Closed jkroepke closed 7 months ago
No issue when using the command line:
xx@xx:/etc/systemd/system$ sudo /usr/bin/openvpn-auth-oauth2 --config /etc/openvpn-auth-oauth2/config.yaml
time=2024-02-14T11:41:33.689Z level=INFO msg="discover oidc auto configuration with provider generic for issuer https://accounts.google.com"
# This is wrong, see https://github.com/jkroepke/openvpn-auth-oauth2/issues/173
time=2024-02-14T11:41:33.721Z level=INFO msg="start HTTPS server listener on :9000 with base url https://xx:9000"
time=2024-02-14T11:41:33.722Z level=INFO msg="connect to openvpn management interface unix:///run/openvpn/server.sock"
time=2024-02-14T11:41:33.729Z level=INFO msg="connection to OpenVPN management interface established."
time=2024-02-14T11:41:33.762Z level=INFO msg="OpenVPN Version: OpenVPN 2.6.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] - Management Version: 5"
time=2024-02-14T11:42:08.201Z level=INFO msg="new client connection" cid=0 kid=1 common_name=default reason=CONNECT username=""
time=2024-02-14T11:42:08.201Z level=INFO msg="start pending auth" cid=0 kid=1 common_name=default reason=CONNECT username=""
And journalctl -flu openvpn-auth-oauth2
and systemctl status openvpn-auth-oauth2
reports nothing?
Are files in ls -lah /var/crash/
, and if not, please post the output to gain the path cat /proc/sys/kernel/core_pattern
root@xx:/etc/openvpn-auth-oauth2# journalctl -flu openvpn-auth-oauth2
Feb 14 13:54:16 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Scheduled restart job, restart counter is at 11670.
Feb 14 13:54:16 shared-hub-vpn-gateway systemd[1]: Stopped OpenVPN authenticator.
Feb 14 13:54:16 shared-hub-vpn-gateway systemd[1]: Started OpenVPN authenticator.
Feb 14 13:54:16 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Main process exited, code=dumped, status=31/SYS
Feb 14 13:54:16 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Failed with result 'core-dump'.
Feb 14 13:54:21 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Scheduled restart job, restart counter is at 11671.
Feb 14 13:54:21 shared-hub-vpn-gateway systemd[1]: Stopped OpenVPN authenticator.
Feb 14 13:54:21 shared-hub-vpn-gateway systemd[1]: Started OpenVPN authenticator.
Feb 14 13:54:21 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Main process exited, code=dumped, status=31/SYS
Feb 14 13:54:21 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Failed with result 'core-dump'.
root@xx:/etc/openvpn-auth-oauth2# systemctl status openvpn-auth-oauth2
● openvpn-auth-oauth2.service - OpenVPN authenticator
Loaded: loaded (/lib/systemd/system/openvpn-auth-oauth2.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: core-dump) since Wed 2024-02-14 13:55:00 UTC; 1s ago
Docs: https://github.com/jkroepke/openvpn-auth-oauth2
Process: 252226 ExecStart=/usr/bin/openvpn-auth-oauth2 --config ${CONFIG_FILE} (code=dumped, signal=SYS)
Main PID: 252226 (code=dumped, signal=SYS)
CPU: 107ms
Feb 14 13:55:00 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Main process exited, code=dumped, status=31/SYS
Feb 14 13:55:00 shared-hub-vpn-gateway systemd[1]: openvpn-auth-oauth2.service: Failed with result 'core-dump'
Yes, there is an unreadable file in ls -lah /var/crash/
, do you want it? And if yes, where can I send it? I don't know if it contains information regarding my environment.
I don't know if it contains information regarding my environment.
You may want to remove credentials from config.yml and sysconfig first, then you can sent it to my mail address . You can find it on my GitHub profile @jkroepke
Also I expect, if you remove the lines
from your systemd file, the service will start?
Correct, then it works. Including all locked down permissions, so overall I'm pretty happy with where we are going.
I sent the crash file to you by mail.
@jkroepke I was already trying that yesterday, while refactoring my installation script to incorporate the ownership changes. So I do expect my current setup to fail, but I no longer get any details why it's failing in the new setup. Journalcl output:
I have to add: I also did try to change from the
/etc/sysconfig/openvpn-auth-oauth2
file to/etc/openvpn-auth-oauth2/config.yaml
config.yaml
/etc/sysconfig/openvpn-auth-oauth2
Please let me know how I can see errors/misconfigurations in your component again
Originally posted by @Pionerd in https://github.com/jkroepke/openvpn-auth-oauth2/issues/168#issuecomment-1943585219