Page MenuHomeVyOS Platform

OpenVPN service fails to start
Closed, ResolvedPublicBUG

Description

When I use the following configuration that works on 1.2.5-epa1 the OpenVPN service fails to start.

set interfaces openvpn vtun0 authentication password xxxxxx
set interfaces openvpn vtun0 authentication username xxxxxx
set interfaces openvpn vtun0 hash 'sha512'
set interfaces openvpn vtun0 mode 'client'
set interfaces openvpn vtun0 openvpn-option '--persist-key'
set interfaces openvpn vtun0 openvpn-option '--persist-tun'
set interfaces openvpn vtun0 openvpn-option '--nobind'
set interfaces openvpn vtun0 openvpn-option '--comp-lzo'
set interfaces openvpn vtun0 openvpn-option '--cipher AES-256-CBC'
set interfaces openvpn vtun0 openvpn-option '--tls-auth /config/auth/nordvpn/tls.key 1'
set interfaces openvpn vtun0 openvpn-option '--script-security 2'
set interfaces openvpn vtun0 openvpn-option '--route-method exe'
set interfaces openvpn vtun0 openvpn-option '--ns-cert-type server'
set interfaces openvpn vtun0 openvpn-option '--key-direction 1'
set interfaces openvpn vtun0 openvpn-option '--route-delay 2'
set interfaces openvpn vtun0 openvpn-option '--mssfix 1450'
set interfaces openvpn vtun0 openvpn-option '--keysize 256'
set interfaces openvpn vtun0 openvpn-option '--sndbuf 524288'
set interfaces openvpn vtun0 openvpn-option '--rcvbuf 524288'
set interfaces openvpn vtun0 openvpn-option '--fast-io'
set interfaces openvpn vtun0 openvpn-option '--verb 3'
set interfaces openvpn vtun0 openvpn-option '--auth-retry nointeract'
set interfaces openvpn vtun0 openvpn-option '--route-nopull'
set interfaces openvpn vtun0 openvpn-option '--tun-mtu 1532'
set interfaces openvpn vtun0 persistent-tunnel
set interfaces openvpn vtun0 protocol 'udp'
set interfaces openvpn vtun0 remote-host 'xxx.xxx.42.68'
set interfaces openvpn vtun0 remote-port '1194'
set interfaces openvpn vtun0 tls ca-cert-file xxxxxx

Error given on commit

[ interfaces openvpn vtun0 tls ca-cert-file /config/auth/nordvpn/ca.crt ]


[ interfaces openvpn vtun0 ]
Job for openvpn@vtun0.service failed because the control process exited with error code.
See "systemctl status openvpn@vtun0.service" and "journalctl -xe" for details.
RTNETLINK answers: Operation not supported

In the logs for OpenVPN the following is written.

Apr 19 11:29:33 vyos systemd[1]: openvpn@vtun0.service: Main process exited, code=exited, status=1/FAILURE
Apr 19 11:29:33 vyos systemd[1]: openvpn@vtun0.service: Failed with result 'exit-code'.
Apr 19 11:29:38 vyos systemd[1]: openvpn@vtun0.service: Service RestartSec=5s expired, scheduling restart.
Apr 19 11:29:38 vyos systemd[1]: openvpn@vtun0.service: Scheduled restart job, restart counter is at 55.
Apr 19 11:29:38 vyos openvpn-vtun0[2513]: DEPRECATED OPTION: --compat-names, please update your configuration. This will be removed in OpenVPN 2.5.
Apr 19 11:29:38 vyos openvpn-vtun0[2513]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Apr 19 11:29:38 vyos openvpn-vtun0[2513]: WARNING: file '/config/auth/nordvpn/tls.key' is group or others accessible
Apr 19 11:29:38 vyos openvpn-vtun0[2513]: WARNING: cannot stat file '/tmp/openvpn-vtun0-pw': No such file or directory (errno=2)
Apr 19 11:29:38 vyos openvpn-vtun0[2513]: Options error: --auth-user-pass fails with '/tmp/openvpn-vtun0-pw': No such file or directory (errno=2)
Apr 19 11:29:38 vyos openvpn-vtun0[2513]: Options error: Please correct these errors.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202004191028
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

Caused by T2273, issue is also in T2308: systemd uses a private /tmp dir. Should be moved to /run/openvpn or the systemd-private dir disabled (I prefer the 1st option)

c-po changed the task status from Open to In progress.Apr 19 2020, 3:24 PM
c-po claimed this task.
erkin set Issue type to Bug (incorrect behavior).Aug 30 2021, 6:46 AM
erkin removed a subscriber: Active contributors.