asil
By:
asil

error with start openVPN service

April 13, 2017 2.9k views
VPN Ubuntu 16.04

I trying to install openVPN on ubuntu from this tutorial How To Set Up an OpenVPN Server on Ubuntu 16.04

in Step 9: Start and Enable the OpenVPN Service

when I enter ```
sudo systemctl start openvpn@server

to start the service. the CLI shows me this error message

Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" for details.

so. please how I can fix it?
6 Answers

@asil

Can you run systemctl status openvpn@server.service and post the output?

And have a look in /etc/openvpn/server.conf and add log /var/log/openvpn.log if the log option doesn't exist.
Then try to start the service again, and do a tail -50 /var/log/openvpn.log

  • I followed the same tutorial and am having the same problem. This is all very new to me so I apologise in advance if I have made a basic error but I really don't know what's gone wrong.

    This is the output of journalctl -xe

    Apr 15 15:58:42 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20314 DF PROTO=TCP SPT=50006 DP
    Apr 15 15:58:45 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20315 DF PROTO=TCP SPT=50006 DP
    Apr 15 15:58:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=20317 DF PROTO=TCP SPT=50006 DP
    Apr 15 15:58:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 15:58:56 server sshd[2425]: Invalid user user from 212.83.187.106
    Apr 15 15:58:56 server sshd[2425]: input_userauth_request: invalid user user [preauth]
    Apr 15 15:58:56 server sshd[2425]: error: Received disconnect from 212.83.187.106 port 55486:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
    Apr 15 15:58:56 server sshd[2425]: Disconnected from 212.83.187.106 port 55486 [preauth]
    Apr 15 16:00:56 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:03:01 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:05:06 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:07:11 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:08:53 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20535 DF PROTO=TCP SPT=50014 DP
    Apr 15 16:08:56 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=20537 DF PROTO=TCP SPT=50014 DP
    Apr 15 16:09:02 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=20539 DF PROTO=TCP SPT=50014 DP
    Apr 15 16:09:16 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:11:21 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:13:26 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:15:31 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:17:01 server CRON[2587]: pam_unix(cron:session): session opened for user root by (uid=0)
    Apr 15 16:17:01 server CRON[2588]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
    Apr 15 16:17:01 server CRON[2587]: pam_unix(cron:session): session closed for user root
    Apr 15 16:17:02 server sshd[2590]: Received disconnect from 221.194.47.211 port 53907:11:  [preauth]
    Apr 15 16:17:02 server sshd[2590]: Disconnected from 221.194.47.211 port 53907 [preauth]
    Apr 15 16:17:36 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:19:41 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:21:46 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:23:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:25:56 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:26:34 server sshd[2690]: Invalid user ubnt from 179.41.234.96
    Apr 15 16:26:34 server sshd[2690]: input_userauth_request: invalid user ubnt [preauth]
    Apr 15 16:26:36 server sshd[2690]: error: maximum authentication attempts exceeded for invalid user ubnt from 179.41.234.96 port 38763 ssh2 [preauth]
    Apr 15 16:26:36 server sshd[2690]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:26:38 server sshd[2692]: error: maximum authentication attempts exceeded for root from 179.41.234.96 port 38775 ssh2 [preauth]
    Apr 15 16:26:38 server sshd[2692]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:26:42 server sshd[2694]: error: maximum authentication attempts exceeded for root from 179.41.234.96 port 38794 ssh2 [preauth]
    Apr 15 16:26:42 server sshd[2694]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:26:52 server sshd[2696]: error: maximum authentication attempts exceeded for root from 179.41.234.96 port 38826 ssh2 [preauth]
    Apr 15 16:26:52 server sshd[2696]: Disconnecting: Too many authentication failures [preauth]
    Apr 15 16:28:01 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:30:06 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:30:42 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9246 DF PROTO=TCP SPT=50954 DPT
    Apr 15 16:30:45 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9249 DF PROTO=TCP SPT=50954 DPT
    Apr 15 16:30:51 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9253 DF PROTO=TCP SPT=50954 DPT
    Apr 15 16:30:52 server smbd[2745]: pam_unix(samba:session): session closed for user nobody
    Apr 15 16:30:52 server smbd[2746]: pam_unix(samba:session): session closed for user nobody
    Apr 15 16:31:03 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9270 DF PROTO=TCP SPT=50955 DPT
    Apr 15 16:31:06 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9271 DF PROTO=TCP SPT=50955 DPT
    Apr 15 16:31:12 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=00:21:70:3f:06:d1:00:26:5e:36:5a:7b:08:00 SRC=192.168.1.180 DST=192.168.1.54 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9274 DF PROTO=TCP SPT=50955 DPT
    Apr 15 16:32:11 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:34:16 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:36:09 server sshd[2795]: fatal: Unable to negotiate with 212.129.15.245 port 1281: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
    Apr 15 16:36:21 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:37:44 server sshd[2798]: Did not receive identification string from 103.207.39.179
    Apr 15 16:37:46 server sshd[2799]: Invalid user user from 103.207.39.179
    Apr 15 16:37:46 server sshd[2799]: input_userauth_request: invalid user user [preauth]
    Apr 15 16:37:46 server sshd[2799]: error: Received disconnect from 103.207.39.179 port 51647:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
    Apr 15 16:37:46 server sshd[2799]: Disconnected from 103.207.39.179 port 51647 [preauth]
    Apr 15 16:38:26 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    Apr 15 16:40:31 server kernel: [UFW BLOCK] IN=enp4s0 OUT= MAC=01:00:5e:00:00:01:ac:84:c9:a2:3f:8f:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
    
    

    and this is the output for systemctl status openvpn@server.service

     openvpn@server.service - OpenVPN connection to server
       Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
       Active: failed (Result: exit-code) since Sat 2017-04-15 16:46:13 BST; 28s ago
         Docs: man:openvpn(8)
               https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
               https://community.openvpn.net/openvpn/wiki/HOWTO
      Process: 2906 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exited
    
    Apr 15 16:46:12 server systemd[1]: Starting OpenVPN connection to server...
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
    Apr 15 16:46:13 server systemd[1]: Failed to start OpenVPN connection to server.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Unit entered failed state.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
    
    

    any help would be really appreciated.

    Thanks

  • My comment was removed due to spam..... I'm having the same problem

    This my output from systemctl status openvpn@server.service

    openvpn@server.service - OpenVPN connection to server
    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Sat 2017-04-15 16:46:13 BST; 28s ago
    Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 2906 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exited

    Apr 15 16:46:12 server systemd[1]: Starting OpenVPN connection to server...
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
    Apr 15 16:46:13 server systemd[1]: Failed to start OpenVPN connection to server.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Unit entered failed state.
    Apr 15 16:46:13 server systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

i am having the same problem, i see there is a lot of people face same problem but not a single place where the solution is clearly specified.

Having similar problem hopefully this will get an answer soon.
Running CentOS 7 on an HP Pavilion g7 laptop that I would like to setup as a VPN server.
When I run the "systemctl start openvpn@server.service" I get the cryptic message:
Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" for details.

I have output from systemctl status command, the journalctl -xe command and the OpenVPN.log
The openvpn.log file output looks like it has the best information so I am only including that here. If you need the output from the other two I can post it.
output from the openvpn.log:

root@RayGo openvpn]# tail -50 /var/log/openvpn.log

Sat May 20 14:30:56 2017 WARNING: cannot stat file 'ta.key': No such file or directory (errno=2)

Options error: --tls-auth fails with 'ta.key': No such file or directory

Options error: Please correct these errors.

Use --help for more information.

It is saying it can not find the file ta.key. where do i put this file and what goes in it?

Thank you in advance for your help.

  • Do a search in the directory and you will see that the file is named "ta-key" and not ta.key.
    I had this same problem and it was resolved after performing this name change.

First time since I can remember that I've setup a VPN and I'm still working on the final config.
I got the same error (sorry ubuntu users I used Centos however the answer should fit) Since the error is not being able to locate the ta.key it's fairly obvious that the file is missing and that a config file would have some information about the file.

my steps:
Find the file that has info about ta.key
-- find /etc/openvpn -type f -exec grep -l "ta.key" {} \;
File found:
-- server.conf
Vi/vim the file
-- vim /etc/openvpn/server.conf
search for ta.key in file using vim
-- :/ta.key
Then found this:
For extra security beyond that provided

by SSL/TLS, create an "HMAC firewall" to help block DoS attacks and UDP port flooding. Generate with: openvpn --genkey --secret ta.key The server and each client must have a copy of this key. The second parameter should be '0' on the server and '1' on the clients.

tls-auth ta.key 0 # This file is secret

the openvpn -genkey command was executed as stated in the conf file.
re-executed systemctl command as stated in the DO guide with no errors.

Just comment out the LimitNPROC line in /lib/systemd/system/openvpn@.service. Reboor system after that. Enter again sudo systemctl start openvpn@server and the mistake have to disapear.

Create the ta.key file by running:
cd /etc/openvpn
openvpn --genkey --secret ta.key
systemctl start openvpn@server.service

Have another answer? Share your knowledge.