所以我在 Fedora 34 中启动 openvpn 客户端时遇到问题。
这就是我在终端上得到的信息
[root@mybox ~]# systemctl start openvpn-client@default
Job for [email protected] failed because the control process exited with error code.
See "systemctl status [email protected]" and "journalctl -xeu [email protected]" for details.
[root@mybox ~]# systemctl status openvpn-client@default
× [email protected] - OpenVPN tunnel for default
Loaded: loaded (/usr/lib/systemd/system/[email protected]; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2021-08-09 18:35:01 AEST; 1s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 3970 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config default.conf (code=exited, status=1/FAILURE)
Main PID: 3970 (code=exited, status=1/FAILURE)
CPU: 23ms
Aug 09 18:35:01 mybox systemd[1]: Starting OpenVPN tunnel for default...
Aug 09 18:35:01 mybox openvpn[3970]: Options error: In [CMD-LINE]:1: Error opening configuration file: default.conf
Aug 09 18:35:01 mybox openvpn[3970]: Use --help for more information.
Aug 09 18:35:01 mybox systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Aug 09 18:35:01 mybox systemd[1]: [email protected]: Failed with result 'exit-code'.
Aug 09 18:35:01 mybox systemd[1]: Failed to start OpenVPN tunnel for default.
[root@mybox ~]#
我的配置文件位于
root@mybox client]# ls -al
total 12
drwxr-x---. 1 root openvpn 60 Aug 9 03:47 .
drwxr-xr-x. 1 root root 60 Aug 9 03:47 ..
-rw-r--r--. 1 root openvpn 1818 Dec 8 2020 ca.crt
-rw-------. 1 root openvpn 23 Dec 8 2020 .credentials
-rw-r--r--. 1 root openvpn 535 Aug 9 03:55 default.conf
[root@mybox client]# pwd
/etc/openvpn/client
这些是default.conf的内容
[root@mybox client]# cat default.conf
client
remote usa.my-vpn-server-here.com 1194 udp
remote usa.my-vpn-server-here.com 443 tcp-client
comp-lzo adaptive
ca /etc/openvpn/client/ca.crt
dev tun
tls-client
script-security 2
cipher AES-256-CBC
mute 10
route-delay 5
redirect-gateway def1
resolv-retry infinite
persist-key
persist-tun
remote-cert-tls server
mssfix
auth-user-pass /etc/openvpn/client/.credentials
auth-nocache
这是systemd服务。
我添加了“--verbose 9 --log /var/log/openvpn.log”,希望我能在日志中得到一些东西。但即使运行“systemctl start”后, /var/log/openvpn.log 也不存在。我还在编辑服务文件后运行“systemctl daemon-reload”。
[Unit]
Description=OpenVPN tunnel for %I
After=syslog.target network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/client
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
[Install]
WantedBy=multi-user.target
如果我使用“ExecStart”中的值手动启动 openvpn,我不会收到任何错误。
[root@mybox client]# /usr/sbin/openvpn --suppress-timestamps --nobind --config default.conf --verb 9 --log /var/log/openvpn.log
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
^C[root@mybox client]# /usr/sbin/openvpn --suppress-timestamps --nobind --config default.conf
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
OpenVPN 2.5.3 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 18 2021
library versions: OpenSSL 1.1.1k FIPS 25 Mar 2021, LZO 2.10
TCP/UDP: Preserving recently used remote address: [AF_INET]24.123.153.76:1194
UDP link local: (not bound)
UDP link remote: [AF_INET]24.123.153.76:1194
[my-vpn-server-here.com] Peer Connection Initiated with [AF_INET]24.123.153.76:1194
WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
TUN/TAP device tun0 opened
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 24.123.0.47/16 dev tun0
Initialization Sequence Completed
有什么想法可能是错误的吗?谢谢!
更新1:
- 作为测试,我将 fedora 配置(证书 + .conf + 凭据)文件复制到 Manjaro live USB。我通过 pacman 安装了 openvpn,并且通过 systemd 启动 OpenVPN 没有任何问题。
- 作为另一个测试,我将 .service 文件从 Manjaro live USB 复制到我的 Fedora 设置中并替换了 Fedora[电子邮件受保护]并且仍然无法通过 systemd 启动 OpenVPN。
答案1
在我的情况下,问题通过运行解决了fixfiles -R /etc/openvpn restore
。我从其他地方复制了文件,也许有什么东西(SELinux?)把它弄乱了。
这是我第一次运行 Fedora。