openvpn-install icon indicating copy to clipboard operation
openvpn-install copied to clipboard

Published 20 hours ago verified publisher icon angristan

OpenVPN Server not working in Arch Linux

Open OnePerson10 opened this issue 4 years ago • 17 comments

Hi. I installed OpenVPN 3 months ago and today has stopped working (Arch Linux). I don´t touch nothing so I don´t know why OVPN not work. I tried to reinstall but doesn´t work. Ports opened.

OnePerson10 avatar Jan 17 '21 17:01 OnePerson10

I've installed it just now and it doesn't work (archlinux testing). Worked previously. Service failed to start

luntik2012 avatar Feb 09 '21 18:02 luntik2012 

Feb 16 15:54:56 myhostname openvpn[464347]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Feb 16 15:54:56 myhostname openvpn[464347]: Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
Feb 16 15:54:56 myhostname openvpn[464347]: Options error: --ca fails with 'ca.crt': Permission denied (errno=13)
Feb 16 15:54:56 myhostname openvpn[464347]: Options error: --cert fails with 'server_mJmlYr4kjNbKQ3WE.crt': Permission denied (errno=13)
Feb 16 15:54:56 myhostname openvpn[464347]: Options error: --key fails with 'server_mJmlYr4kjNbKQ3WE.key': Permission denied (errno=13)
Feb 16 15:54:56 myhostname openvpn[464347]: Options error: --status fails with '/var/log/openvpn/status.log': Permission denied (errno=13)
Feb 16 15:54:56 myhostname openvpn[464347]: Options error: Please correct these errors.
Feb 16 15:54:56 myhostname openvpn[464347]: Use --help for more information.
Feb 16 15:54:56 myhostname systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE

luntik2012 avatar Feb 16 '21 15:02 luntik2012

Thanks for the report. PRs appreciated 🙏

angristan avatar Mar 10 '21 20:03 angristan

It seems to be related to new permissions in OpenVPN 2.5.0-3.

Changing ownership of the relevant directories seems to fix this problem: chown -R openvpn.network /etc/openvpn/client /etc/openvpn/server /var/log/openvpn

My reference: https://bbs.archlinux.org/viewtopic.php?id=262317

I have no idea if this is safe to do or permanent, but it does solve the errors at least.

0x000C avatar Mar 16 '21 00:03 0x000C 

sudo  chown -R openvpn.network /var/log/openvpn /etc/openvpn/

worked for me

https://github.com/sansible/openvpn/issues/15

luntik2012 avatar Mar 16 '21 11:03 luntik2012 

sudo chown -R openvpn.network /etc/openvpn/client /etc/openvpn/server /var/log/openvpn /etc/openvpn/ca.crt /etc/openvpn/server_*

My reference: journalctl -xeu openvpn-server@server

sokoloowski avatar Aug 10 '21 08:08 sokoloowski

Yeah it fixed it for me putting the line in 925 right before it tries to install openvpn. I used: chown -R openvpn.network /etc/openvpn/ /var/log/openvpn/

gatosyperros avatar Dec 24 '21 16:12 gatosyperros

I did the same as @gatosyperros but after installation.

chown -R openvpn.network /etc/openvpn/ /var/log/openvpn/
systemctl restart openvpn-server@server

mukkumayc avatar Jan 21 '22 12:01 mukkumayc

I did the same as @gatosyperros but after installation.

chown -R openvpn.network /etc/openvpn/ /var/log/openvpn/
systemctl restart openvpn-server@server

Thanks. This worked for me :)

smamun19 avatar Feb 21 '22 14:02 smamun19

Doesn't work anymore :

$ sudo  chown -R openvpn.network /var/log/openvpn /etc/openvpn/
chown: warning: '.' should be ':': « openvpn.network »

kikislater avatar Jun 27 '22 17:06 kikislater

~~Same, has anyone found a fix for this new error? Changing as it says doesn't work either.~~ One of the other commands in here fixed it.

joshuafhiggins avatar Jul 07 '22 21:07 joshuafhiggins

Same issue on Ubuntu 22 Server, and I can't use the fix above:

$ sudo chown -R openvpn.network /etc/openvpn/ /var/log/openvpn/
chown: invalid user: ‘openvpn.network’

BenMorel avatar Jul 10 '22 20:07 BenMorel

Same issue on Ubuntu 22 Server, and I can't use the fix above:

$ sudo chown -R openvpn.network /etc/openvpn/ /var/log/openvpn/
chown: invalid user: ‘openvpn.network’

Your issue looks different than ours. Try enabling the OpenVPN service and see if you can connect without this fix. I'm not sure how to on Ubuntu.

joshuafhiggins avatar Jul 10 '22 20:07 joshuafhiggins

@higgy999 Sorry, I have deleted the Ubuntu 22 instance since. I then tried on an Ubuntu 20 Server instance, and it worked. Now that you say it though, I had to manually start the openvpn@server service on Ubuntu 20, maybe I forgot this step on Ubuntu 22 :/ Doesn't it start automatically?

BenMorel avatar Jul 10 '22 20:07 BenMorel

@higgy999 Sorry, I have deleted the Ubuntu 22 instance since. I then tried on an Ubuntu 20 Server instance, and it worked. Now that you say it though, I had to manually start the openvpn@server service on Ubuntu 20, maybe I forgot this step on Ubuntu 22 :/ Doesn't it start automatically?

It will once you enable it. The package may not have been set up to auto enable because there may be files you should edit first before it starts.

joshuafhiggins avatar Jul 10 '22 21:07 joshuafhiggins

Ah, good point. So I can't be sure whether it would have actually worked on Ubuntu 22. Sorry for the noise.

BenMorel avatar Jul 10 '22 21:07 BenMorel

I did the same as @gatosyperros but after installation.

chown -R openvpn.network /etc/openvpn/ /var/log/openvpn/
systemctl restart openvpn-server@server

worked for me on Arch ARM but instead of openvpn.network i just used openvpn

y0nei avatar Aug 27 '22 14:08 y0nei