Job for openvpn@server.service failed because the control process exited with error code

April 30, 2017 528 views
VPN CentOS

Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: Starting OpenVPN Robust And Highly Flexible T......
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Sun Apr 30 07:02:09 2017 WARNING: cannot s...2)
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Options error: --tls-auth fails with 'ta.k...ry
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Options error: Please correct these errors.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Use --help for more information.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service: main process exited, ...URE
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: Failed to start OpenVPN Robust And Highly Fle...er.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: Unit openvpn@server.service entered failed state.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

5 Answers
hansen April 30, 2017
Accepted Answer

@christiangelosulit Can you run the command again with -l as parameter to show full lines (like it says in the bottom).

  • openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Applicat ion On server
    Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor pre set: disabled)
    Active: failed (Result: exit-code) since Sun 2017-04-30 08:12:09 UTC; 8h ago
    Process: 10641 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
    Main PID: 10641 (code=exited, status=1/FAILURE)

    Apr 30 08:12:08 centos-512mb-sgp2.db-01 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server...
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service: main process exited, code=exited, status=1/FAILURE
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: Failed to start OpenVPN Robu st And Highly Flexible Tunneling Application On server.
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: Unit openvpn@server.service entered failed state.
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service faile d.

  • Thank you for your time :)

    • Hi @christiangelosulit Did you solve the problem? Unsure, since you accepted the answer, but still posted a log of failure.

      • sorry i am new to digitalocean i have no idea what is "mark as accepted" no the problem still occurs

      • Apr 30 16:58:30 centos-512mb-sgp2.db-01 sshd[2260]: Failed password for root from 116.31.116.36 port 44493 ssh2
        Apr 30 16:58:30 centos-512mb-sgp2.db-01 sshd[2260]: Received disconnect from 116.31.116.36: 11: [preauth]
        Apr 30 16:58:30 centos-512mb-sgp2.db-01 sshd[2260]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
        Apr 30 16:59:08 centos-512mb-sgp2.db-01 sshd[2262]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss
        Apr 30 16:59:08 centos-512mb-sgp2.db-01 sshd[2262]: pam
        succeedif(sshd:auth): requirement "uid >= 1000" not met by user "roo
        Apr 30 16:59:10 centos-512mb-sgp2.db-01 sshd[2262]: Failed password for root from 59.45.175.35 port 38347 ssh2
        Apr 30 16:59:10 centos-512mb-sgp2.db-01 sshd[2262]: pam
        succeedif(sshd:auth): requirement "uid >= 1000" not met by user "roo
        Apr 30 16:59:12 centos-512mb-sgp2.db-01 sshd[2262]: Failed password for root from 59.45.175.35 port 38347 ssh2
        Apr 30 16:59:12 centos-512mb-sgp2.db-01 sshd[2262]: pam
        succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "roo
        Apr 30 16:59:15 centos-512mb-sgp2.db-01 sshd[2262]: Failed password for root from 59.45.175.35 port 38347 ssh2
        Apr 30 16:59:17 centos-512mb-sgp2.db-01 sshd[2262]: Received disconnect from 59.45.175.35: 11: [preauth]
        Apr 30 16:59:17 centos-512mb-sgp2.db-01 sshd[2262]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
        Apr 30 16:59:24 centos-512mb-sgp2.db-01 sshd[2264]: Received disconnect from 59.45.175.88: 11: [preauth]
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 polkitd[454]: Registered Authentication Agent for unix-process:2266:59184 (system bus
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On serv
        -- Subject: Unit openvpn@server.conf.service has begun start-up
        -- Defined-By: systemd

        -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

        -- Unit openvpn@server.conf.service has begun starting up.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 openvpn[2272]: Options error: In [CMD-LINE]:1: Error opening configuration file: serv
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 openvpn[2272]: Use --help for more information.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.conf.service: main process exited, code=exited, status=1/F
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application
        -- Subject: Unit openvpn@server.conf.service has failed
        -- Defined-By: systemd

        -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Unit openvpn@server.conf.service has failed.

        -- The result is failed.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: Unit openvpn@server.conf.service entered failed state.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.conf.service failed.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 polkitd[454]: Unregistered Authentication Agent for unix-process:2266:59184 (system b
        Apr 30 16:59:41 centos-512mb-sgp2.db-01 sshd[2277]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss
        Apr 30 16:59:41 centos-512mb-sgp2.db-01 sshd[2277]: pam
        succeedif(sshd:auth): requirement "uid >= 1000" not met by user "roo
        Apr 30 16:59:43 centos-512mb-sgp2.db-01 sshd[2277]: Failed password for root from 116.31.116.36 port 48057 ssh2
        Apr 30 16:59:44 centos-512mb-sgp2.db-01 sshd[2277]: pam
        succeedif(sshd:auth): requirement "uid >= 1000" not met by user "roo
        Apr 30 16:59:46 centos-512mb-sgp2.db-01 sshd[2277]: Failed password for root from 116.31.116.36 port 48057 ssh2
        Apr 30 16:59:46 centos-512mb-sgp2.db-01 sshd[2277]: pam
        succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "roo
        Apr 30 16:59:48 centos-512mb-sgp2.db-01 sshd[2277]: Failed password for root from 116.31.116.36 port 48057 ssh2
        Apr 30 16:59:48 centos-512mb-sgp2.db-01 sshd[2277]: Received disconnect from 116.31.116.36: 11: [preauth]
        Apr 30 16:59:48 centos-512mb-sgp2.db-01 sshd[2277]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
        l

@christiangelosulit
Okay, we need to see more logging because it seems like it just gives a short status.
Make sure your OpenVPN configuration file has the log-append parameter.

log-append /var/log/openvpn.log

Then try to start OpenVPN again and now we should have more logging available in /var/log/openvpn.log

  • -bash: log-append: command not found
    it is not working

    • You need to add that to your openvpn configuration. It's not a command you can run.

      The long log you just posted above says the following error, which is your root cause of the failure:

      • Apr 30 16:59:37 centos-512mb-sgp2.db-01 openvpn[2272]: Options error: In [CMD-LINE]:1: Error opening configuration file: serv*
      • ohh sorry sorry

        i have that in my conf file

        enable log

        log-append /var/log/myvpn/openvpn.log

        • @christiangelosulit
          Okay, then go and have a look in /var/log/myvpn/openvpn.log and see if you can find the cause of the error. Otherwise post the last 30-50 lines here.

          • errors are all identical

            Sun Apr 30 16:54:07 2017 WARNING: cannot stat file 'ta.key': No such file or directory (errno=2)
            Options error: --tls-auth fails with 'ta.key': No such file or directory
            Options error: Please correct these errors.
            Use --help for more information.

  • [root@centos-512mb-sgp2 ~]# log-append /var/log/myvpn/openvpn.log
    -bash: log-append: command not found
    [root@centos-512mb-sgp2 ~]# cd /var/log/myvpn
    [root@centos-512mb-sgp2 myvpn]# ls
    openvpn.log
    [root@centos-512mb-sgp2 myvpn]# log-append openvpn.log
    -bash: log-append: command not found
    [root@centos-512mb-sgp2 myvpn]#

@christiangelosulit
Okay, if it says Sun Apr 30 16:54:07 2017 WARNING: cannot stat file 'ta.key': No such file or directory (errno=2) then it's because the file does not exist.
You need to point to the correct file containing the key.

  • i cant find that key sorry i am new to vpn can you teach me how to make or find that file?

    • I don't know what file it is supposed to be.

      You should either use the one-click-app to install an OpenVPN instance or read through the tutorial:
      https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7

      Here we'll install and configure OpenVPN on a CentOS 7 server. We'll also discuss how to connect a client to the server on Windows, OS X, and Linux. OpenVPN is an open-source VPN application that lets you create and join a private network securely over the public Internet.
      • that tutorial is what i read and work with my server

        • Okay, but at some point you didn't follow the tutorial exactly. My guess would be that your ta.key is the one called server.key in the tutorial.

          • Sun Apr 30 17:44:50 2017 OpenVPN 2.4.1 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PK$
            Sun Apr 30 17:44:50 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
            Sun Apr 30 17:44:50 2017 Diffie-Hellman initialized with 2048 bit key
            Sun Apr 30 17:44:50 2017 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
            Sun Apr 30 17:44:50 2017 ECDH curve secp384r1 added
            Sun Apr 30 17:44:50 2017 Insufficient key material or header text not found in file 'server.key' (0/128/256 bytes found/min/$
            Sun Apr 30 17:44:50 2017 Exiting due to fatal error
            Sun Apr 30 17:45:41 2017 OpenVPN 2.4.1 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PK$
            Sun Apr 30 17:45:41 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
            Sun Apr 30 17:45:41 2017 Diffie-Hellman initialized with 2048 bit key
            Sun Apr 30 17:45:41 2017 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
            Sun Apr 30 17:45:41 2017 ECDH curve secp384r1 added
            Sun Apr 30 17:45:41 2017 Insufficient key material or header text not found in file 'server.key' (0/128/256 bytes found/min/$
            Sun Apr 30 17:45:41 2017 Exiting due to fatal error

      • i follow all of the instruction there but i always get the same error message when i try to start openvpn@server.service

@christiangelosulit You need to follow the tutorial from the beginning again or use the one-click-app where everything is already configured.

  • where is the one-click-app?

    • It seems like DigitalOcean has removed the OpenVPN one-click-app, which you can select when creating a new droplet.

      I would recommend that you follow the tutorial from the beginning and only change the things that are needed. Leave everything else like the tutorial writes it, then you won't have any problems.

      • problem solve thank you so much!

        • Can you Describe here how your problem was solved? As i am also follow that tut and face same problem, tried everything as described and commented,googled and nothing is worked. It will be helpful to othere if you described the error and how fixed it

#openvpn --genkey --secret ta.key

and make this file like this
/etc/openvpn/ta.key

Have another answer? Share your knowledge.