3

Yesterday I configured OpenVPN on a Ubuntu 18.04 server which seems to work. I can connect no problem and systemctl status openvpn gives me green. However, my syslog is being riddled with errors which seem to relate to a different service than openvpn.service. I am kind of unsettled by this since the server goes into use tomorrow and the only way to get access then is via openvpn.

Here is the syslog:

Jun 22 15:30:41 localhost systemd[1]: [email protected]: Main process e xited, code=exited, status=1/FAILURE
Jun 22 15:30:41 localhost systemd[1]: [email protected]: Failed with re sult 'exit-code'.
Jun 22 15:30:41 localhost systemd[1]: Failed to start OpenVPN connection to multi-user.
Jun 22 15:30:47 localhost systemd[1]: [email protected]: Service hold-off time over, scheduling restart.
Jun 22 15:30:47 localhost systemd[1]: [email protected]: Scheduled restart job, restart counter is at 146.
Jun 22 15:30:47 localhost systemd[1]: Stopped OpenVPN connection to multi-user.
Jun 22 15:30:47 localhost systemd[1]: Starting OpenVPN connection to multi-user...
Jun 22 15:30:47 localhost ovpn-multi-user[3046]: Options error: In [CMD-LINE]:1:Error opening configuration file: /etc/openvpn/multi-user.conf
Jun 22 15:30:47 localhost ovpn-multi-user[3046]: Use --help for more information.
Jun 22 15:30:47 localhost systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Jun 22 15:30:47 localhost systemd[1]: [email protected]: Failed with result 'exit-code'.
Jun 22 15:30:47 localhost systemd[1]: Failed to start OpenVPN connection to multi-user.
Jun 22 15:30:52 localhost systemd[1]: [email protected]: Service hold-off time over, scheduling restart.
Jun 22 15:30:52 localhost systemd[1]: [email protected]: Scheduled restart job, restart counter is at 147.
Jun 22 15:30:52 localhost systemd[1]: Stopped OpenVPN connection to multi-user.
Jun 22 15:30:52 localhost systemd[1]: Starting OpenVPN connection to multi-user.
roaima
  • 107,089
  • 14
  • 139
  • 261
AlpayY
  • 51
  • 1
  • 6
  • Related questions are https://unix.stackexchange.com/questions/378749/ and https://unix.stackexchange.com/questions/409665/ . – JdeBP Jun 22 '18 at 17:55

2 Answers2

2

I initially worked around the issue by putting the following line in my rc.local:

systemctl stop [email protected]

I finally solved it by disabling the deprecated [email protected], removing all configuration files from the OpenVPN root directory and moving them to the server directory, as well as activating the respective [email protected].

roaima
  • 107,089
  • 14
  • 139
  • 261
AlpayY
  • 51
  • 1
  • 6
0

Under systemd, at least on Debian (and presumably Ubuntu) each VPN connection (there can be multiple) gets its own service name [email protected]. You should have one per *.conf file in /etc/openvpn/.

The actual openvpn.service is a collection of all of them, to let you easily start/stop/reload all VPNs at once. Getting status on it isn't telling you much useful.

So you need to try systemctl status [email protected] or journalctl [email protected], as it'd appear your VPN is exiting for some reason. Of course, that could be something simple and expected like network issues, remote end disconnected, etc. (OpenVPN can be configured to exit when the VPN goes down.)

You can see all the OpenVPN units using something like systemctl list-units | grep openvpn or probably systemctl show --property ConsistsOf openvpn.service

derobert
  • 107,579
  • 20
  • 231
  • 279
  • Thank you for your reply, good to hear my thoughts went into the right direction. The problem seems to be that something tries to start a openvpn service with the connection name "multi-user" and that doesn't exist. How do I fix this? – AlpayY Jun 22 '18 at 16:39
  • @AlpayY I'd start by seeing if you accidentally symlinked it into one of the systemd startup directories. E.g., somehow when trying to get your VPN started by multi-user.target. If you're lucky, `systemctl show --property WantedBy [email protected]` will yield something useful. Or look through the journal. – derobert Jun 22 '18 at 16:41
  • The ouput of that command is `WantedBy=multi-user.target`. I also see this line at the end of /lib/systemd/system/[email protected]: `[Install] WantedBy=multi-user.target` So do I just remove it? Just fyi, I didn't touch my openvpn installation apart from creating config files. This is it's default behaviour out of the box. – AlpayY Jun 22 '18 at 16:44
  • @AlpayY Yes, that install means when you do `systemctl enable [email protected]`, it'll be linked into `/etc/systemd/system/multi-user.target.wants/` — I suspect you may have a link there for your non-existent VPN (because you did `systemctl enable [email protected]`) – derobert Jun 22 '18 at 16:45
  • @AlpayY anyway, `systemctl disable [email protected]` ought to fix it (and of course reboot your system before shipping it out, just be sure everything is still working) – derobert Jun 22 '18 at 16:46
  • No luck with that unfortunately. No symlink in `/etc/systemd/system/multi-user.target.wants/` and `systemctl disable [email protected]` doesn't do anything. :( – AlpayY Jun 22 '18 at 16:49
  • @AlpayY odd... does `find /etc -name '[email protected]'` find it anywhere? Also, I guess check `/etc/default/openvpn` to see if its listed under autostart there (but I don't think that is used under systemd). And finally, does it persist through reboot? Want to make sure it wasn't just you accidentally did a `systemctl start` on it at some point. – derobert Jun 22 '18 at 17:02
  • The find command doesn't find it anywhere. Nothing under /etc/default/openvpn and it does persist through reboot unfortunately. – AlpayY Jun 22 '18 at 17:05
  • @AlpayY I'm stumped, then, where it's coming from. Just to confirm, you do not have an `/etc/openvpn/multi-user.conf`, correct? – derobert Jun 22 '18 at 17:07
  • Yes, I don't have one. `ls /etc/openvpn` returns `01.pem 02.pem 03.pem 04.pem ca.crt client dh2048.pem easy-rsa ipp.txt openvpn-status.log server server.conf server.crt server.key update-resolv-conf` – AlpayY Jun 22 '18 at 17:10