Closed daniel071 closed 1 year ago
similar on archlinux, 4553dd9c2181bc086975fd5c8e4bc56ba332a3e7:
Aug 25 10:31:12 pc systemd[1]: Starting OpenVPN service for server...
░░ Subject: A start job for unit openvpn-server@server.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit openvpn-server@server.service has begun execution.
░░
░░ The job identifier is 4587.
Aug 25 10:31:12 pc openvpn[2337]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Aug 25 10:31:12 pc openvpn[2337]: Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
Aug 25 10:31:12 pc openvpn[2337]: Options error: --ca fails with 'ca.crt': Permission denied (errno=13)
Aug 25 10:31:12 pc openvpn[2337]: Options error: --cert fails with 'server_XUP4y8fvCc3kylnb.crt': Permission denied (errno=13)
Aug 25 10:31:12 pc openvpn[2337]: Options error: --key fails with 'server_XUP4y8fvCc3kylnb.key': Permission denied (errno=13)
Aug 25 10:31:12 pc openvpn[2337]: Options error: --status fails with '/var/log/openvpn/status.log': Permission denied (errno=13)
Aug 25 10:31:12 pc openvpn[2337]: Options error: Please correct these errors.
Aug 25 10:31:12 pc openvpn[2337]: Use --help for more information.
Aug 25 10:31:12 pc systemd[1]: openvpn-server@server.service: Main process exited, code=exited, status=1/FAILURE
I had the same issue. The client device could not connect to the server with this error SIGUSR1[soft,connection-reset] received, process restarting
because the server hadn't properly started. I fixed it using these commands, run as root.
chown openvpn:network /etc/openvpn/ca.cert
chown openvpn:network /etc/openvpn/server_*
chown -R openvpn:network /var/log/openvpn
The The certificate has expired
error looks like a CA issue on your system :)
As for @Rijul-A's errors, see https://github.com/angristan/openvpn-install/issues/788
I have finally figured out how to solve my issues.
I had to change /etc/iptables/add-openvpn-rules.sh
and /etc/iptables/rm-openvpn-rules.sh
#!/bin/sh
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o eth -j MASQUERADE
iptables -D INPUT -i tun0 -j ACCEPT
iptables -D FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -D FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -D INPUT -i eth0 -p udp --dport 3333 -j ACCEPT
TO
#!/bin/sh
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o end0 -j MASQUERADE
iptables -D INPUT -i tun0 -j ACCEPT
iptables -D FORWARD -i end0 -o tun0 -j ACCEPT
iptables -D FORWARD -i tun0 -o end0 -j ACCEPT
iptables -D INPUT -i end0 -p udp --dport 3333 -j ACCEPT
And had to change the owner and group of /etc/openvpn to openvpn:network so that files would load correctly.
Then run systemctl restart iptables-openvpn
And run systemctl restart openvpn-server@server
Make sure your check these beforehand!
Server OS
Arch Linux Arm
OpenVPN version
OpenVPN 2.5.7 [git:makepkg/a0f9a3e9404c8321+] armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 2 2022
Client
Linux arch linux arm 5.15.56-3-rpi-ARCH #1 SMP Fri Aug 12 04:20:40 MDT 2022 armv7l GNU/Linux
What is the bug?
Similar to https://github.com/angristan/openvpn-install/issues/420 and https://github.com/angristan/openvpn-install/issues/363 I've tried on multiple machines and I end up in the same error. On my previous install of Arch Linux Arm it worked without issues. I've tried copying the easyrsa binaries to the openvpn-install script location, however it still fails to generate keys and certs.
Relevant log output