I am able to run openvpn if I run openvpn server.config, but the service will not start. If i open journalctl -xe there is a message that says " openvpn-server@server.service: Failed at step CHDIR spawning /usr/sbin/openvpn:"
[root@centos-server openvpn]# openvpn server.conf Thu Jan 23 20:44:40 2020 OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2019 Thu Jan 23 20:44:40 2020 library versions: OpenSSL 1.1.1c FIPS 28 May 2019, LZO 2.08 Thu Jan 23 20:44:40 2020 Diffie-Hellman initialized with 2048 bit key Thu Jan 23 20:44:40 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead. Thu Jan 23 20:44:40 2020 ECDH curve secp384r1 added Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Using 256 bit message hash ‘SHA256’ for HMAC authentication Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Using 256 bit message hash ‘SHA256’ for HMAC authentication Thu Jan 23 20:44:40 2020 ROUTE_GATEWAY 10.1.0.1/255.255.255.192 IFACE=eth0 HWADDR=00:15:5d:00:2d:18 Thu Jan 23 20:44:40 2020 TUN/TAP device tun0 opened Thu Jan 23 20:44:40 2020 TUN/TAP TX queue length set to 100 Thu Jan 23 20:44:40 2020 /sbin/ip link set dev tun0 up mtu 1500 Thu Jan 23 20:44:40 2020 /sbin/ip addr add dev tun0 local 10.1.2.1 peer 10.1.2.2 Thu Jan 23 20:44:40 2020 /sbin/ip route add 10.1.2.0/24 via 10.1.2.2 Thu Jan 23 20:44:40 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET Thu Jan 23 20:44:40 2020 Socket Buffers: R=[87380->87380] S=[16384->16384] Thu Jan 23 20:44:40 2020 Listening for incoming TCP connection on [AF_INET][undef]:443 Thu Jan 23 20:44:40 2020 TCPv4_SERVER link local (bound): [AF_INET][undef]:443 Thu Jan 23 20:44:40 2020 TCPv4_SERVER link remote: [AF_UNSPEC] Thu Jan 23 20:44:40 2020 GID set to nobody
port 443 #- port proto tcp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/centos-server.crt key /etc/openvpn/easy-rsa/pki/private/centos-server.key dh /etc/openvpn/easy-rsa/pki/dh.pem #plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS #client-cert-not-required #username-as-common-name auth-nocache auth sha512 cipher AES-256-CBC tls-server tls-crypt /etc/openvpn/easy-rsa/pki/ta.key 0 tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA server 10.1.2.0 255.255.255.0 ifconfig-pool-persist ipp.txt push “redirect-gateway def1” push “dhcp-option DNS 8.8.8.8” push “dhcp-option DNS 8.8.4.4” keepalive 5 30 comp-lzo user nobody group nobody #duplicate-cn persist-key persist-tun #status /var/log/openvpn/status.log #log /var/log/openvpn/server.log verb 3 crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hey there,
I was having quite a similar issue which was due to csf config -> there is high possibility that it is a firewall issue. Are you using any access blocking method on your server (csf / ufw / iptables etc.)? If yes - I would suggest you to try disable it for a moment and try start the openvpn. Also, take a look at the port you configured it on(1194 as a default) and check if it’s in use (netstat -tulpn | grep ‘port number’) by any other service.
Cheers!