Last active
March 23, 2016 20:17
-
-
Save piotr-dobrogost/8e13d962604443e9f278 to your computer and use it in GitHub Desktop.
Starting OpenVPN directly vs as a service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| client | |
| dev tun | |
| proto udp | |
| remote x.x.x.x 1194 | |
| remote y.y.y.y 1194 | |
| resolv-retry infinite | |
| nobind | |
| script-security 2 | |
| up /etc/openvpn/client.up | |
| plugin /usr/lib64/openvpn/plugins/openvpn-plugin-down-root.so "/etc/openvpn/client.down" | |
| persist-key | |
| persist-tun | |
| pkcs12 /etc/openvpn/xxx/piotr.dobrogost.xxx.vpn.p12 | |
| cipher AES-256-CBC | |
| comp-lzo | |
| # logowanie | |
| mute-replay-warnings | |
| verb 3 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Service] | |
| Environment=OPENSSL_ENABLE_MD5_VERIFY=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I | |
| After=network.target | |
| [Service] | |
| PrivateTmp=true | |
| Type=forking | |
| PIDFile=/var/run/openvpn/%i.pid | |
| ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This works | |
| > sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config /etc/openvpn/xxx.conf | |
| # `sudo journalctl` | |
| (...) | |
| Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=2, (...) | |
| Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=1, (...) | |
| Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=0, (...) | |
| (...) | |
| # This does not work | |
| > sudo systemctl start openvpn@xxx | |
| # `sudo journalctl` | |
| (...) | |
| Mar 22 21:51:47 demon openvpn[31587]: VERIFY OK: depth=2, (...) | |
| Mar 22 21:51:47 demon openvpn[31587]: VERIFY ERROR: depth=1, error=certificate signature failure: (...) | |
| (...) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /usr/lib/systemd/system/openvpn@.service | |
| [Unit] | |
| Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I | |
| After=network.target | |
| [Service] | |
| PrivateTmp=true | |
| Type=forking | |
| PIDFile=/var/run/openvpn/%i.pid | |
| Environment=OPENSSL_ENABLE_MD5_VERIFY=1 | |
| ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf | |
| [Install] | |
| WantedBy=multi-user.target | |
| # /etc/systemd/system/openvpn@xxx.service.d/env.conf | |
| [Service] | |
| Environment="OPENSSL_ENABLE_MD5_VERIFY=1" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment