Can't start OpenVPN as a service using init script
Posted: Thu Mar 10, 2011 4:18 pm
OK, so I browsed everything in this forum under Server Administration, and viewed any thread which appeared remotely relevant. I've also done extensive Google searches and gone through the documentation online, both on openvpn.net and elsewhere. So I can only assume I am missing something incredibly obvious 
I have configured OpenVPN and it works great. It is super awesome... with one little problem. I can run OpenVPN from a shell as "openvpn <config file>" and it does not prompt me for a username and password. I can run OpenVPN from a shell as "openvpn --daemon --writepid /var/run/openvpn/this.pid --config server.conf --cd /etc/openvpn" and it does not prompt me for a username and password. I copied this from the init script.
However, when I type "service openvpn start" I am asked for an "Auth Username" and "Auth Password" and OpenVPN will not start unless I provide appropriate credentials. If I do provide them, it works. This is a problem because I would like OpenVPN to come up automatically if the server is restarted, and I will not always be there at a console to enter the username and password.
(I suppose for some reason it may work when run as part of the normal startup process, and only because I am manually typing "service openvpn start" does it ask for credentials. However I can't test this now, and it would make no sense to me anyway.)
I am not using client certificates, but rather the PAM module "/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so" . Perhaps this has something to do with it, but again I don't understand why I can run it as a daemon from a shell with no problem, and only experience undesired behavior when using the init script.
Clients can connect just fine with usernames and passwords. I am also using the tls-auth key. None of the private keys require passwords to access them. I have administered several certificate authorities using OpenSSL and I am confident this is not the problem.
So..... what's the deal? I am usually one of those "never ask for directions" guys but this has me stumped. Thanks for any help you can provide.
I have configured OpenVPN and it works great. It is super awesome... with one little problem. I can run OpenVPN from a shell as "openvpn <config file>" and it does not prompt me for a username and password. I can run OpenVPN from a shell as "openvpn --daemon --writepid /var/run/openvpn/this.pid --config server.conf --cd /etc/openvpn" and it does not prompt me for a username and password. I copied this from the init script.
However, when I type "service openvpn start" I am asked for an "Auth Username" and "Auth Password" and OpenVPN will not start unless I provide appropriate credentials. If I do provide them, it works. This is a problem because I would like OpenVPN to come up automatically if the server is restarted, and I will not always be there at a console to enter the username and password.
(I suppose for some reason it may work when run as part of the normal startup process, and only because I am manually typing "service openvpn start" does it ask for credentials. However I can't test this now, and it would make no sense to me anyway.)
I am not using client certificates, but rather the PAM module "/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so" . Perhaps this has something to do with it, but again I don't understand why I can run it as a daemon from a shell with no problem, and only experience undesired behavior when using the init script.
Clients can connect just fine with usernames and passwords. I am also using the tls-auth key. None of the private keys require passwords to access them. I have administered several certificate authorities using OpenSSL and I am confident this is not the problem.
So..... what's the deal? I am usually one of those "never ask for directions" guys but this has me stumped. Thanks for any help you can provide.