Related
Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
Question
Question
Question
Openvpn service will not start service
I am able to run openvpn if I run openvpn server.config, but the service will not start. If i open journalctl -xe there is a message that says “ openvpn-server@server.service: Failed at step CHDIR spawning /usr/sbin/openvpn:”
[root@centos-server openvpn]# openvpn server.conf
Thu Jan 23 20:44:40 2020 OpenVPN 2.4.8 x8664-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2019
Thu Jan 23 20:44:40 2020 library versions: OpenSSL 1.1.1c FIPS 28 May 2019, LZO 2.08
Thu Jan 23 20:44:40 2020 Diffie-Hellman initialized with 2048 bit key
Thu Jan 23 20:44:40 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Thu Jan 23 20:44:40 2020 ECDH curve secp384r1 added
Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key
Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256’ for HMAC authentication
Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR’ initialized with 256 bit key
Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256’ for HMAC authentication
Thu Jan 23 20:44:40 2020 ROUTEGATEWAY 10.1.0.1/255.255.255.192 IFACE=eth0 HWADDR=00:15:5d:00:2d:18
Thu Jan 23 20:44:40 2020 TUN/TAP device tun0 opened
Thu Jan 23 20:44:40 2020 TUN/TAP TX queue length set to 100
Thu Jan 23 20:44:40 2020 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 23 20:44:40 2020 /sbin/ip addr add dev tun0 local 10.1.2.1 peer 10.1.2.2
Thu Jan 23 20:44:40 2020 /sbin/ip route add 10.1.2.0/24 via 10.1.2.2
Thu Jan 23 20:44:40 2020 Could not determine IPv4/IPv6 protocol. Using AFINET
Thu Jan 23 20:44:40 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Jan 23 20:44:40 2020 Listening for incoming TCP connection on [AF_INET][undef]:443
Thu Jan 23 20:44:40 2020 TCPv4SERVER link local (bound): [AFINET][undef]:443
Thu Jan 23 20:44:40 2020 TCPv4SERVER link remote: [AF_UNSPEC]
Thu Jan 23 20:44:40 2020 GID set to nobody
port 443 #- port
proto tcp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/centos-server.crt
key /etc/openvpn/easy-rsa/pki/private/centos-server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
auth-nocache
auth sha512
cipher AES-256-CBC
tls-server
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
server 10.1.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
keepalive 5 30
comp-lzo
user nobody
group nobody
duplicate-cn
persist-key
persist-tun
status /var/log/openvpn/status.log
log /var/log/openvpn/server.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
Related
Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
Question
Question
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×