How to start 2FA-using OpenVPN with systemd?
I try to start it via normal service call:# service openvpn start work
No, that's not normal. That's a quirk of System 5 rc
toolsets that invokes a System 5 rc
script with two arguments. The rc
script takes the non-standard second argument as the basename of the OpenVPN configuration to use.
This is Ubuntu Linux. You aren't using System 5 rc
. You aren't using its rc
script. You are using systemd. You are using systemd service units, which OpenVPN has in fact had for many years now. systemd service units aren't scripts and don't have script arguments.
What they have are template parameters, and OpenVPN was in fact one of the earlier adopters of the template units mechanism when it came along, having had templatized units since at least 2011. (Templatized upstart jobs for OpenVPN have been floating around since at least 2012.)
You're looking at /lib/systemd/system/openvpn.service
. What you should be looking at is /lib/systemd/system/[email protected]
. Instantiate that on the configuration name:
systemctl preset [email protected]
systemctl disable [email protected]
systemctl start [email protected]
systemctl stop [email protected]
systemctl status [email protected]
Or just let Debian/Ubuntu do the heavy lifting. There's a unit generator in /lib/systemd/system-generators/openvpn-generator
that automatically instantiates this template against every *.conf
file in /etc/openvpn
at bootstrap or when systemctl daemon-reload
is run.
Further reading
Related videos on Youtube
user70436
Updated on September 18, 2022Comments
-
user70436 over 1 year
I have openvpn config that users 2 factor authentication.
If I start it manually, by running:
/usr/sbin/openvpn --writepid /run/whatever --cd /etc/openvpn/ --config /etc/openvpn/work.conf
it asks for username, then password (provided by software on my phone), and then password for private key. And then it works.
But if/when I try to start it via normal service call:
=# service openvpn start work
nothing is printed, openvpn doesn't work, and journalctl shows:
=# systemctl status openvpn ● openvpn.service - OpenVPN service Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled) Active: active (exited) since czw 2015-05-28 10:24:22 CEST; 17min ago Process: 30395 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 30395 (code=exited, status=0/SUCCESS) CGroup: /system.slice/openvpn.service maj 28 10:24:22 krowka systemd[1]: Starting OpenVPN service... maj 28 10:41:40 krowka systemd[1]: Started OpenVPN service.
Is there anything I could do to make it work "normally", via "service" call, or any other mean, other than manually building /usr/sbin/openvpn invocation?
-
user70436 almost 9 yearsThanks for explanation (even though I don't really appreciate the tone). Too complicated to use. Wrote a simple shell script, and it works just as well. Having to generate "config file for config file" is just plain insane.