如何通过 systemd 在 Fedora 34 中启动 openvpn 客户端？

所以我在 Fedora 34 中启动 openvpn 客户端时遇到问题。

这就是我在终端上得到的信息

[root@mybox ~]# systemctl start openvpn-client@default
Job for [email protected] failed because the control process exited with error code.
See "systemctl status [email protected]" and "journalctl -xeu [email protected]" for details.
[root@mybox ~]# systemctl status openvpn-client@default
× [email protected] - OpenVPN tunnel for default
     Loaded: loaded (/usr/lib/systemd/system/[email protected]; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Mon 2021-08-09 18:35:01 AEST; 1s ago
       Docs: man:openvpn(8)
             https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
             https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 3970 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config default.conf (code=exited, status=1/FAILURE)
   Main PID: 3970 (code=exited, status=1/FAILURE)
        CPU: 23ms

Aug 09 18:35:01 mybox systemd[1]: Starting OpenVPN tunnel for default...
Aug 09 18:35:01 mybox openvpn[3970]: Options error: In [CMD-LINE]:1: Error opening configuration file: default.conf
Aug 09 18:35:01 mybox openvpn[3970]: Use --help for more information.
Aug 09 18:35:01 mybox systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Aug 09 18:35:01 mybox systemd[1]: [email protected]: Failed with result 'exit-code'.
Aug 09 18:35:01 mybox systemd[1]: Failed to start OpenVPN tunnel for default.
[root@mybox ~]#

我的配置文件位于

root@mybox client]# ls -al
total 12
drwxr-x---. 1 root openvpn   60 Aug  9 03:47 .
drwxr-xr-x. 1 root root      60 Aug  9 03:47 ..
-rw-r--r--. 1 root openvpn 1818 Dec  8  2020 ca.crt
-rw-------. 1 root openvpn   23 Dec  8  2020 .credentials
-rw-r--r--. 1 root openvpn  535 Aug  9 03:55 default.conf
[root@mybox client]# pwd
/etc/openvpn/client

这些是default.conf的内容

[root@mybox client]# cat default.conf 
client
remote usa.my-vpn-server-here.com 1194 udp
remote usa.my-vpn-server-here.com 443 tcp-client

comp-lzo adaptive
ca /etc/openvpn/client/ca.crt
dev tun
tls-client
script-security 2
cipher AES-256-CBC
mute 10

route-delay 5
redirect-gateway def1
resolv-retry infinite
persist-key
persist-tun
remote-cert-tls server
mssfix

auth-user-pass /etc/openvpn/client/.credentials
auth-nocache

这是systemd服务。

我添加了“--verbose 9 --log /var/log/openvpn.log”，希望我能在日志中得到一些东西。但即使运行“systemctl start”后， /var/log/openvpn.log 也不存在。我还在编辑服务文件后运行“systemctl daemon-reload”。

[Unit]
Description=OpenVPN tunnel for %I
After=syslog.target network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/client
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process

[Install]
WantedBy=multi-user.target

如果我使用“ExecStart”中的值手动启动 openvpn，我不会收到任何错误。

[root@mybox client]# /usr/sbin/openvpn --suppress-timestamps --nobind --config default.conf --verb 9 --log /var/log/openvpn.log
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
^C[root@mybox client]# /usr/sbin/openvpn --suppress-timestamps --nobind --config default.conf
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
OpenVPN 2.5.3 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 18 2021
library versions: OpenSSL 1.1.1k  FIPS 25 Mar 2021, LZO 2.10
TCP/UDP: Preserving recently used remote address: [AF_INET]24.123.153.76:1194
UDP link local: (not bound)
UDP link remote: [AF_INET]24.123.153.76:1194
[my-vpn-server-here.com] Peer Connection Initiated with [AF_INET]24.123.153.76:1194
WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
TUN/TAP device tun0 opened
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 24.123.0.47/16 dev tun0
Initialization Sequence Completed

有什么想法可能是错误的吗？谢谢！

---

更新1：

1. 作为测试，我将 fedora 配置（证书 + .conf + 凭据）文件复制到 Manjaro live USB。我通过 pacman 安装了 openvpn，并且通过 systemd 启动 OpenVPN 没有任何问题。
2. 作为另一个测试，我将 .service 文件从 Manjaro live USB 复制到我的 Fedora 设置中并替换了 Fedora[电子邮件受保护]并且仍然无法通过 systemd 启动 OpenVPN。