While I can start OpenVPN manually with sudo systemctl start openvpn@server.service ("server" being the name of my config file), trying to get OpenVPN to open automatically after a reboot after having set up the required symlink with the command sudo systemctl enable openvpn@server.service failed.
Asked
Active
Viewed 5.8k times
6
haadaa
- 91
- 1
- 1
- 8
4 Answers
6
TL;DR:
In /etc/openvpn/ your configs must end in .conf and not .ovpn!
Environment
I'm about to make some bold claims that are specific to...
pi@raspberrypi:~ $ uname -a && lsb_release -a
Linux raspberrypi 4.4.50-v7+ #970 SMP Mon Feb 20 19:18:29 GMT 2017 armv7l GNU/Linux
No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 8.0 (jessie)
Release: 8.0
Codename: jessie
(imaged from 2017-04-10-raspbian-jessie-lite)
Steps
1. For me it was enough to simply install OpenVPN via:
sudo apt install openvpn
2. Then copied my offsite-client.ovpn to /etc/openvpn
3. Then I enabled the service via:
sudo systemctl enable openvpn
4. This is the initial state of /etc/default/openvpn:
# This is the configuration file for /etc/init.d/openvpn
Start only these VPNs automatically via init script.
Allowed values are "all", "none" or space separated list of
names of the VPNs. If empty, "all" is assumed.
The VPN name refers to the VPN configutation file name.
i.e. "home" would be /etc/openvpn/home.conf
If you're running systemd, changing this variable will
require running "systemctl daemon-reload" followed by
a restart of the openvpn service (if you removed entries
you may have to stop those manually)
#AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="home office"
WARNING: If you're running systemd the rest of the
options in this file are ignored.
Refresh interval (in seconds) of default status files
located in /var/run/openvpn.$NAME.status
Defaults to 10, 0 disables status file generation
#STATUSREFRESH=10
#STATUSREFRESH=0
Optional arguments to openvpn's command line
OPTARGS=""
If you need openvpn running after sendsigs, i.e.
to let umountnfs work over the vpn, set OMIT_SENDSIGS
to 1 and include umountnfs as Required-Stop: in openvpn's
init.d script (remember to run insserv after that)
OMIT_SENDSIGS=0
I did not need to change anything. (Though I did uncomment AUTOSTART="all" when I was losing my mind, I changed it back and rebooted to confirm the statement If empty, "all" is assumed.)
4. I lost my mind reading 2 dozen articles explaining everything about installing EasyRSA and everything else that was redundant to step #1.
5. I realized that I left the wrong extension on my config and did:
sudo mv /etc/openvpn/offsite-client.ovpn /etc/openvpn/offsite-client.conf
sudo reboot now
And all was well.
Bruno Bronosky
- 1,540
- 17
- 20
3
I solved it. It turned out what was blocking OpenVPN from starting at boot was the local IP. The steps I took to make this work were:
- Commenting out the local IP address in
/etc/openvpn/server.conf - Switching to root with
sudo -s - Adding
@reboot systemctl start openvpn@server.serviceto root's crontab
haadaa
- 91
- 1
- 1
- 8
1
I manage my Pi 3 jessie with Webmin ( don't ask! ) and I found the removing the "local" line was sufficient to enable the VPN server to start.
johnO
- 11
- 1
-1
To me openvpn starts well via systemctl only if I configure static IP of eth0 in the /etc/network/interfaces. Unfortunately this causes double routing entries in the table as the new mechanism for configuration of interfaces is via dhcpcd.
Working, but bad solution is to remove manually doubled entries on boot.
I added static configuration in dhcpcd.conf. I changed target of the openvpn init script to network-online instead network but it is still not enough. I checked in logs that dhcpcd set the IP of the eth0 five seconds after openvpn fails.
A working solution is to deactivate dhcpcd:
systemctl disable dhcpcd.service
and edit /etc/network/interfaces
iface eth0 inet static
address 192.168.0.x
netmask 255.255.255.0
gateway 192.168.0.y
Mateusz Bawaj
- 1
- 1