Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Starting OpenVPN directly vs as a service
client
dev tun
proto udp
remote x.x.x.x 1194
remote y.y.y.y 1194
resolv-retry infinite
nobind
script-security 2
up /etc/openvpn/client.up
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-down-root.so "/etc/openvpn/client.down"
persist-key
persist-tun
pkcs12 /etc/openvpn/xxx/piotr.dobrogost.xxx.vpn.p12
cipher AES-256-CBC
comp-lzo
# logowanie
mute-replay-warnings
verb 3
[Service]
Environment=OPENSSL_ENABLE_MD5_VERIFY=1
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target
[Service]
PrivateTmp=true
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
[Install]
WantedBy=multi-user.target
# This works
> sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config /etc/openvpn/xxx.conf
# `sudo journalctl`
(...)
Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=2, (...)
Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=1, (...)
Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=0, (...)
(...)
# This does not work
> sudo systemctl start openvpn@xxx
# `sudo journalctl`
(...)
Mar 22 21:51:47 demon openvpn[31587]: VERIFY OK: depth=2, (...)
Mar 22 21:51:47 demon openvpn[31587]: VERIFY ERROR: depth=1, error=certificate signature failure: (...)
(...)
# /usr/lib/systemd/system/openvpn@.service
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target
[Service]
PrivateTmp=true
Type=forking
PIDFile=/var/run/openvpn/%i.pid
Environment=OPENSSL_ENABLE_MD5_VERIFY=1
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/openvpn@xxx.service.d/env.conf
[Service]
Environment="OPENSSL_ENABLE_MD5_VERIFY=1"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment