI: multi_init called, r=256 v=256
Sun May 26 19:17:23 2013 us=902182 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sun May 26 19:17:23 2013 us=902199 ifconfig_pool_read(), in='client3,10.8.0.4', TODO: IPv6
Sun May 26 19:17:23 2013 us=902230 succeeded -> ifconfig_pool_set()
Sun May 26 19:17:23 2013 us=902252 IFCONFIG POOL LIST
Sun May 26 19:17:23 2013 us=902263 client3,10.8.0.4
Sun May 26 19:17:23 2013 us=902284 Initialization Sequence Completed

Clients are then able to connect as before.

However openvpn will still not start as a service. Trying service openvpn start gives the following output in /var/log/messages:

May 26 19:22:05 vpn001 openvpn[5483]: Options error: --status fails with '1194.log': Permission denied
May 26 19:22:05 vpn001 openvpn[5483]: Options error: Please correct these errors.
May 26 19:22:05 vpn001 openvpn[5483]: Use --help for more information.
May 26 19:22:05 vpn001 openvpn[5486]: Options error: --status fails with 'openvpn-status.log': Permission denied
May 26 19:22:05 vpn001 openvpn[5486]: Options error: Please correct these errors.
May 26 19:22:05 vpn001 openvpn[5486]: Use --help for more information.

the:

user nobody
group nobody

lines in server.conf are not commented. However commenting them gives the same error message.

However I'm not convinced that /etc/openvpn/server.conf is the config file being used (when run as service). How can I check whic config file is being used?

It seems that the upgrade has broken openvpn. Any thoughts on how to fix it?

Is this something that needs fixing by the rpm maintainer?

Many thanks

Paul

[janjust]

Is this something that needs fixing by the rpm maintainer?

yes and they have been notified: it will be fixed in the next EPEL version; see
https://bugzilla.redhat.com/show_bug.cgi?id=966373

[paul_rogers6]

Hi Jan

Thanks for the prompt reply. Have downloaded and installed openvpn-2.3.1-3.el6.x86_64.rpm and this has fixed the issue with the openvpn-auth-pam.so module.

However I still have the following errors when trying to start openvpn as a service:

May 28 10:16:15 vpn001 openvpn[11708]: Options error: --status fails with '1194.log': Permission denied
May 28 10:16:15 vpn001 openvpn[11708]: Options error: Please correct these errors.
May 28 10:16:15 vpn001 openvpn[11708]: Use --help for more information.
May 28 10:16:15 vpn001 openvpn[11711]: Options error: --status fails with 'openvpn-status.log': Permission denied
May 28 10:16:15 vpn001 openvpn[11711]: Options error: Please correct these errors.
May 28 10:16:15 vpn001 openvpn[11711]: Use --help for more information.

This may be something I have done and unrelated to the upgrade but I don't think so, as I'm pretty sure that everything was working fine before the upgrade and broken after the upgrade.

As stated previously I am able to start openvpn from the command line but not as service. My suspicion is that a different 1194.log and openvpn-status.log are being used in each case.

How would I go about checking this?

Can you suggest what the problem might be or how to fix it?

Thanks

P

[paul_rogers6]

Have done a bit of further testing and found the following:

1. When running from command line (as root) log files are created in /root. When running as daemon log files are presumably those in /etc/openvpn (tho' no way of confirming this). These were last updated the day prior to the update;

2. Commenting out the user nobody & group nobody lines in server.conf seems to make no difference to the error;

3. Setting /etc/openvpn rwx and the log files therein rw for all users has no effect;

4. Setting verb 9 on the command line greatly increases the output but seems to do nothing with the daemon (/var/log/messages)

Regards

Paul

[janjust]

please post the full config file; also, make sure that when you're specifying "log" or "status" file that you use an absolute path name - the /etc/init.d/openvpn script from the EPEL repo's cd's to /etc/openvpn.

[paul_rogers6]

Hi Guys

Managed to fix this problem. It was a simple as deleting the following files (in /etc/openvpn):

1194.log
ipp.txt
openvpn-status.log

and allowing openvpn to recreate them. For the life of me I don't know why the access denied messages appeared, but this fixed the problem.

Many thanks for helping out.

Regards

Paul

[janjust]

Excellent news. Closing topic.