Question

Job for openvpn@server.service failed because the control process exited with error code

Posted April 30, 2017 29.3k views
CentOSVPN

Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: Starting OpenVPN Robust And Highly Flexible T……
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Sun Apr 30 07:02:09 2017 WARNING: cannot s…2)
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Options error: –tls-auth fails with ‘ta.k…ry
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Options error: Please correct these errors.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 openvpn[10300]: Use –help for more information.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service: main process exited, …URE
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: Failed to start OpenVPN Robust And Highly Fle…er.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: Unit openvpn@server.service entered failed state.
Apr 30 07:02:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Add a comment
christiangelosulit
By:
christiangelosulit
Add a comment
1 comment
  • ddommar June 29, 2018
    Reply Report

    I have the same issue “Job for openvpn@server.service failed because the control process exited with error code” and I haven’t been able to solve it. I’ve re-installed the openvpn and easy-rsa many times without success. Please some of you may help me??

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
7 answers
hansen April 30, 2017

@christiangelosulit Can you run the command again with -l as parameter to show full lines (like it says in the bottom).

Reply Report
  • christiangelosulit April 30, 2017

    openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Applicat ion On server
    Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor pre set: disabled)
    Active: failed (Result: exit-code) since Sun 2017-04-30 08:12:09 UTC; 8h ago
    Process: 10641 ExecStart=/usr/sbin/openvpn –cd /etc/openvpn/ –config %i.conf (code=exited, status=1/FAILURE)
    Main PID: 10641 (code=exited, status=1/FAILURE)

    Apr 30 08:12:08 centos-512mb-sgp2.db-01 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server…
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service: main process exited, code=exited, status=1/FAILURE
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: Failed to start OpenVPN Robu st And Highly Flexible Tunneling Application On server.
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: Unit openvpn@server.service entered failed state.
    Apr 30 08:12:09 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.service faile d.

    Reply Report
  • christiangelosulit April 30, 2017

    Thank you for your time :)

    Reply Report
    • hansen April 30, 2017

      Hi @christiangelosulit Did you solve the problem? Unsure, since you accepted the answer, but still posted a log of failure.

      Reply Report
      • christiangelosulit April 30, 2017

        sorry i am new to digitalocean i have no idea what is “mark as accepted” no the problem still occurs

        Reply Report
      • christiangelosulit April 30, 2017

        Apr 30 16:58:30 centos-512mb-sgp2.db-01 sshd[2260]: Failed password for root from 116.31.116.36 port 44493 ssh2
        Apr 30 16:58:30 centos-512mb-sgp2.db-01 sshd[2260]: Received disconnect from 116.31.116.36: 11: [preauth]
        Apr 30 16:58:30 centos-512mb-sgp2.db-01 sshd[2260]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
        Apr 30 16:59:08 centos-512mb-sgp2.db-01 sshd[2262]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss
        Apr 30 16:59:08 centos-512mb-sgp2.db-01 sshd[2262]: pam        succeedif(sshd:auth): requirement “uid >= 1000” not met by user “roo
        Apr 30 16:59:10 centos-512mb-sgp2.db-01 sshd[2262]: Failed password for root from 59.45.175.35 port 38347 ssh2
        Apr 30 16:59:10 centos-512mb-sgp2.db-01 sshd[2262]: pam        succeedif(sshd:auth): requirement "uid >= 1000” not met by user “roo
        Apr 30 16:59:12 centos-512mb-sgp2.db-01 sshd[2262]: Failed password for root from 59.45.175.35 port 38347 ssh2
        Apr 30 16:59:12 centos-512mb-sgp2.db-01 sshd[2262]: pam        succeed_if(sshd:auth): requirement "uid >= 1000” not met by user “roo
        Apr 30 16:59:15 centos-512mb-sgp2.db-01 sshd[2262]: Failed password for root from 59.45.175.35 port 38347 ssh2
        Apr 30 16:59:17 centos-512mb-sgp2.db-01 sshd[2262]: Received disconnect from 59.45.175.35: 11: [preauth]
        Apr 30 16:59:17 centos-512mb-sgp2.db-01 sshd[2262]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
        Apr 30 16:59:24 centos-512mb-sgp2.db-01 sshd[2264]: Received disconnect from 59.45.175.88: 11: [preauth]
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 polkitd[454]: Registered Authentication Agent for unix-process:2266:59184 (system bus
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On serv
        – Subject: Unit openvpn@server.conf.service has begun start-up
        – Defined-By: systemd

        – Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

        – Unit openvpn@server.conf.service has begun starting up.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 openvpn[2272]: Options error: In [CMD-LINE]:1: Error opening configuration file: serv
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 openvpn[2272]: Use –help for more information.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.conf.service: main process exited, code=exited, status=1/F
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application
        – Subject: Unit openvpn@server.conf.service has failed
        – Defined-By: systemd

        – Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

        – Unit openvpn@server.conf.service has failed.

        – The result is failed.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: Unit openvpn@server.conf.service entered failed state.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 systemd[1]: openvpn@server.conf.service failed.
        Apr 30 16:59:37 centos-512mb-sgp2.db-01 polkitd[454]: Unregistered Authentication Agent for unix-process:2266:59184 (system b
        Apr 30 16:59:41 centos-512mb-sgp2.db-01 sshd[2277]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss
        Apr 30 16:59:41 centos-512mb-sgp2.db-01 sshd[2277]: pam        succeedif(sshd:auth): requirement "uid >= 1000” not met by user “roo
        Apr 30 16:59:43 centos-512mb-sgp2.db-01 sshd[2277]: Failed password for root from 116.31.116.36 port 48057 ssh2
        Apr 30 16:59:44 centos-512mb-sgp2.db-01 sshd[2277]: pam        succeedif(sshd:auth): requirement "uid >= 1000” not met by user “roo
        Apr 30 16:59:46 centos-512mb-sgp2.db-01 sshd[2277]: Failed password for root from 116.31.116.36 port 48057 ssh2
        Apr 30 16:59:46 centos-512mb-sgp2.db-01 sshd[2277]: pam        succeed_if(sshd:auth): requirement "uid >= 1000” not met by user “roo
        Apr 30 16:59:48 centos-512mb-sgp2.db-01 sshd[2277]: Failed password for root from 116.31.116.36 port 48057 ssh2
        Apr 30 16:59:48 centos-512mb-sgp2.db-01 sshd[2277]: Received disconnect from 116.31.116.36: 11: [preauth]
        Apr 30 16:59:48 centos-512mb-sgp2.db-01 sshd[2277]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
        l

        Reply Report
jeffreystarin July 16, 2017

This is a very faulty tutorial - there is absolutely NO REFERENCE to generating or inserting a ta.key in the tutorial. I don’t know how digital ocean vets the crowd-sourced tutorials but there are many of them that are not accurate.

Trying to make heads or tails of shadynagi’s advice also doesn’t work.

I generated a secret ta.key in the /etc/openvpn directory and still errors. Are there supposed to be references in the server.conf to BOTH a server.key and ta.key or just or the other.

C'mon digital ocean, step in and clear this up please.

Thank you.

Reply Report
hansen April 30, 2017

@christiangelosulit
Okay, we need to see more logging because it seems like it just gives a short status.
Make sure your OpenVPN configuration file has the log-append parameter.

log-append /var/log/openvpn.log

Then try to start OpenVPN again and now we should have more logging available in /var/log/openvpn.log

Reply Report
  • christiangelosulit April 30, 2017

    -bash: log-append: command not found
    it is not working

    Reply Report
    • hansen April 30, 2017

      You need to add that to your openvpn configuration. It’s not a command you can run.

      The long log you just posted above says the following error, which is your root cause of the failure:

      • Apr 30 16:59:37 centos-512mb-sgp2.db-01 openvpn[2272]: Options error: In [CMD-LINE]:1: Error opening configuration file: serv*
      Reply Report
  • christiangelosulit April 30, 2017

    [root@centos-512mb-sgp2 ~]# log-append /var/log/myvpn/openvpn.log
    -bash: log-append: command not found
    [root@centos-512mb-sgp2 ~]# cd /var/log/myvpn
    [root@centos-512mb-sgp2 myvpn]# ls
    openvpn.log
    [root@centos-512mb-sgp2 myvpn]# log-append openvpn.log
    -bash: log-append: command not found
    [root@centos-512mb-sgp2 myvpn]#

    Reply Report
hansen April 30, 2017

@christiangelosulit
Okay, if it says Sun Apr 30 16:54:07 2017 WARNING: cannot stat file 'ta.key': No such file or directory (errno=2) then it’s because the file does not exist.
You need to point to the correct file containing the key.

Reply Report
  • christiangelosulit April 30, 2017

    i cant find that key sorry i am new to vpn can you teach me how to make or find that file?

    Reply Report
    • hansen April 30, 2017

      I don’t know what file it is supposed to be.

      You should either use the one-click-app to install an OpenVPN instance or read through the tutorial:
      https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7

      Reply Report
      • christiangelosulit April 30, 2017

        that tutorial is what i read and work with my server

        Reply Report
        • hansen April 30, 2017

          Okay, but at some point you didn’t follow the tutorial exactly. My guess would be that your ta.key is the one called server.key in the tutorial.

          Reply Report
          • christiangelosulit April 30, 2017

            Sun Apr 30 17:44:50 2017 OpenVPN 2.4.1 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PK$
            Sun Apr 30 17:44:50 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
            Sun Apr 30 17:44:50 2017 Diffie-Hellman initialized with 2048 bit key
            Sun Apr 30 17:44:50 2017 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
            Sun Apr 30 17:44:50 2017 ECDH curve secp384r1 added
            Sun Apr 30 17:44:50 2017 Insufficient key material or header text not found in file ‘server.key’ (0/128/256 bytes found/min/$
            Sun Apr 30 17:44:50 2017 Exiting due to fatal error
            Sun Apr 30 17:45:41 2017 OpenVPN 2.4.1 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PK$
            Sun Apr 30 17:45:41 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
            Sun Apr 30 17:45:41 2017 Diffie-Hellman initialized with 2048 bit key
            Sun Apr 30 17:45:41 2017 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
            Sun Apr 30 17:45:41 2017 ECDH curve secp384r1 added
            Sun Apr 30 17:45:41 2017 Insufficient key material or header text not found in file 'server.key’ (0/128/256 bytes found/min/$
            Sun Apr 30 17:45:41 2017 Exiting due to fatal error

            Reply Report
      • christiangelosulit April 30, 2017

        i follow all of the instruction there but i always get the same error message when i try to start openvpn@server.service

        Reply Report
        • arcanevibe July 19, 2018

          So admittedly this was a little over a year ago, but for anyone else stuck here I thought I’d add my scenario.

          I have some 5 different clients I am setting up. I had generated a .key/.crt for each of them, and had mistakenly put the client one for my pc in the server.conf file where, I was supposed to have put the one for the D.O. server on which the openVpn service was actually running.

          After replacing my client cert name with my custom server cert name, the service lifted right off the ground without further issue.

          Reply Report
hansen April 30, 2017

@christiangelosulit You need to follow the tutorial from the beginning again or use the one-click-app where everything is already configured.

Reply Report
  • christiangelosulit April 30, 2017

    where is the one-click-app?

    Reply Report
    • hansen April 30, 2017

      It seems like DigitalOcean has removed the OpenVPN one-click-app, which you can select when creating a new droplet.

      I would recommend that you follow the tutorial from the beginning and only change the things that are needed. Leave everything else like the tutorial writes it, then you won’t have any problems.

      Reply Report
shadynagi May 18, 2017 
#openvpn --genkey --secret ta.key

and make this file like this
/etc/openvpn/ta.key

Reply Report
angeldsphinx July 22, 2017
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help