1. 安裝及修改完 OpenVPN,要啟動時,卻出現錯誤
# systemctl start openvpn@server.service
Job for openvpn@server.service failed because the control process exited with error code. See “systemctl status openvpn@server.service” and “journalctl -xe” for details.
2. 檢查 OpenVPN 服務狀態
# systemctl status openvpn@server.service
● openvpn@server.service – OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 二 2016-08-16 11:31:37 CST; 5min ago
Process: 1883 ExecStart=/usr/sbin/openvpn –daemon –writepid /var/run/openvpn/%i.pid –cd /etc/openvpn/ –config %i.conf (code=exited, status=1/FAILURE)
Main PID: 1845 (code=exited, status=0/SUCCESS)
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server…
8月 16 11:31:37 xxxxx.sytes.net openvpn[1883]: Options error: In [CMD-LINE]:1: Error opening configuration file: server.conf
8月 16 11:31:37 xxxxx.sytes.net openvpn[1883]: Use –help for more information.
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: openvpn@server.service: control process exited, code=exited status=1
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On server.
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: Unit openvpn@server.service entered failed state.
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: openvpn@server.service failed.
[@more@]3. 另外一種檢查方式
# journalctl -xe
— Unit openvpn@server.service has begun starting up.
8月 16 11:31:37 xxxxx.sytes.net openvpn[1883]: Options error: In [CMD-LINE]:1: Error opening configuration file: server.conf
8月 16 11:31:37 xxxxx.sytes.net openvpn[1883]: Use –help for more information.
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: openvpn@server.service: control process exited, code=exited status=1
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On server.
— Subject: Unit openvpn@server.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit openvpn@server.service has failed.
—
— The result is failed.
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: Unit openvpn@server.service entered failed state.
8月 16 11:31:37 xxxxx.sytes.net systemd[1]: openvpn@server.service failed.
8月 16 11:31:37 xxxxx.sytes.net polkitd[1816]: Unregistered Authentication Agent for unix-process:1878:1286078 (system bus name :1.37, object path /
看訊息似乎是無法開啟 /etc/openvpn/server.conf 設定檔
4. 檢查 /etc/openvpn/server.conf 檔案是否存在
# ls -l /etc/openvpn/server.conf
-rw-r–r–. 1 root root 10441 8月 16 11:30 /etc/openvpn/server.conf
5. 檔案正常存在,因為這一台 Server 有開啟 SELinux,所以檢查檔案的屬性
# ls -lZ /etc/openvpn/server.conf*
-rw-r–r–. root root unconfined_u:object_r:admin_home_t:s0 /etc/openvpn/server.conf
-rw-r–r–. root root unconfined_u:object_r:openvpn_etc_t:s0 /etc/openvpn/server.conf.20160816
6. 修改屬性
# chcon -t openvpn_etc_t /etc/openvpn/server.conf
7. 再檢查一次
# ls -lZ /etc/openvpn/server.conf*
-rw-r–r–. root root unconfined_u:object_r:openvpn_etc_t:s0 /etc/openvpn/server.conf
-rw-r–r–. root root unconfined_u:object_r:openvpn_etc_t:s0 /etc/openvpn/server.conf.20160816
8. 啟動 OpenVPN 服務
# systemctl start openvpn@server.service
# systemctl status openvpn@server.service
● openvpn@server.service – OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2016-08-16 11:49:11 CST; 10s ago
Process: 1934 ExecStart=/usr/sbin/openvpn –daemon –writepid /var/run/openvpn/%i.pid –cd /etc/openvpn/ –config %i.conf (code=exited, status=0/SUCCESS)
Main PID: 1935 (openvpn)
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
mq1935 /usr/sbin/openvpn –daemon –writepid /var/run/openvpn/server.pid –cd /etc/openvpn/ –config server.conf
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: GID set to nobody
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: UID set to nobody
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: Listening for incoming TCP connection on [undef]
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: TCPv4_SERVER link local (bound): [undef]
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: TCPv4_SERVER link remote: [undef]
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: MULTI: multi_init called, r=256 v=256
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: IFCONFIG POOL LIST
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: MULTI: TCP INIT maxclients=10 maxevents=14
8月 16 11:49:11 xxxxx.sytes.net openvpn[1935]: Initialization Sequence Completed
因為 /etc/openvpn/server.conf 是我直接複製別台修改好的設定檔,所以才會出現這樣的問題,也提醒自己使用 SELinux 應該注意的事項。