Mysterious systemd problem

[Zuikkis]

Hi!

I copied my openvpn config to /etc/openvpn/dk2.conf

I have defined all "up, down, route-up" inside the conf file so I'm able to start it with simple command "openvpn --config /etc/openvpn/dk2.conf"

That works fine from command line when run with sudo.

However, when enabled /etc/default/openvpn "AUTOSTART" variable, systemd tries to start it automatically on boot.

This again works.... Openvpn is up and running, but there is something wrong in netns config.

tsuikki@puucee:~$ ip netns
vpn
tsuikki@puucee:~$ sudo ip netns
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
vpn
tsuikki@puucee:~$

If started from command line, I get these results:

tsuikki@puucee:~$ ip netns
vpn (id: 0)
tsuikki@puucee:~$ sudo ip netns
vpn (id: 0)
tsuikki@puucee:~$

I tried looking at all the files generated by the script, and they are identical. I think it must be some kind of permission thing?

[Zuikkis]

bah.. added an "reboot" entry to root's crontab, works like a charm.

Again a failed attempt in trying to get along with systemd.. 👍

[zackherbert]

I got the same problem trying to run openvpn at boot and setting the netns.

The problem was because the openvpn-client service had lines like PrivateTmp=true, ProtectSystem=true and DeviceAllow lines which restricted access to the system filesystem which is needed to play with netns.

I also had to add the CAP_SYS capability to CapabilityBoundingSet.

In my openvpn-netns repo, I added a new service which works will with network namespaces.