I have openvpn config that users 2 factor authentication.
If I start it manually, by running:
/usr/sbin/openvpn --writepid /run/whatever --cd /etc/openvpn/ --config /etc/openvpn/work.conf
it asks for username, then password (provided by software on my phone), and then password for private key. And then it works.
But if/when I try to start it via normal service call:
=# service openvpn start work
nothing is printed, openvpn doesn’t work, and journalctl shows:
=# systemctl status openvpn ● openvpn.service - OpenVPN service Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled) Active: active (exited) since czw 2015-05-28 10:24:22 CEST; 17min ago Process: 30395 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 30395 (code=exited, status=0/SUCCESS) CGroup: /system.slice/openvpn.service maj 28 10:24:22 krowka systemd[1]: Starting OpenVPN service... maj 28 10:41:40 krowka systemd[1]: Started OpenVPN service.
Is there anything I could do to make it work “normally”, via “service” call, or any other mean, other than manually building /usr/sbin/openvpn invocation?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I try to start it via normal service call:
# service openvpn start work
No, that’s not normal. That’s a quirk of System 5 rc toolsets that invokes a System 5 rc script with two arguments. The rc script takes the non-standard second argument as the basename of the OpenVPN configuration to use.
This is Ubuntu Linux. You aren’t using System 5 rc. You aren’t using its rc script. You are using systemd. You are using systemd service units, which OpenVPN has in fact had for many years now. systemd service units aren’t scripts and don’t have script arguments.
What they have are template parameters, and OpenVPN was in fact one of the earlier adopters of the template units mechanism when it came along, having had templatized units since at least 2011. (Templatized upstart jobs for OpenVPN have been floating around since at least 2012.)
You’re looking at /lib/systemd/system/openvpn.service. What you should be looking at is /lib/systemd/system/[email protected]. Instantiate that on the configuration name:
systemctl preset [email protected]systemctl disable [email protected]systemctl start [email protected]systemctl stop [email protected]systemctl status [email protected]
Or just let Debian/Ubuntu do the heavy lifting. There’s a unit generator in /lib/systemd/system-generators/openvpn-generator that automatically instantiates this template against every *.conf file in /etc/openvpn at bootstrap or when systemctl daemon-reload is run.
Further reading
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0