Question

Openvpn service will not start service

Posted January 24, 2020 118 views
CentOS Configuration Management VPN

I am able to run openvpn if I run openvpn server.config, but the service will not start. If i open journalctl -xe there is a message that says “ openvpn-server@server.service: Failed at step CHDIR spawning /usr/sbin/openvpn:”

[root@centos-server openvpn]# openvpn server.conf
Thu Jan 23 20:44:40 2020 OpenVPN 2.4.8 x8664-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2019
Thu Jan 23 20:44:40 2020 library versions: OpenSSL 1.1.1c FIPS 28 May 2019, LZO 2.08
Thu Jan 23 20:44:40 2020 Diffie-Hellman initialized with 2048 bit key
Thu Jan 23 20:44:40 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Thu Jan 23 20:44:40 2020 ECDH curve secp384r1 added
Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key
Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256’ for HMAC authentication
Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR’ initialized with 256 bit key
Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256’ for HMAC authentication
Thu Jan 23 20:44:40 2020 ROUTE
GATEWAY 10.1.0.1/255.255.255.192 IFACE=eth0 HWADDR=00:15:5d:00:2d:18
Thu Jan 23 20:44:40 2020 TUN/TAP device tun0 opened
Thu Jan 23 20:44:40 2020 TUN/TAP TX queue length set to 100
Thu Jan 23 20:44:40 2020 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 23 20:44:40 2020 /sbin/ip addr add dev tun0 local 10.1.2.1 peer 10.1.2.2
Thu Jan 23 20:44:40 2020 /sbin/ip route add 10.1.2.0/24 via 10.1.2.2
Thu Jan 23 20:44:40 2020 Could not determine IPv4/IPv6 protocol. Using AFINET
Thu Jan 23 20:44:40 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Jan 23 20:44:40 2020 Listening for incoming TCP connection on [AF_INET][undef]:443
Thu Jan 23 20:44:40 2020 TCPv4
SERVER link local (bound): [AFINET][undef]:443
Thu Jan 23 20:44:40 2020 TCPv4
SERVER link remote: [AF_UNSPEC]
Thu Jan 23 20:44:40 2020 GID set to nobody

port 443 #- port
proto tcp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/centos-server.crt
key /etc/openvpn/easy-rsa/pki/private/centos-server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem

plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS

client-cert-not-required

username-as-common-name

auth-nocache
auth sha512
cipher AES-256-CBC
tls-server
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
server 10.1.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
keepalive 5 30
comp-lzo
user nobody
group nobody

duplicate-cn

persist-key
persist-tun

status /var/log/openvpn/status.log

log /var/log/openvpn/server.log

verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Hey there,

I was having quite a similar issue which was due to csf config -> there is high possibility that it is a firewall issue. Are you using any access blocking method on your server (csf / ufw / iptables etc.)? If yes - I would suggest you to try disable it for a moment and try start the openvpn. Also, take a look at the port you configured it on(1194 as a default) and check if it’s in use (netstat -tulpn | grep ‘port number’) by any other service.

Cheers!

Submit an Answer