openvpn[]: Options error: In [CMD-LINE]:1: Error opening configuration file
Solution 1
You might want to run
fixfiles -R openvpn restore
An ls -alZ should give you something like this (showing your files are in the correct selinux context now):
[root@server openvpn]# ls -alZ /etc/openvpn/
drwxr-xr-x. root root system_u:object_r:openvpn_etc_t:s0 .
drwxr-xr-x. root root system_u:object_r:etc_t:s0 ..
drwxr-xr-x. root root unconfined_u:object_r:openvpn_etc_t:s0 certs
-rw-r--r--. root root unconfined_u:object_r:openvpn_etc_t:s0 dh2048.pem
drwxr-xr-x. root root unconfined_u:object_r:openvpn_etc_t:s0 easy-rsa
-rw-------. root root unconfined_u:object_r:openvpn_etc_rw_t:s0 ipp.txt
-rw-------. root root unconfined_u:object_r:openvpn_etc_t:s0 ta.key
-rw-------. openvpn openvpn unconfined_u:object_r:openvpn_etc_t:s0 server.conf
If you have a statement like
status openvpn-status.log
in your openvpn config file, you might notice the server still won't start. A peek at the /var/log/audit/audit.log will reveal
type=AVC msg=audit(1413580155.710:1265): avc: denied { write } for pid=19725 comm="openvpn" name="openvpn-status.log" dev="dm-1" ino=54153273 scontext=system_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:openvpn_etc_t:s0 tclass=file
Changing the context of this file to rw does the trick:
chcon -t openvpn_etc_rw_t openvpn-status.log
and
[root@server openvpn]# ls -alZ openvpn-status.log
-rw-------. root root unconfined_u:object_r:openvpn_etc_t:s0 openvpn-status.log
will become
-rw-------. root root unconfined_u:object_r:openvpn_etc_rw_t:s0 openvpn-status.log
Afterwards the call
service openvpn@server start
worked flawlessly.
[root@server openvpn]# service openvpn@server status
Redirecting to /bin/systemctl status [email protected]
[email protected] - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/[email protected]; disabled)
Active: active (running) since Fri 2014-10-17 23:13:49 CEST; 9s ago
Process: 20445 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=0/SUCCESS)
Main PID: 20449 (openvpn)
CGroup: /system.slice/system-openvpn.slice/[email protected]
└─20449 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --cd /etc/openvpn/ --config server.conf
Oct 17 23:13:49 server openvpn[20445]: ROUTE_GATEWAY xx.xxx.xx.x/255.255.255.0 IFACE=eth0 HWADDR=XX:XX:XX:XX:XX:XX
Oct 17 23:13:49 server openvpn[20449]: GID set to nobody
Oct 17 23:13:49 server openvpn[20449]: UID set to nobody
Oct 17 23:13:49 server openvpn[20449]: UDPv4 link local (bound): [undef]
Oct 17 23:13:49 server openvpn[20449]: UDPv4 link remote: [undef]
Oct 17 23:13:49 server openvpn[20449]: MULTI: multi_init called, r=256 v=256
Oct 17 23:13:49 server openvpn[20449]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Oct 17 23:13:49 server systemd[1]: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
Oct 17 23:13:49 server openvpn[20449]: IFCONFIG POOL LIST
Oct 17 23:13:49 server openvpn[20449]: Initialization Sequence Completed
PS: I'm on Centos 7.
Solution 2
For anyone else that finds this thread, I had the problem on Fedora 26. Turns out the instructions I was following had you put the conf files in /etc/openvpn directory, but they need to go in /etc/openvpn/server.
Solution 3
The problem is SELinux, editing /etc/sysconfig/selinux and setting SELINUX=permissive and then rebooting fixed it for me. I remember in fedora that there was a command that had to be run to allow the cert directory to be used properly, but I forget what that command is. Setting to permissive fixes completely but a more preferred way would be to fix it so that it can use the directory properly.
Related videos on Youtube
![Unix & Linux: Options error: In [CMD-LINE]:1: Error opening configuration file FIX?](https://i.ytimg.com/vi/9cQeMU_zQxc/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBXy_lIrJD-Iz-RU30GG18crowDnQ)
01 : 18
02 : 11
04 : 03
04 : 02
![Unix & Linux: openvpn[]: Options error: In [CMD-LINE]:1: Error opening configuration file](https://i.ytimg.com/vi/fQXbv2Zodxs/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLB0b83owyyetKFsIdzty0cAGR7g8Q)
03 : 08
xenoterracide
Former Linux System Administrator, now full time Java Software Engineer.
Updated on September 18, 2022Comments
-
xenoterracide almost 2 years
when trying to
service openvpn startOct 12 14:02:01 ccushing1 openvpn[9091]: Options error: In [CMD-LINE]:1: Error opening configuration file: devnet-client-vm.confrunning
openvpn devnet-client-vm.confworks just fine. Why does openvpn not start? how can I fix it? -
AlexWalterbos over 6 yearsTHANK YOU. For others that have to go this deep: You have to copy your
ca,crtandkey(so two.crtfiles and a.key) file to the same directory -
oucil over 4 yearsThis was also the solution for me on CentOS 8
-
ansi_lumen over 4 yearsThis should be marked as the correct answer.
-
G-Man Says 'Reinstate Monica' over 4 years@GAD3R: Huh? It appears to me that this does provide an answer to the question; every bit as much as Jeremiah’s answer, which is similar (but not identical).
