3

Yesterday I configured OpenVPN on a Ubuntu 18.04 server which seems to work. I can connect no problem and systemctl status openvpn gives me green. However, my syslog is being riddled with errors which seem to relate to a different service than openvpn.service. I am kind of unsettled by this since the server goes into use tomorrow and the only way to get access then is via openvpn.

Here is the syslog:

Jun 22 15:30:41 localhost systemd[1]: openvpn@multi-user.service: Main process e xited, code=exited, status=1/FAILURE
Jun 22 15:30:41 localhost systemd[1]: openvpn@multi-user.service: Failed with re sult 'exit-code'.
Jun 22 15:30:41 localhost systemd[1]: Failed to start OpenVPN connection to multi-user.
Jun 22 15:30:47 localhost systemd[1]: openvpn@multi-user.service: Service hold-off time over, scheduling restart.
Jun 22 15:30:47 localhost systemd[1]: openvpn@multi-user.service: Scheduled restart job, restart counter is at 146.
Jun 22 15:30:47 localhost systemd[1]: Stopped OpenVPN connection to multi-user.
Jun 22 15:30:47 localhost systemd[1]: Starting OpenVPN connection to multi-user...
Jun 22 15:30:47 localhost ovpn-multi-user[3046]: Options error: In [CMD-LINE]:1:Error opening configuration file: /etc/openvpn/multi-user.conf
Jun 22 15:30:47 localhost ovpn-multi-user[3046]: Use --help for more information.
Jun 22 15:30:47 localhost systemd[1]: openvpn@multi-user.service: Main process exited, code=exited, status=1/FAILURE
Jun 22 15:30:47 localhost systemd[1]: openvpn@multi-user.service: Failed with result 'exit-code'.
Jun 22 15:30:47 localhost systemd[1]: Failed to start OpenVPN connection to multi-user.
Jun 22 15:30:52 localhost systemd[1]: openvpn@multi-user.service: Service hold-off time over, scheduling restart.
Jun 22 15:30:52 localhost systemd[1]: openvpn@multi-user.service: Scheduled restart job, restart counter is at 147.
Jun 22 15:30:52 localhost systemd[1]: Stopped OpenVPN connection to multi-user.
Jun 22 15:30:52 localhost systemd[1]: Starting OpenVPN connection to multi-user.
Chris Davies
  • 116,213
  • 16
  • 160
  • 287
AlpayY
  • 51
  • Related questions are https://unix.stackexchange.com/questions/378749/ and https://unix.stackexchange.com/questions/409665/ . – JdeBP Jun 22 '18 at 17:55

2 Answers2

2

I initially worked around the issue by putting the following line in my rc.local:

systemctl stop openvpn@multi-user.service

I finally solved it by disabling the deprecated openvpn@.service, removing all configuration files from the OpenVPN root directory and moving them to the server directory, as well as activating the respective openvpn-server@config.service.

Chris Davies
  • 116,213
  • 16
  • 160
  • 287
AlpayY
  • 51
0

Under systemd, at least on Debian (and presumably Ubuntu) each VPN connection (there can be multiple) gets its own service name openvpn@CONNECTION-NAME.service. You should have one per *.conf file in /etc/openvpn/.

The actual openvpn.service is a collection of all of them, to let you easily start/stop/reload all VPNs at once. Getting status on it isn't telling you much useful.

So you need to try systemctl status openvpn@multi-user.service or journalctl _SYSTEMD_UNIT=openvpn@multi-user.service, as it'd appear your VPN is exiting for some reason. Of course, that could be something simple and expected like network issues, remote end disconnected, etc. (OpenVPN can be configured to exit when the VPN goes down.)

You can see all the OpenVPN units using something like systemctl list-units | grep openvpn or probably systemctl show --property ConsistsOf openvpn.service

derobert
  • 109,670
  • Thank you for your reply, good to hear my thoughts went into the right direction. The problem seems to be that something tries to start a openvpn service with the connection name "multi-user" and that doesn't exist. How do I fix this? – AlpayY Jun 22 '18 at 16:39
  • @AlpayY I'd start by seeing if you accidentally symlinked it into one of the systemd startup directories. E.g., somehow when trying to get your VPN started by multi-user.target. If you're lucky, systemctl show --property WantedBy openvpn@multi-user.service will yield something useful. Or look through the journal. – derobert Jun 22 '18 at 16:41
  • The ouput of that command is WantedBy=multi-user.target. I also see this line at the end of /lib/systemd/system/openvpn@.service: [Install] WantedBy=multi-user.target So do I just remove it?

    Just fyi, I didn't touch my openvpn installation apart from creating config files. This is it's default behaviour out of the box.

     – AlpayY Jun 22 '18 at 16:44
  • @AlpayY Yes, that install means when you do systemctl enable openvpn@whatever.service, it'll be linked into /etc/systemd/system/multi-user.target.wants/ — I suspect you may have a link there for your non-existent VPN (because you did systemctl enable openvpn@multi-user.service) – derobert Jun 22 '18 at 16:45
  • @AlpayY anyway, systemctl disable openvpn@multi-user.service ought to fix it (and of course reboot your system before shipping it out, just be sure everything is still working) – derobert Jun 22 '18 at 16:46
  • No luck with that unfortunately. No symlink in /etc/systemd/system/multi-user.target.wants/ and systemctl disable openvpn@multi-user.service doesn't do anything. :( – AlpayY Jun 22 '18 at 16:49
  • @AlpayY odd... does find /etc -name 'openvpn@multi-user.service' find it anywhere? Also, I guess check /etc/default/openvpn to see if its listed under autostart there (but I don't think that is used under systemd). And finally, does it persist through reboot? Want to make sure it wasn't just you accidentally did a systemctl start on it at some point. – derobert Jun 22 '18 at 17:02
  • The find command doesn't find it anywhere. Nothing under /etc/default/openvpn and it does persist through reboot unfortunately. – AlpayY Jun 22 '18 at 17:05
  • @AlpayY I'm stumped, then, where it's coming from. Just to confirm, you do not have an /etc/openvpn/multi-user.conf, correct? – derobert Jun 22 '18 at 17:07
  • Yes, I don't have one.

    ls /etc/openvpn returns 01.pem 02.pem 03.pem 04.pem ca.crt client dh2048.pem easy-rsa ipp.txt openvpn-status.log server server.conf server.crt server.key update-resolv-conf

     – AlpayY Jun 22 '18 at 17:10