I have openvpn config that users 2 factor authentication.
If I start it manually, by running:
/usr/sbin/openvpn --writepid /run/whatever --cd /etc/openvpn/ --config /etc/openvpn/work.conf
it asks for username, then password (provided by software on my phone), and then password for private key. And then it works.
But if/when I try to start it via normal service call:
=# service openvpn start work
nothing is printed, openvpn doesn't work, and journalctl shows:
=# systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since czw 2015-05-28 10:24:22 CEST; 17min ago
Process: 30395 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 30395 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvpn.service
maj 28 10:24:22 krowka systemd[1]: Starting OpenVPN service...
maj 28 10:41:40 krowka systemd[1]: Started OpenVPN service.
Is there anything I could do to make it work "normally", via "service" call, or any other mean, other than manually building /usr/sbin/openvpn invocation?
Best Answer
No, that's not normal. That's a quirk of System 5
rc
toolsets that invokes a System 5rc
script with two arguments. Therc
script takes the non-standard second argument as the basename of the OpenVPN configuration to use.This is Ubuntu Linux. You aren't using System 5
rc
. You aren't using itsrc
script. You are using systemd. You are using systemd service units, which OpenVPN has in fact had for many years now. systemd service units aren't scripts and don't have script arguments.What they have are template parameters, and OpenVPN was in fact one of the earlier adopters of the template units mechanism when it came along, having had templatized units since at least 2011. (Templatized upstart jobs for OpenVPN have been floating around since at least 2012.)
You're looking at
/lib/systemd/system/openvpn.service
. What you should be looking at is/lib/systemd/system/openvpn@.service
. Instantiate that on the configuration name:systemctl preset openvpn@work.service
systemctl disable openvpn@work.service
systemctl start openvpn@work.service
systemctl stop openvpn@work.service
systemctl status openvpn@work.service
Or just let Debian/Ubuntu do the heavy lifting. There's a unit generator in
/lib/systemd/system-generators/openvpn-generator
that automatically instantiates this template against every*.conf
file in/etc/openvpn
at bootstrap or whensystemctl daemon-reload
is run.Further reading