Centos 7 and OpenVPN: how make them friends?
CentOS 7 uses systemd to control system service daemons. That you are using init scripts suggests that you have installed your openvpn without using a package manger ( the openvpn-2.3.2-4.el7 rpm doesn't contain init scripts)
I think at this point, rather than trying to debug and use init scripts it would be better to remove your current installation and then install and configure the natively supported package. Something like
yum install openvpn
systemctl enable [email protected]
systemctl start [email protected]
systemctl status -l [email protected]
Notice the use of openvpn@server, this relates to the /etc/openvpn configuration file which in this case would be expected to be /etc/openvpn/server.conf. If for example you had openvpn listening on port 443 you could
systemctl enable [email protected]
and you would complement that with a /etc/openvpn/port443.conf
.
Comments
-
Psychozoic almost 2 years
I'm trying to install OpenVPN server on Centos 7 and faced with next problem:
[root@msk ~]# /etc/init.d/openvpn start Starting openvpn (via systemctl): [ OK ] [root@msk ~]# ps aux | grep openvpn root 5639 0.0 0.0 112640 980 pts/6 S+ 12:54 0:00 grep --color=auto openvpn [root@msk ~]# service openvpn start Starting openvpn (via systemctl): [ OK ] [root@msk ~]# ps aux | grep openvpn root 5657 0.0 0.0 112640 980 pts/6 S+ 12:54 0:00 grep --color=auto openvpn [root@msk ~]#
As you can see - nothing happens.
But if i'll try to start it with single command:
openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config /etc/openvpn/server.conf --cd /etc/openvpn
it works nice.I think problem is
selinux
. And I don't want to disable it at all.Could you point me where is error?
-
user9517 over 9 yearsIf you think the problem is SELinux,have you looked in the audit log for relevant messages ?
-
Psychozoic over 9 yearsyes. and i made this:
cat /var/log/audit/audit.log | grep openvpn | grep denied | audit2allow -M myopenvpn; semodule -i myopenvpn.pp
-
user9517 over 9 yearsYou may need to put SElinux temporarily into Permissive mode so that you can gather all of the relevant log entries but you should also reinstall using the native openvpn package.
-
-
Psychozoic over 9 yearsthanks!!! so fast) but i noticed different version of vpn server: ` [root@msk local]# yum install openvpn Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.logol.ru * extras: mirror.logol.ru * rpmforge: mirror.awanti.com * updates: mirror.yandex.ru Package matching openvpn-2.2.2-1.el6.rf.x86_64 already installed. Checking for update. Nothing to do` what repo do you recommend to use?
-
user9517 over 9 yearsI don't know how you got an el6 rpm on your el7 system. Did you upgrade el6 to el7 ? is it really an el7 system ?
-
Psychozoic over 9 years@lain yes, it seems so:
[root@msk /]# uname -a Linux host.msk.ru 3.10.0-123.6.3.el7.x86_64 #1 SMP Wed Aug 6 21:12:36 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
. And no, it was installed from image. Without upgrades -
qu1j0t3 over 7 yearsI have the same problem. I've installed EPEL openvpn. I have a valid (tested) config file in /etc/openvpn/client.conf. But trying to start the service via systemd invariably produces " Process: 16437 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE) ...Options error: In [CMD-LINE]:1: Error opening configuration file: client.conf" even though the command appears correct.