If I reboot my F24 system, openvpn server fails to properly start but a subsequent manual systemctl start openvpn@server does succeed.
The reboot log shows:
Mar 5 11:52:51 mustang audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=openvpn@server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 5 11:52:51 mustang systemd: Started OpenVPN Robust And Highly Flexible Tunneling Application On server. Mar 5 11:52:51 mustang audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=openvpn@server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 5 11:52:53 mustang systemd: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE Mar 5 11:52:53 mustang systemd: openvpn@server.service: Unit entered failed state. Mar 5 11:52:53 mustang audit: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=openvpn@server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Mar 5 11:52:53 mustang systemd: openvpn@server.service: Failed with result 'exit-code'.
It looks as if the automatic start may be happening too early in the boot process.
On 05/03/17 12:28, Stephen Davies wrote:
If I reboot my F24 system, openvpn server fails to properly start but a subsequent manual systemctl start openvpn@server does succeed.
The reboot log shows:
Mar 5 11:52:51 mustang audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=openvpn@server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 5 11:52:51 mustang systemd: Started OpenVPN Robust And Highly Flexible Tunneling Application On server. Mar 5 11:52:51 mustang audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=openvpn@server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 5 11:52:53 mustang systemd: openvpn@server.service: Main process exited, code=exited, status=1/FAILURE Mar 5 11:52:53 mustang systemd: openvpn@server.service: Unit entered failed state. Mar 5 11:52:53 mustang audit: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=openvpn@server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Mar 5 11:52:53 mustang systemd: openvpn@server.service: Failed with result 'exit-code'.
It looks as if the automatic start may be happening too early in the boot process.
Same issue with F25.
The OpenVPN log says:
TCP/UDP: Socket bind failed on local address [AF_INET]203.2.199.1:1194: Cannot assign requested address. (203.2.199.1 is the static IP of my server.)
Based on other posts on this issue, I commented the "local 203.2.199.1" entry in server.conf and the problem seems to have been resolved.
Could somebody please explain to me what is happening here. Why does a subsequent manual systemctl start openvpn@server work? Why does removing the local entry help? Is there a better way out?
Cheers and thanks, Stephen
On 09/23/2017 10:22 PM, Stephen Davies wrote:
On 05/03/17 12:28, Stephen Davies wrote:
It looks as if the automatic start may be happening too early in the boot process.
I think this is your answer.
Same issue with F25.
The OpenVPN log says:
TCP/UDP: Socket bind failed on local address [AF_INET]203.2.199.1:1194: Cannot assign requested address. (203.2.199.1 is the static IP of my server.)
Based on other posts on this issue, I commented the "local 203.2.199.1" entry in server.conf and the problem seems to have been resolved.
Could somebody please explain to me what is happening here. Why does a subsequent manual systemctl start openvpn@server work? Why does removing the local entry help? Is there a better way out?
If openvpn starts before the network is connected, then it won't be able to bind to the specific IP address. When you comment it out, you will probably find that it has bound to the "all interfaces" address instead. You need to either leave it as it is on all interfaces or make a change so that it won't start until the network-online unit is done. There are various ways to do this, just make sure you don't modify the original service file in /usr/lib/systemd/system. I have recently heard that you can use a .d directory to make small adjustments to the service. That would be the simplest and safest if it works.
On 24/09/17 15:10, Samuel Sieb wrote:
On 09/23/2017 10:22 PM, Stephen Davies wrote:
On 05/03/17 12:28, Stephen Davies wrote:
It looks as if the automatic start may be happening too early in the boot process.
I think this is your answer.
Same issue with F25.
The OpenVPN log says:
TCP/UDP: Socket bind failed on local address [AF_INET]203.2.199.1:1194: Cannot assign requested address. (203.2.199.1 is the static IP of my server.)
Based on other posts on this issue, I commented the "local 203.2.199.1" entry in server.conf and the problem seems to have been resolved.
Could somebody please explain to me what is happening here. Why does a subsequent manual systemctl start openvpn@server work? Why does removing the local entry help? Is there a better way out?
If openvpn starts before the network is connected, then it won't be able to bind to the specific IP address. When you comment it out, you will probably find that it has bound to the "all interfaces" address instead. You need to either leave it as it is on all interfaces or make a change so that it won't start until the network-online unit is done. There are various ways to do this, just make sure you don't modify the original service file in /usr/lib/systemd/system. I have recently heard that you can use a .d directory to make small adjustments to the service. That would be the simplest and safest if it works.
Absolutely correct!
I created an alternative unit in /etc/systemd/system with "After network-online.target" and uncommented the "local 203.2.199.1" configuration entry and all now works as expected.
Cheers and thanks, Stephen
-
Samuel Sieb -
Stephen Davies