OpenVPN 服务器抛出“拒绝访问”错误

tag-icon tag-icon openvpn keys
OpenVPN 服务器抛出“拒绝访问”错误

自从我将 Ubuntu 从 1.04 升级到 11.10 后,OpenVPN 就一直拒绝启动,并且一直存在这个错误

Dec 14 19:12:38 oogle ovpn-server[32150]: OpenVPN 2.2.0 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul  4 2011
Dec 14 19:12:38 oogle ovpn-server[32150]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 14 19:12:38 oogle ovpn-server[32150]: Note: cannot open openvpn-status.log for WRITE
Dec 14 19:12:38 oogle ovpn-server[32150]: Note: cannot open ipp.txt for READ/WRITE
Dec 14 19:12:38 oogle ovpn-server[32150]: Diffie-Hellman initialized with 1024 bit key
Dec 14 19:12:38 oogle ovpn-server[32150]: Cannot load private key file server.key: error:0200100D:system library:fopen:Permission denied: error:20074002:BIO routines:FILE_CTRL:system lib: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
Dec 14 19:12:38 oogle ovpn-server[32150]: Error: private key password verification failed
Dec 14 19:12:38 oogle ovpn-server[32150]: Exiting
Dec 14 19:12:46 oogle ovpn-server[32201]: OpenVPN 2.2.0 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul  4 2011
Dec 14 19:12:46 oogle ovpn-server[32201]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 14 19:12:46 oogle ovpn-server[32201]: Note: cannot open openvpn-status.log for WRITE
Dec 14 19:12:46 oogle ovpn-server[32201]: Note: cannot open ipp.txt for READ/WRITE
Dec 14 19:12:46 oogle ovpn-server[32201]: Diffie-Hellman initialized with 1024 bit key
Dec 14 19:12:46 oogle ovpn-server[32201]: Cannot load private key file server.key: error:0200100D:system library:fopen:Permission denied: error:20074002:BIO routines:FILE_CTRL:system lib: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
Dec 14 19:12:46 oogle ovpn-server[32201]: Error: private key password verification failed
Dec 14 19:12:46 oogle ovpn-server[32201]: Exiting

答案1

代表 OP 回答评论

我没有添加sudo/etc/init.d/openvpn start所以它没有启动

答案2

您需要为 openvpn 运行的用户设置权限,以便能够读取/写入日志文件、读取 ssl 密钥/证书文件以及rw /etc/openvpn/ipp.txt(此文件控制谁将获得哪个 IP)。

据我了解您的回答,当您以 root 身份(而非 sudo)启动它时,它可以工作。

注意:如果您的权限看起来没问题,也许是 apparmor 拒绝访问文件。

编辑:您Error: private key password verification failed的日志中有。您的私钥需要密码吗?如果是,您将无法自动启动它。

答案3

奇怪的是,使用命令启动 OpenVPN

sudo /etc/init.d/openvpn start

使用启动时导致此错误

service openvpn start

没有抛出任何错误!

相关内容