Question

error with start openVPN service

Posted April 13, 2017 85.3k views
VPNUbuntu 16.04

I trying to install openVPN on ubuntu from this tutorial How To Set Up an OpenVPN Server on Ubuntu 16.04

in Step 9: Start and Enable the OpenVPN Service

when I enter “`
sudo systemctl start openvpn@server

to start the service. the CLI shows me this error message

Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service” and “journalctl -xe” for details.

so. please how I can fix it?
1 comment
  • Hi

    I got this to work through changing the dh.pem , ca.crt, server.cr, server.key in server.conf to show the full path, eg

    ca /etc/openvpn/ca.crt
    cert /etc/openvpn/openvpnserver.crt
    key /etc/openvpn/server/openvpnserver.key # This file should be kept secret

    Diffie hellman parameters.

    Generate your own with:

    openssl dhparam -out dh2048.pem 2048

    dh /etc/openvpn/dh.pem

    I also make sure that these files were set to my account as the owner and chmod 400 (I’m new to Linux so apologies if this terminology isn’t correct).

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
9 answers

Hello I’ve run into the same error and the solution for me was to :

systemctl enable openvpn-server@server.service

instead of “openvpn@server.servcice

then start the service:

systemctl start openvpn-server@server.service

I assume your config file is server.conf and it’s under /ets/openvpn/server folder

hope it helps

@asil

Can you run systemctl status openvpn@server.service and post the output?

And have a look in /etc/openvpn/server.conf and add log /var/log/openvpn.log if the log option doesn’t exist.
Then try to start the service again, and do a tail -50 /var/log/openvpn.log

  • I followed the same tutorial and am having the same problem. This is all very new to me so I apologise in advance if I have made a basic error but I really don’t know what’s gone wrong.

    This is the output of journalctl -xe

    Apr 15 15:58:42 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20314 DF PROTO=TCP SPT=50006 DP
    Apr 15 15:58:45 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20315 DF PROTO=TCP SPT=50006 DP
    Apr 15 15:58:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=20317 DF PROTO=TCP SPT=50006 DP
    Apr 15 15:58:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 15:58:56 server sshd[2425]: Invalid user user from 212.83.187.106
    Apr 15 15:58:56 server sshd[2425]: input_userauth_request: invalid user user [preauth]
    Apr 15 15:58:56 server sshd[2425]: error: Received disconnect from 212.83.187.106 port 55486:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
    Apr 15 15:58:56 server sshd[2425]: Disconnected from 212.83.187.106 port 55486 [preauth]
    Apr 15 16:00:56 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:03:01 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:05:06 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:07:11 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:08:53 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20535 DF PROTO=TCP SPT=50014 DP
    Apr 15 16:08:56 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20537 DF PROTO=TCP SPT=50014 DP
    Apr 15 16:09:02 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=20539 DF PROTO=TCP SPT=50014 DP
    Apr 15 16:09:16 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:11:21 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:13:26 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:15:31 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:17:01 server CRON[2587]: pam_unix(cron:session): session opened for user root by (uid=0)
    Apr 15 16:17:01 server CRON[2588]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
    Apr 15 16:17:01 server CRON[2587]: pam_unix(cron:session): session closed for user root
    Apr 15 16:17:02 server sshd[2590]: Received disconnect from 221.194.47.211 port 53907:11:  [preauth]
    Apr 15 16:17:02 server sshd[2590]: Disconnected from 221.194.47.211 port 53907 [preauth]
    Apr 15 16:17:36 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:19:41 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:21:46 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:23:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:25:56 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:26:34 server sshd[2690]: Invalid user ubnt from 179.41.234.96
    Apr 15 16:26:34 server sshd[2690]: input_userauth_request: invalid user ubnt [preauth]
    Apr 15 16:26:36 server sshd[2690]: error: maximum authentication attempts exceeded for invalid user ubnt from 179.41.234.96 port 38763 ssh2 [preauth]
    Apr 15 16:26:36 server sshd[2690]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:26:38 server sshd[2692]: error: maximum authentication attempts exceeded for root from 179.41.234.96 port 38775 ssh2 [preauth]
    Apr 15 16:26:38 server sshd[2692]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:26:42 server sshd[2694]: error: maximum authentication attempts exceeded for root from 179.41.234.96 port 38794 ssh2 [preauth]
    Apr 15 16:26:42 server sshd[2694]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:26:52 server sshd[2696]: error: maximum authentication attempts exceeded for root from 179.41.234.96 port 38826 ssh2 [preauth]
    Apr 15 16:26:52 server sshd[2696]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:28:01 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:30:06 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:30:42 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9246 DF PROTO=TCP SPT=50954 DPT
    Apr 15 16:30:45 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9249 DF PROTO=TCP SPT=50954 DPT
    Apr 15 16:30:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9253 DF PROTO=TCP SPT=50954 DPT
    Apr 15 16:30:52 server smbd[2745]: pam_unix(samba:session): session closed for user nobody
    Apr 15 16:30:52 server smbd[2746]: pam_unix(samba:session): session closed for user nobody
    Apr 15 16:31:03 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9270 DF PROTO=TCP SPT=50955 DPT
    Apr 15 16:31:06 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9271 DF PROTO=TCP SPT=50955 DPT
    Apr 15 16:31:12 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9274 DF PROTO=TCP SPT=50955 DPT
    Apr 15 16:32:11 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:34:16 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:36:09 server sshd[2795]: fatal: Unable to negotiate with 212.129.15.245 port 1281: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
    Apr 15 16:36:21 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:37:44 server sshd[2798]: Did not receive identification string from 103.207.39.179
    Apr 15 16:37:46 server sshd[2799]: Invalid user user from 103.207.39.179
    Apr 15 16:37:46 server sshd[2799]: input_userauth_request: invalid user user [preauth]
    Apr 15 16:37:46 server sshd[2799]: error: Received disconnect from 103.207.39.179 port 51647:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
    Apr 15 16:37:46 server sshd[2799]: Disconnected from 103.207.39.179 port 51647 [preauth]
    Apr 15 16:38:26 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:40:31 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    
    

    and this is the output for systemctl status openvpn@server.service

     openvpn@server.service - OpenVPN connection to server
       Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
       Active: failed (Result: exit-code) since Sat 2017-04-15 16:46:13 BST; 28s ago
         Docs: man:openvpn(8)
               https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
               https://community.openvpn.net/openvpn/wiki/HOWTO
      Process: 2906 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exited
    
    Apr 15 16:46:12 server systemd[1]: Starting OpenVPN connection to server...
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
    Apr 15 16:46:13 server systemd[1]: Failed to start OpenVPN connection to server.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Unit entered failed state.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
    
    

    any help would be really appreciated.

    Thanks

  • My comment was removed due to spam..... I’m having the same problem

    This my output from systemctl status openvpn@server.service

    openvpn@server.service - OpenVPN connection to server
    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Sat 2017-04-15 16:46:13 BST; 28s ago
    Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 2906 ExecStart=/usr/sbin/openvpn –daemon ovpn-%i –status /run/openvpn/%i.status 10 –cd /etc/openvpn –script-security 2 –config /etc/openvpn/%i.conf –writepid /run/openvpn/%i.pid (code=exited

    Apr 15 16:46:12 server systemd[1]: Starting OpenVPN connection to server…
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
    Apr 15 16:46:13 server systemd[1]: Failed to start OpenVPN connection to server.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Unit entered failed state.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Failed with result ‘exit-code’.

First time since I can remember that I’ve setup a VPN and I’m still working on the final config.
I got the same error (sorry ubuntu users I used Centos however the answer should fit) Since the error is not being able to locate the ta.key it’s fairly obvious that the file is missing and that a config file would have some information about the file.

my steps:
Find the file that has info about ta.key
– find /etc/openvpn -type f -exec grep -l “ta.key” {} \;
File found:
– server.conf
Vi/vim the file
– vim /etc/openvpn/server.conf
search for ta.key in file using vim
– :/ta.key
Then found this:
For extra security beyond that provided

by SSL/TLS, create an “HMAC firewall”

to help block DoS attacks and UDP port flooding.

Generate with:

openvpn –genkey –secret ta.key

The server and each client must have

a copy of this key.

The second parameter should be ‘0’

on the server and '1’ on the clients.

tls-auth ta.key 0 # This file is secret

the openvpn -genkey command was executed as stated in the conf file.
re-executed systemctl command as stated in the DO guide with no errors.

Just comment out the LimitNPROC line in /lib/systemd/system/openvpn@.service. Reboor system after that. Enter again sudo systemctl start openvpn@server and the mistake have to disapear.

Create the ta.key file by running:
cd /etc/openvpn
openvpn –genkey –secret ta.key
systemctl start openvpn@server.service

i am having the same problem, i see there is a lot of people face same problem but not a single place where the solution is clearly specified.

Having similar problem hopefully this will get an answer soon.
Running CentOS 7 on an HP Pavilion g7 laptop that I would like to setup as a VPN server.
When I run the “systemctl start openvpn@server.service” I get the cryptic message:
Job for openvpn@server.service failed because the control process exited with error code. See “systemctl status openvpn@server.service” and “journalctl -xe” for details.

I have output from systemctl status command, the journalctl -xe command and the OpenVPN.log
The openvpn.log file output looks like it has the best information so I am only including that here. If you need the output from the other two I can post it.
output from the openvpn.log:

root@RayGo openvpn]# tail -50 /var/log/openvpn.log

Sat May 20 14:30:56 2017 WARNING: cannot stat file ‘ta.key’: No such file or directory (errno=2)

Options error: –tls-auth fails with 'ta.key’: No such file or directory

Options error: Please correct these errors.

Use –help for more information.

It is saying it can not find the file ta.key. where do i put this file and what goes in it?

Thank you in advance for your help.

  • Do a search in the directory and you will see that the file is named “ta-key” and not ta.key.
    I had this same problem and it was resolved after performing this name change.

Doh! I forgot to copy the ta.key file to the /etc/openvpn directory. I discovered this by running the suggested command:

sudo journalctl -xe

Found this beauty:
Options error: –tls-auth fails with ‘ta.key’: No such file or
Options error: Please correct these errors.

Hope it helps.

Hi guys,

Mine was resolved on Ubuntu 16.04 when I realised that the /etc/openvpn folder was missing the DH file. I opened the server.conf and took an openssl command from a comment there:

openssl dhparam -out dh2048.pem 2048

Once I run this I could run sucesfully

systemctl start openvpn@server

-J

Submit an Answer