Centos 7 and OpenVPN: how make them friends?

centos openvpn selinux centos7

12,293

CentOS 7 uses systemd to control system service daemons. That you are using init scripts suggests that you have installed your openvpn without using a package manger ( the openvpn-2.3.2-4.el7 rpm doesn't contain init scripts)

I think at this point, rather than trying to debug and use init scripts it would be better to remove your current installation and then install and configure the natively supported package. Something like

yum install openvpn
systemctl enable [email protected]

systemctl start [email protected]
systemctl status -l [email protected]

Notice the use of openvpn@server, this relates to the /etc/openvpn configuration file which in this case would be expected to be /etc/openvpn/server.conf. If for example you had openvpn listening on port 443 you could

systemctl enable [email protected]

and you would complement that with a /etc/openvpn/port443.conf.

12,293

Author by

Psychozoic

livable sysadmin

Updated on September 18, 2022

Comments

Psychozoic almost 2 years
I'm trying to install OpenVPN server on Centos 7 and faced with next problem:
```
[root@msk ~]# /etc/init.d/openvpn start
Starting openvpn (via systemctl):                          [  OK  ]
[root@msk ~]# ps aux | grep openvpn
root      5639  0.0  0.0 112640   980 pts/6    S+   12:54   0:00 grep --color=auto openvpn
[root@msk ~]# service openvpn start
Starting openvpn (via systemctl):                          [  OK  ]
[root@msk ~]# ps aux | grep openvpn
root      5657  0.0  0.0 112640   980 pts/6    S+   12:54   0:00 grep --color=auto openvpn
[root@msk ~]#
```
As you can see - nothing happens.

But if i'll try to start it with single command: openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config /etc/openvpn/server.conf --cd /etc/openvpn it works nice.

I think problem is selinux. And I don't want to disable it at all.

Could you point me where is error?
- user9517 over 9 years
  
  If you think the problem is SELinux,have you looked in the audit log for relevant messages ?
- Psychozoic over 9 years
  
  yes. and i made this: cat /var/log/audit/audit.log | grep openvpn | grep denied | audit2allow -M myopenvpn; semodule -i myopenvpn.pp
- user9517 over 9 years
  
  You may need to put SElinux temporarily into Permissive mode so that you can gather all of the relevant log entries but you should also reinstall using the native openvpn package.
Psychozoic over 9 years

thanks!!! so fast) but i noticed different version of vpn server: ` [root@msk local]# yum install openvpn Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.logol.ru * extras: mirror.logol.ru * rpmforge: mirror.awanti.com * updates: mirror.yandex.ru Package matching openvpn-2.2.2-1.el6.rf.x86_64 already installed. Checking for update. Nothing to do` what repo do you recommend to use?
user9517 over 9 years

I don't know how you got an el6 rpm on your el7 system. Did you upgrade el6 to el7 ? is it really an el7 system ?
Psychozoic over 9 years

@lain yes, it seems so: [root@msk /]# uname -a Linux host.msk.ru 3.10.0-123.6.3.el7.x86_64 #1 SMP Wed Aug 6 21:12:36 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux. And no, it was installed from image. Without upgrades
qu1j0t3 over 7 years

I have the same problem. I've installed EPEL openvpn. I have a valid (tested) config file in /etc/openvpn/client.conf. But trying to start the service via systemd invariably produces " Process: 16437 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE) ...Options error: In [CMD-LINE]:1: Error opening configuration file: client.conf" even though the command appears correct.