OpenVPN failed to start – Ubuntu / LXD issue

Recently I noticed that one of my OpenVPN servers stopped working. It was just after the update on the Ubuntu 16.04.4 LTS. What I found was that the service failed on start:

user@host:~$ sudo systemctl start openvpn@server.service
Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" for details.

The status message was also not helpful:

user@host:~$ sudo systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2018-12-13 14:52:59 CET; 7s ago

Dec 13 14:52:59 vz15951 systemd[1]: Starting OpenVPN connection to server…
Dec 13 14:52:59 vz15951 ovpn-server[1854]: OpenVPN 2.3.18 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Sep 26 2017
Dec 13 14:52:59 vz15951 ovpn-server[1854]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Dec 13 14:52:59 vz15951 ovpn-server[1854]: daemon() failed or unsupported: Resource temporarily unavailable (errno=11)
Dec 13 14:52:59 vz15951 ovpn-server[1854]: Exiting due to fatal error
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
Dec 13 14:52:59 vz15951 systemd[1]: Failed to start OpenVPN connection to server.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Unit entered failed state.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

Anything in the logs?

Unfortunately, logs also don’t look good:

Dec 13 14:52:59 vz15951 systemd[1]: Starting OpenVPN connection to server...
Dec 13 14:52:59 vz15951 ovpn-server[1854]: OpenVPN 2.3.18 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Sep 26 2017
Dec 13 14:52:59 vz15951 ovpn-server[1854]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Dec 13 14:52:59 vz15951 ovpn-server[1854]: daemon() failed or unsupported: Resource temporarily unavailable (errno=11)
Dec 13 14:52:59 vz15951 ovpn-server[1854]: Exiting due to fatal error
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
Dec 13 14:52:59 vz15951 systemd[1]: Failed to start OpenVPN connection to server.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Unit entered failed state.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

There is no clear evidence what failed. I remember that my provider was changing something in the virtual machine configurations recently (the company was bought by the bigger one) and this led me to the simple but brilliant solution…

Service configuration update

There is a known issue with OpenVPN on LXD containers. It has the same symptoms. So I tried to adjust the service configuration file:

user@host:~$ sudo vi /lib/systemd/system/openvpn@.service

I found the line with the LimitNPROC=10 and commented it out:

#LimitNPROC=10

Once updated, I had to perform two more steps – first was the reload of systemctl daemon:

user@host:~$ sudo systemctl daemon-reload

Next, I turned the OpenVPN service on again:

user@host:~$ sudo systemctl start openvpn@server.service

No error message, this looks much better. Let’s take a look at the status:

user@host:~$ sudo systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2018-12-13 15:15:17 CET; 39s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3497 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/
 Main PID: 3498 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3498 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /

Dec 13 15:15:17 vz15951 ovpn-server[3498]: succeeded -> ifconfig_pool_set()
Dec 13 15:15:17 vz15951 ovpn-server[3498]: Initialization Sequence Completed

Wonderful. It is working now. Such a simple solution but it requires a little bit of luck to find it 🙂

23 Replies to “OpenVPN failed to start – Ubuntu / LXD issue”

  1. vim is not allowing me to comment out #LimitNPROC=10, i went to the folder and tried to chane it from there it wouldnt allow me either since its protected

    can you help me change it

    1. Hello Ahmad,

      I can see possible issues here:
      1) you may not be familiar with vi editor – in such case instead of vi, use nano – it should be easier. If you have to use vi, please remember that you have to do the following things:
      – find the place you want to edit
      – enter “insert mode” by pressing “i” letter on the keyboard
      – make your change
      – exit from “insert mode” by pressing ESC on the keyboard
      – enter the command “:wq” which means “I want to write and quit”, remember that the command starts with “:”

      2) there is also a possibility that you skipped “sudo” before your vi command. This file is not editable for everyone so if you want to save it, you have to use “sudo vi [filename]”

      3) there can be other issues not mentioned above, but I need more information to help 🙂

      Dulare

  2. sudo vi /lib/system/system/openvpn@.service when i am using this command it is showing nothing, once its showing the same as to mention above I comment the thing also , I am removing something else and I guess I remove that complete file, now what can I do?

    1. Hi there 🙂

      If the vi command shows nothing, most likely the file you tried to edit (openvpn@.service) was not there and it was created by the editor. You will have to find the proper file location in order to comment out the line mentioned in the post. On the other hand, if you removed the file completely, you can backup your VPN configuration, remove and install it again. Have you checked what is the service file? If it is really openvpn@.service?

  3. Hi Dulare,

    I’ve been stuck for several days and can’t start the VPN serever. I always have this error and can’t continue. Can you help me ?
    I followed this web site : https://blog.vpscheap.net/running-a-vpn-server-on-your-vps-everything-you-need-to-know/

    [root@server system]# systemctl status openvpn@server.service
    * openvpn@server.service – OpenVPN Robust And Highly Flexible Tunneling Application On server
    Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Tue 2020-04-07 14:37:32 UTC; 2min 15s ago
    Process: 930 ExecStart=/usr/sbin/openvpn –cd /etc/openvpn/ –config %i.conf (code=exited, status=1/FAILURE)
    Main PID: 930 (code=exited, status=1/FAILURE)
    Status: “Pre-connection initialization successful”

    Apr 07 14:37:32 server systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server…
    Apr 07 14:37:32 server systemd[1]: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
    Apr 07 14:37:32 server systemd[1]: openvpn@server.service: main process exited, code=exited, status=1/FAILURE
    Apr 07 14:37:32 server systemd[1]: Unit openvpn@server.service entered failed state.
    Apr 07 14:37:32 server systemd[1]: openvpn@server.service failed.
    [root@server system]#
    —–
    [root@server system]# sudo vi /lib/systemd/system/openvpn@.service
    [Unit]
    Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
    After=network.target

    [Service]
    Type=notify
    PrivateTmp=true
    ExecStart=/usr/sbin/openvpn –cd /etc/openvpn/ –config %i.conf

    [Install]
    WantedBy=multi-user.target

    ————-
    [root@server system]# sudo vi /lib/systemd/system/openvpn-server@.service
    [Unit]
    Description=OpenVPN service for %I
    After=syslog.target network-online.target
    Wants=network-online.target
    Documentation=man:openvpn(8)
    Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
    Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

    [Service]
    Type=notify
    PrivateTmp=true
    WorkingDirectory=/etc/openvpn
    ExecStart=/usr/sbin/openvpn –status %t/openvpn-server/status-%i.log –status-version 2 –suppress-timestamps –config %i.conf
    CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
    #LimitNPROC=10
    DeviceAllow=/dev/null rw
    DeviceAllow=/dev/net/tun rw
    ProtectSystem=true
    ProtectHome=true
    KillMode=process
    RestartSec=5s
    Restart=on-failure

    [Install]
    WantedBy=multi-user.target

    —–
    [root@server ~]# sudo vim /etc/openvpn/server.conf

    port 1194
    ;proto tcp
    proto udp
    ;dev tap
    dev tun
    ca /etc/openvpn/easy-rsa/pki/ca.crt
    cert /etc/openvpn/easy-rsa/pki/issued/server.crt
    key /etc/openvpn/easy-rsa/pki/private/server.key
    dh /etc/openvpn/easy-rsa/pki/dh.pem
    topology subnet
    server 10.8.0.0 255.255.255.0
    ;ifconfig-pool-persist ipp.txt
    ;ifconfig-push
    push “redirect-gateway def1 bypass-dhcp”
    push “dhcp-option DNS 8.8.8.8”
    push “dhcp-option DNS 8.8.4.4”
    duplicate-cn
    keepalive 10 120
    ;tls-auth ta.key 0 # This file is secret
    tls-crypt mykey.tls
    remote-cert-eku “TLS Web Client Authentication”
    cipher AES-256-CBC
    compress lz4-v2
    push “compress lz4-v2”
    persist-key
    persist-tun
    daemon
    status /var/log/openvpn/openvpn-status.log
    ;log openvpn.log
    log-append /var/log/openvpn/openvpn.log
    verb 4
    explicit-exit-notify 1

    1. Hello Diego,

      You should do one of the things:
      1) Execute OpenVPN server manually (not as a service) with verbose information turned on and review the messages
      2) Review log files (/var/log/messages) to see what is reported

      This should lead you to the root of the problem.

      1. Hello Dulare,

        thank for your answer. This is what I got from: (/var/log/messages)

        Apr 7 14:37:19 server systemd: Reloading.
        Apr 7 14:37:19 server systemd: Binding to IPv6 address not available since kernel does not support IPv6.
        Apr 7 14:37:19 server systemd: Binding to IPv6 address not available since kernel does not support IPv6.
        Apr 7 14:37:19 server systemd: [/usr/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
        Apr 7 14:37:32 server systemd: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server…
        Apr 7 14:37:32 server systemd: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
        Apr 7 14:37:32 server systemd: openvpn@server.service: main process exited, code=exited, status=1/FAILURE
        Apr 7 14:37:32 server systemd: Unit openvpn@server.service entered failed state.
        Apr 7 14:37:32 server systemd: openvpn@server.service failed.

        —————–

        Regarding to execute OpenVPN server manually, do you mean with this command, or do you have a different one?

        [root@server log]# openvpn –config /etc/openvpn/tun0.conf –verb 6 // verbose output
        Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/tun0.conf
        Use –help for more information.

        Thanks

        1. Hello Diego,

          The log is not really helpful, so let’s take a look at the manual start.
          Your config file is here /etc/openvpn/server.conf as far as I can tell from your previous comment. So try to execute OpenVPN the following way:

          # openvpn –config /etc/openvpn/server.conf –verb 6

          This should do the trick 🙂

          1. Hello Dulare.

            Now it seems to work, so every time I restart the server can I just start it manually?
            you say there is a way to solve the problem in “openvpn@server.service?
            Thanks again

            ———
            [root@server ~]# openvpn –config /etc/openvpn/server.conf –verb 6
            Options error: I’m trying to parse “–config” as an –option parameter but I don’t see a leading ‘–‘
            Use –help for more information.
            [root@server ~]# openvpn –config /etc/openvpn/server.conf –verb 6
            [root@server ~]# systemctl status openvpn@server.service
            * openvpn@server.service – OpenVPN Robust And Highly Flexible Tunneling Application On server
            Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
            Active: active (running) since Wed 2020-04-08 08:07:46 UTC; 4min 43s ago
            Main PID: 392 (openvpn)
            Status: “Initialization Sequence Completed”
            CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
            `-392 /usr/sbin/openvpn –cd /etc/openvpn/ –config server.conf

            Apr 07 14:34:23 server systemd[1]: openvpn@server.service: main process exited, code=exited, status=1/FAILURE
            Apr 07 14:34:23 server systemd[1]: Unit openvpn@server.service entered failed state.
            Apr 07 14:34:23 server systemd[1]: openvpn@server.service failed.
            Apr 07 14:37:32 server systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server…
            Apr 07 14:37:32 server systemd[1]: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
            Apr 07 14:37:32 server systemd[1]: openvpn@server.service: main process exited, code=exited, status=1/FAILURE
            Apr 07 14:37:32 server systemd[1]: Unit openvpn@server.service entered failed state.
            Apr 07 14:37:32 server systemd[1]: openvpn@server.service failed.
            Apr 08 08:07:46 server systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server…
            Apr 08 08:07:46 server systemd[1]: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
            [root@server ~]#

          2. It is good that it worked manually. Yes, you can start it manually if needed. However, it would be better to find the source of the issue, which is most likely related to the openvpn@server.service configuration file.

            You can try to edit this line in your /lib/systemd/system/openvpn@.service file:
            ExecStart=/usr/sbin/openvpn –status %t/openvpn-server/status-%i.log –status-version 2 –suppress-timestamps –config %i.conf

            Instead of %i.conf you can enter your configuration file location, so it should look like:
            ExecStart=/usr/sbin/openvpn –status %t/openvpn-server/status-%i.log –status-version 2 –suppress-timestamps –config /etc/openvpn/server.conf

            But this is only my guess, not the solution I’m sure will work

  4. Hello Dulare.
    I installed open vpn in Ubuntu 18.04 (DELL lap top and using Mobile hotspot), but not working, below are the steps I followed –
    >sudo apt-get install openvpn
    > sudo openvpn –config client.opvn
    >sudo systemctl start openvpn@client.service
    >sudo systemctl status openvpn@client.service
    I got this error log from above status command –
    >ERROR: Linux route add command failed: external program exited with error status: 2
    May 29 17:06:48 ovpn-client[1309]: /sbin/ip route add 10.0.0.0/16 metric 101 via 172.27.232.1
    May 29 17:06:48 openvpn[1309]: RTNETLINK answers: File exists
    May 29 17:06:48 ovpn-client[1309]: ERROR: Linux route add command failed: external program exited with error status: 2
    May 29 17:06:48 ovpn-client[1309]: Initialization Sequence Completed
    May 29 17:49:02 ovpn-client[1309]: write UDP: Network is unreachable (code=101)
    May 29 17:49:03 ovpn-client[1309]: write UDP: Network is unreachable (code=101)
    May 29 17:49:04 ovpn-client[1309]: write UDP: Network is unreachable (code=101)

    Thanks,

    1. Hello Mahesh,

      It looks like your issue is related to the same subnet used by your VPN server and your VPN client. The server is not able to add the route to the 10.0.0.0/16 subnet since this route already exists. It looks like your VPN client is already connected to the subnet with the same parameters.

    1. Hello Krish,

      There is also a second part of this message, please use “journalctl -xe” or “systemctl status openvpn@server.service” in order to see what happened. You can also take a look at logs. There is no easy way to help you as long as we don’t know what happened. Try the above commands and let me know what you found 🙂

  5. Hello,
    i have a similar problem openvpn won’t start.
    “jurnalctl -xe” gives:
    journalctl -xe
    — The job identifier is 126599.
    Oct 03 21:35:31 Mainframe systemd[1]: Started OpenVPN connection to Mainframe.
    — Subject: A start job for unit openvpn@Mainframe.service has finished successfully
    — Defined-By: systemd
    — Support: http://www.ubuntu.com/support

    — A start job for unit openvpn@Mainframe.service has finished successfully.

    — The job identifier is 126599.
    Oct 03 21:35:31 Mainframe systemd[1]: openvpn@Mainframe.service: Main process exited, code=exited, status=1/FAILURE
    — Subject: Unit process exited
    — Defined-By: systemd
    — Support: http://www.ubuntu.com/support

    — An ExecStart= process belonging to unit openvpn@Mainframe.service has exited.

    — The process’ exit code is ‘exited’ and its exit status is 1.
    Oct 03 21:35:31 Mainframe systemd[1]: openvpn@Mainframe.service: Failed with result ‘exit-code’.
    — Subject: Unit failed
    — Defined-By: systemd
    — Support: http://www.ubuntu.com/support

    — The unit openvpn@Mainframe.service has entered the ‘failed’ state with result ‘exit-code’.
    lines 7154-7176/7176 (END)
    — The job identifier is 126599.
    Oct 03 21:35:31 Mainframe systemd[1]: Started OpenVPN connection to Mainframe.
    — Subject: A start job for unit openvpn@Mainframe.service has finished successfully
    — Defined-By: systemd
    — Support: http://www.ubuntu.com/support

    — A start job for unit openvpn@Mainframe.service has finished successfully.

    — The job identifier is 126599.
    Oct 03 21:35:31 Mainframe systemd[1]: openvpn@Mainframe.service: Main process exited, code=exited, status=1/FAILURE
    — Subject: Unit process exited
    — Defined-By: systemd
    — Support: http://www.ubuntu.com/support

    — An ExecStart= process belonging to unit openvpn@Mainframe.service has exited.

    — The process’ exit code is ‘exited’ and its exit status is 1.
    Oct 03 21:35:31 Mainframe systemd[1]: openvpn@Mainframe.service: Failed with result ‘exit-code’.
    — Subject: Unit failed
    — Defined-By: systemd
    — Support: http://www.ubuntu.com/support

    — The unit openvpn@Mainframe.service has entered the ‘failed’ state with result ‘exit-code’.

    and systemctl status openvpn@Mainframe.service gives:
    sudo systemctl status openvpn@Mainframe.service
    openvpn@Mainframe.service – OpenVPN connection to Mainframe
    Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
    Active: activating (auto-restart) (Result: exit-code) since Sat 2020-10-03 21:39:07 UTC; 4s ago
    Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 25542 ExecStart=/usr/sbin/openvpn –daemon ovpn-Mainframe –status /run/openvpn/Mainframe.status 10 –c>
    Main PID: 25542 (code=exited, status=1/FAILURE)
    Status: “Pre-connection initialization successful”

    Oct 03 21:39:07 Mainframe systemd[1]: openvpn@Mainframe.service: Main process exited, code=exited, status=1/FAILURE
    Oct 03 21:39:07 Mainframe systemd[1]: openvpn@Mainframe.service: Failed with result ‘exit-code’.

    1. Hello Jeroen,

      Have you taken a look at the logs? It would be also good to know what system are you working on. You can start your OpenVPN server manually, not in the background, and see what it will display. To execute OpenVPN with the verbose output you can use:

      # openvpn –config /etc/openvpn/server.conf –verb 6

      Assuming that your configuration is under /etc/openvpn/server.conf
      Please let me know what you received.

      1. Hello Dulare,
        A yes my system is running ubuntu server 20.04 LTS.
        openvpn –version gives:

        OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2019
        library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
        Originally developed by James Yonan
        Copyright (C) 2002-2018 OpenVPN Inc
        Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

        The logs in /etc/openvpn/servers/Masinframe/logs are empty.
        The log /var/log/messages has some errors about livepatch but none for openvpn.

        When i start openvpn manually i get:
        openvpn –config /etc/openvpn/Mainframe.conf –verb 6

        Sun Oct 4 06:48:36 2020 Warning: Error redirecting stdout/stderr to –log file: servers/Mainframe/logs/openvpn.log: No such file or directory (errno=2)
        Options error: –dh fails with ‘keys/mainframe/dh2048.pem’: No such file or directory (errno=2)
        Options error: –ca fails with ‘keys/mainframe/ca.crt’: No such file or directory (errno=2)
        Options error: –cert fails with ‘keys/mainframe/server_mainframe.crt’: No such file or directory (errno=2)
        Sun Oct 4 06:48:36 2020 us=223357 WARNING: cannot stat file ‘keys/mainframe/server_mainframe.key’: No such file or directory (errno=2)
        Options error: –key fails with ‘keys/mainframe/server_mainframe.key’: No such file or directory (errno=2)
        Options error: –crl-verify fails with ‘keys/mainframe/crl.pem’: No such file or directory (errno=2)
        Options error: –status fails with ‘servers/Mainframe/logs/openvpn-status.log’: No such file or directory (errno=2)
        Options error: Please correct these errors.
        Use –help for more information.

        if i look in the folders openvpn gives errors on all the files are there.
        so the .log and cert files are all in the right place like above.

        1. Have you executed the:
          openvpn –config /etc/openvpn/Mainframe.conf –verb 6
          as the root? If you executed as a root or using sudo and the “No such file” error is still visible, you have to check the permissions to these files and directories. As the second step, you can adjust the paths in the config file to use the absolute path (starting from / directory).

          1. Yes I executed the command with root (sudo) and get the same errors. The permissions are all root:

            drwxr-xr-x 2 root root 4096 Oct 3 18:09 .
            drwxr-xr-x 3 root root 4096 Oct 3 18:07 ..
            -rw-r–r– 1 root root 5324 Oct 3 18:09 01.pem
            -rw-r–r– 1 root root 5180 Oct 3 18:09 02.pem
            -rw-r–r– 1 root root 273 Oct 3 18:07 ca.config
            -rw-r–r– 1 root root 1541 Oct 3 18:07 ca.crt
            -rw——- 1 root root 1704 Oct 3 18:07 ca.key
            -rw——- 1 root root 3245 Oct 3 18:07 ca.pem
            -rw-r–r– 1 root root 646 Oct 3 18:07 crl.pem
            -rw-r–r– 1 root root 424 Oct 3 18:07 dh2048.pem
            -rw-r–r– 1 root root 258 Oct 3 18:09 index.txt
            -rw-r–r– 1 root root 21 Oct 3 18:09 index.txt.attr
            -rw-r–r– 1 root root 21 Oct 3 18:09 index.txt.attr.old
            -rw-r–r– 1 root root 134 Oct 3 18:09 index.txt.old
            -rw-r–r– 1 root root 5180 Oct 3 18:09 jeroen.crt
            -rw-r–r– 1 root root 1058 Oct 3 18:09 jeroen.csr
            -rw——- 1 root root 1854 Oct 3 18:09 jeroen.key
            -rw——- 1 root root 3941 Oct 3 18:09 jeroen.p12
            -rw-r–r– 1 root root 3 Oct 3 18:09 serial
            -rw-r–r– 1 root root 3 Oct 3 18:09 serial.old
            -rw-r–r– 1 root root 5324 Oct 3 18:09 server_mainframe.crt
            -rw-r–r– 1 root root 1074 Oct 3 18:09 server_mainframe.csr
            -rw——- 1 root root 1704 Oct 3 18:09 server_mainframe.key
            -rw——- 1 root root 3973 Oct 3 18:09 server_mainframe.p12
            -rw-r–r– 1 root root 86 Oct 3 18:09 server_mainframe.server

            I will try to use the absolute path in the config file.

  6. I do not get any error if i use the absolute path with:
    sudo openvpn –config /etc/openvpn/Mainframe.conf –verb 6

    do i check the status for the above command with :
    sudo systemctl status openvpn@Mainframe
    or
    sudo systemctl status openvpn@Mainframe.service
    because the first gives errors

    openvpn@Mainframe.service – OpenVPN connection to Mainframe
    Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
    Active: activating (auto-restart) (Result: exit-code) since Sun 2020-10-04 08:37:36 UTC; 3s ago
    Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 122237 ExecStart=/usr/sbin/openvpn –daemon ovpn-Mainframe –status /run/openvpn/Mainframe.status 10 –cd /etc/ope>
    Main PID: 122237 (code=exited, status=1/FAILURE)

    The second gives:
    openvpn@Mainframe.service – OpenVPN connection to Mainframe
    Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
    Active: activating (auto-restart) (Result: exit-code) since Sun 2020-10-04 08:39:11 UTC; 5s ago
    Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 122451 ExecStart=/usr/sbin/openvpn –daemon ovpn-Mainframe –status /run/openvpn/Mainframe.status 10 –cd /etc/ope>
    Main PID: 122451 (code=exited, status=1/FAILURE)

    Oct 04 08:39:16 Mainframe systemd[1]: openvpn@Mainframe.service: Scheduled restart job, restart counter is at 9352.
    Oct 04 08:39:16 Mainframe systemd[1]: Stopped OpenVPN connection to Mainframe.
    Oct 04 08:39:16 Mainframe systemd[1]: Starting OpenVPN connection to Mainframe…

    The second one is how it should be i think.

    1. If you have two services, the one that is named “openvpn@Mainframe” and the second that is named “openvpn@Mainframe.service” you should know which one you want to run. Most likely it is “openvpn@Mainframe.service” since this is the typical name for the OpenVPN service.

      Looking at your comments, I’m not sure what is the current status. You were able to execute:
      sudo openvpn –config /etc/openvpn/Mainframe.conf –verb 6
      and it was running without errors as far as I can tell. Am I correct?

      Have you tried to connect to your OpenVPN server once it was running? This gives additional information about the state of the server.

      1. Hello dulare,
        I think it should be openvpn@Mainframe.service. the other one is an old one that i tried before.

        If i do sudo openvpn –config /etc/openvpn/Mainframe.conf -verb 6″ I get no errors.
        If i do “sudo systemctl status openvpn@Mainframe.service¨ i get:
        openvpn@Mainframe.service – OpenVPN connection to Mainframe
        Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
        Active: activating (auto-restart) (Result: exit-code) since Sun 2020-10-04 08:39:11 UTC; 5s ago
        Docs: man:openvpn(8)
        https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
        https://community.openvpn.net/openvpn/wiki/HOWTO
        Process: 122451 ExecStart=/usr/sbin/openvpn –daemon ovpn-Mainframe –status /run/openvpn/Mainframe.status 10 –cd /etc/ope>
        Main PID: 122451 (code=exited, status=1/FAILURE)

        Oct 04 08:39:16 Mainframe systemd[1]: openvpn@Mainframe.service: Scheduled restart job, restart counter is at 9352.
        Oct 04 08:39:16 Mainframe systemd[1]: Stopped OpenVPN connection to Mainframe.
        Oct 04 08:39:16 Mainframe systemd[1]: Starting OpenVPN connection to Mainframe…

        so that look ok.
        I tried to connect via de command line in my ubuntu desktop 20.04 machine.
        with: sudo openvpn –config /home/jeroen/Documenten/vpn/openvpn/2/jeroen/jeroen.conf –verb 6

        Sun Oct 4 18:06:54 2020 us=188724 WARNING: Ignoring option ‘dh’ in tls-client mode, please only include this in your server configuration
        Sun Oct 4 18:06:54 2020 us=188795 WARNING: file ‘/home/jeroen/Documenten/vpn/openvpn/2/jeroen/jeroen.key’ is group or others accessible
        Sun Oct 4 18:06:54 2020 us=188809 Current Parameter Settings:
        Sun Oct 4 18:06:54 2020 us=188820 config = ‘/home/jeroen/Documenten/vpn/openvpn/2/jeroen/jeroen.conf’
        Sun Oct 4 18:06:54 2020 us=188830 mode = 0
        Sun Oct 4 18:06:54 2020 us=188837 persist_config = DISABLED
        Sun Oct 4 18:06:54 2020 us=188845 persist_mode = 1
        Sun Oct 4 18:06:54 2020 us=188852 show_ciphers = DISABLED
        Sun Oct 4 18:06:54 2020 us=188860 show_digests = DISABLED
        Sun Oct 4 18:06:54 2020 us=188871 show_engines = DISABLED
        Sun Oct 4 18:06:54 2020 us=188879 genkey = DISABLED
        Sun Oct 4 18:06:54 2020 us=188885 key_pass_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=188893 show_tls_ciphers = DISABLED
        Sun Oct 4 18:06:54 2020 us=188902 connect_retry_max = 0
        Sun Oct 4 18:06:54 2020 us=188908 Connection profiles [0]:
        Sun Oct 4 18:06:54 2020 us=188917 proto = udp
        Sun Oct 4 18:06:54 2020 us=188923 local = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=188931 local_port = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=188938 remote = ‘www.yoloen.nl’
        Sun Oct 4 18:06:54 2020 us=188946 remote_port = ‘1194’
        Sun Oct 4 18:06:54 2020 us=188952 remote_float = ENABLED
        Sun Oct 4 18:06:54 2020 us=188960 bind_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=188968 bind_local = DISABLED
        Sun Oct 4 18:06:54 2020 us=188976 bind_ipv6_only = DISABLED
        Sun Oct 4 18:06:54 2020 us=188984 connect_retry_seconds = 5
        Sun Oct 4 18:06:54 2020 us=188993 connect_timeout = 120
        Sun Oct 4 18:06:54 2020 us=189002 socks_proxy_server = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189010 socks_proxy_port = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189019 tun_mtu = 1500
        Sun Oct 4 18:06:54 2020 us=189028 tun_mtu_defined = ENABLED
        Sun Oct 4 18:06:54 2020 us=189036 link_mtu = 1500
        Sun Oct 4 18:06:54 2020 us=189044 link_mtu_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=189052 tun_mtu_extra = 0
        Sun Oct 4 18:06:54 2020 us=189061 tun_mtu_extra_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=189069 mtu_discover_type = -1
        Sun Oct 4 18:06:54 2020 us=189077 fragment = 0
        Sun Oct 4 18:06:54 2020 us=189085 mssfix = 1450
        Sun Oct 4 18:06:54 2020 us=189094 explicit_exit_notification = 0
        Sun Oct 4 18:06:54 2020 us=189102 Connection profiles END
        Sun Oct 4 18:06:54 2020 us=189110 remote_random = DISABLED
        Sun Oct 4 18:06:54 2020 us=189118 ipchange = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189127 dev = ‘tun’
        Sun Oct 4 18:06:54 2020 us=189135 dev_type = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189143 dev_node = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189151 lladdr = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189159 topology = 1
        Sun Oct 4 18:06:54 2020 us=189167 ifconfig_local = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189175 ifconfig_remote_netmask = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189184 ifconfig_noexec = DISABLED
        Sun Oct 4 18:06:54 2020 us=189192 ifconfig_nowarn = DISABLED
        Sun Oct 4 18:06:54 2020 us=189200 ifconfig_ipv6_local = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189208 ifconfig_ipv6_netbits = 0
        Sun Oct 4 18:06:54 2020 us=189216 ifconfig_ipv6_remote = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189224 shaper = 0
        Sun Oct 4 18:06:54 2020 us=189232 mtu_test = 0
        Sun Oct 4 18:06:54 2020 us=189240 mlock = DISABLED
        Sun Oct 4 18:06:54 2020 us=189249 keepalive_ping = 10
        Sun Oct 4 18:06:54 2020 us=189257 keepalive_timeout = 120
        Sun Oct 4 18:06:54 2020 us=189265 inactivity_timeout = 0
        Sun Oct 4 18:06:54 2020 us=189273 ping_send_timeout = 10
        Sun Oct 4 18:06:54 2020 us=189281 ping_rec_timeout = 120
        Sun Oct 4 18:06:54 2020 us=189289 ping_rec_timeout_action = 2
        Sun Oct 4 18:06:54 2020 us=189297 ping_timer_remote = DISABLED
        Sun Oct 4 18:06:54 2020 us=189305 remap_sigusr1 = 0
        Sun Oct 4 18:06:54 2020 us=189314 persist_tun = ENABLED
        Sun Oct 4 18:06:54 2020 us=189327 persist_local_ip = DISABLED
        Sun Oct 4 18:06:54 2020 us=189339 persist_remote_ip = DISABLED
        Sun Oct 4 18:06:54 2020 us=189351 persist_key = ENABLED
        Sun Oct 4 18:06:54 2020 us=189363 passtos = DISABLED
        Sun Oct 4 18:06:54 2020 us=189375 resolve_retry_seconds = 1000000000
        Sun Oct 4 18:06:54 2020 us=189387 resolve_in_advance = DISABLED
        Sun Oct 4 18:06:54 2020 us=189398 username = ‘nobody’
        Sun Oct 4 18:06:54 2020 us=189409 groupname = ‘nogroup’
        Sun Oct 4 18:06:54 2020 us=189421 chroot_dir = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189432 cd_dir = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189445 writepid = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189456 up_script = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189467 down_script = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189478 down_pre = DISABLED
        Sun Oct 4 18:06:54 2020 us=189488 up_restart = DISABLED
        Sun Oct 4 18:06:54 2020 us=189500 up_delay = DISABLED
        Sun Oct 4 18:06:54 2020 us=189512 daemon = DISABLED
        Sun Oct 4 18:06:54 2020 us=189524 inetd = 0
        Sun Oct 4 18:06:54 2020 us=189535 log = DISABLED
        Sun Oct 4 18:06:54 2020 us=189548 suppress_timestamps = DISABLED
        Sun Oct 4 18:06:54 2020 us=189560 machine_readable_output = DISABLED
        Sun Oct 4 18:06:54 2020 us=189573 nice = 0
        Sun Oct 4 18:06:54 2020 us=189586 verbosity = 6
        Sun Oct 4 18:06:54 2020 us=189600 mute = 0
        Sun Oct 4 18:06:54 2020 us=189614 gremlin = 0
        Sun Oct 4 18:06:54 2020 us=189626 status_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189638 status_file_version = 1
        Sun Oct 4 18:06:54 2020 us=189652 status_file_update_freq = 60
        Sun Oct 4 18:06:54 2020 us=189665 occ = ENABLED
        Sun Oct 4 18:06:54 2020 us=189679 rcvbuf = 0
        Sun Oct 4 18:06:54 2020 us=189692 sndbuf = 0
        Sun Oct 4 18:06:54 2020 us=189706 mark = 0
        Sun Oct 4 18:06:54 2020 us=189719 sockflags = 0
        Sun Oct 4 18:06:54 2020 us=189733 fast_io = DISABLED
        Sun Oct 4 18:06:54 2020 us=189746 comp.alg = 2
        Sun Oct 4 18:06:54 2020 us=189761 comp.flags = 1
        Sun Oct 4 18:06:54 2020 us=189774 route_script = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189788 route_default_gateway = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189802 route_default_metric = 0
        Sun Oct 4 18:06:54 2020 us=189816 route_noexec = DISABLED
        Sun Oct 4 18:06:54 2020 us=189830 route_delay = 0
        Sun Oct 4 18:06:54 2020 us=189838 route_delay_window = 30
        Sun Oct 4 18:06:54 2020 us=189846 route_delay_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=189854 route_nopull = DISABLED
        Sun Oct 4 18:06:54 2020 us=189862 route_gateway_via_dhcp = DISABLED
        Sun Oct 4 18:06:54 2020 us=189871 allow_pull_fqdn = DISABLED
        Sun Oct 4 18:06:54 2020 us=189879 management_addr = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189887 management_port = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189895 management_user_pass = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189904 management_log_history_cache = 250
        Sun Oct 4 18:06:54 2020 us=189911 management_echo_buffer_size = 100
        Sun Oct 4 18:06:54 2020 us=189920 management_write_peer_info_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189929 management_client_user = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189937 management_client_group = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189945 management_flags = 0
        Sun Oct 4 18:06:54 2020 us=189953 shared_secret_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=189962 key_direction = not set
        Sun Oct 4 18:06:54 2020 us=189970 ciphername = ‘AES-256-CBC’
        Sun Oct 4 18:06:54 2020 us=189978 ncp_enabled = ENABLED
        Sun Oct 4 18:06:54 2020 us=189987 ncp_ciphers = ‘AES-256-GCM:AES-128-GCM’
        Sun Oct 4 18:06:54 2020 us=189995 authname = ‘SHA1’
        Sun Oct 4 18:06:54 2020 us=190004 prng_hash = ‘SHA1’
        Sun Oct 4 18:06:54 2020 us=190012 prng_nonce_secret_len = 16
        Sun Oct 4 18:06:54 2020 us=190021 keysize = 0
        Sun Oct 4 18:06:54 2020 us=190029 engine = DISABLED
        Sun Oct 4 18:06:54 2020 us=190037 replay = ENABLED
        Sun Oct 4 18:06:54 2020 us=190045 mute_replay_warnings = DISABLED
        Sun Oct 4 18:06:54 2020 us=190054 replay_window = 64
        Sun Oct 4 18:06:54 2020 us=190062 replay_time = 15
        Sun Oct 4 18:06:54 2020 us=190070 packet_id_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190078 use_iv = ENABLED
        Sun Oct 4 18:06:54 2020 us=190086 test_crypto = DISABLED
        Sun Oct 4 18:06:54 2020 us=190094 tls_server = DISABLED
        Sun Oct 4 18:06:54 2020 us=190103 tls_client = ENABLED
        Sun Oct 4 18:06:54 2020 us=190111 key_method = 2
        Sun Oct 4 18:06:54 2020 us=190120 ca_file = ‘/home/jeroen/Documenten/vpn/openvpn/2/jeroen/ca.crt’
        Sun Oct 4 18:06:54 2020 us=190128 ca_path = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190136 dh_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190145 cert_file = ‘/home/jeroen/Documenten/vpn/openvpn/2/jeroen/jeroen.crt’
        Sun Oct 4 18:06:54 2020 us=190153 extra_certs_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190162 priv_key_file = ‘/home/jeroen/Documenten/vpn/openvpn/2/jeroen/jeroen.key’
        Sun Oct 4 18:06:54 2020 us=190171 pkcs12_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190179 cipher_list = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190187 cipher_list_tls13 = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190195 tls_cert_profile = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190203 tls_verify = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190210 tls_export_cert = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190219 verify_x509_type = 0
        Sun Oct 4 18:06:54 2020 us=190227 verify_x509_name = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190235 crl_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190244 ns_cert_type = 0
        Sun Oct 4 18:06:54 2020 us=190252 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190260 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190268 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190275 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190283 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190291 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190299 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190307 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190315 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190323 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190330 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190338 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190346 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190354 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190362 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190369 remote_cert_ku[i] = 0
        Sun Oct 4 18:06:54 2020 us=190378 remote_cert_eku = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190386 ssl_flags = 0
        Sun Oct 4 18:06:54 2020 us=190394 tls_timeout = 2
        Sun Oct 4 18:06:54 2020 us=190402 renegotiate_bytes = -1
        Sun Oct 4 18:06:54 2020 us=190411 renegotiate_packets = 0
        Sun Oct 4 18:06:54 2020 us=190419 renegotiate_seconds = 3600
        Sun Oct 4 18:06:54 2020 us=190427 handshake_window = 60
        Sun Oct 4 18:06:54 2020 us=190435 transition_window = 3600
        Sun Oct 4 18:06:54 2020 us=190444 single_session = DISABLED
        Sun Oct 4 18:06:54 2020 us=190452 push_peer_info = DISABLED
        Sun Oct 4 18:06:54 2020 us=190460 tls_exit = DISABLED
        Sun Oct 4 18:06:54 2020 us=190468 tls_auth_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190476 tls_crypt_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190485 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190493 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190501 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190509 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190517 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190525 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190533 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190542 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190550 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190558 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190566 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190574 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190582 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190590 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190598 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190606 pkcs11_protected_authentication = DISABLED
        Sun Oct 4 18:06:54 2020 us=190615 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190623 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190631 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190639 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190648 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190655 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190663 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190671 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190679 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190687 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190695 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190703 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190711 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190718 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190726 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190734 pkcs11_private_mode = 00000000
        Sun Oct 4 18:06:54 2020 us=190742 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190750 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190758 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190766 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190774 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190781 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190789 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190798 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190805 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190813 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190821 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190829 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190837 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190845 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190853 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190861 pkcs11_cert_private = DISABLED
        Sun Oct 4 18:06:54 2020 us=190869 pkcs11_pin_cache_period = -1
        Sun Oct 4 18:06:54 2020 us=190877 pkcs11_id = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=190885 pkcs11_id_management = DISABLED
        Sun Oct 4 18:06:54 2020 us=190895 server_network = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=190904 server_netmask = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=190921 server_network_ipv6 = ::
        Sun Oct 4 18:06:54 2020 us=190930 server_netbits_ipv6 = 0
        Sun Oct 4 18:06:54 2020 us=190939 server_bridge_ip = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=190948 server_bridge_netmask = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=190956 server_bridge_pool_start = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=190965 server_bridge_pool_end = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=190974 ifconfig_pool_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=190983 ifconfig_pool_start = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=190996 ifconfig_pool_end = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=191005 ifconfig_pool_netmask = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=191013 ifconfig_pool_persist_filename = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191022 ifconfig_pool_persist_refresh_freq = 600
        Sun Oct 4 18:06:54 2020 us=191030 ifconfig_ipv6_pool_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=191039 ifconfig_ipv6_pool_base = ::
        Sun Oct 4 18:06:54 2020 us=191048 ifconfig_ipv6_pool_netbits = 0
        Sun Oct 4 18:06:54 2020 us=191056 n_bcast_buf = 256
        Sun Oct 4 18:06:54 2020 us=191064 tcp_queue_limit = 64
        Sun Oct 4 18:06:54 2020 us=191073 real_hash_size = 256
        Sun Oct 4 18:06:54 2020 us=191081 virtual_hash_size = 256
        Sun Oct 4 18:06:54 2020 us=191089 client_connect_script = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191097 learn_address_script = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191105 client_disconnect_script = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191114 client_config_dir = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191122 ccd_exclusive = DISABLED
        Sun Oct 4 18:06:54 2020 us=191130 tmp_dir = ‘/tmp’
        Sun Oct 4 18:06:54 2020 us=191138 push_ifconfig_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=191147 push_ifconfig_local = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=191159 push_ifconfig_remote_netmask = 0.0.0.0
        Sun Oct 4 18:06:54 2020 us=191169 push_ifconfig_ipv6_defined = DISABLED
        Sun Oct 4 18:06:54 2020 us=191178 push_ifconfig_ipv6_local = ::/0
        Sun Oct 4 18:06:54 2020 us=191186 push_ifconfig_ipv6_remote = ::
        Sun Oct 4 18:06:54 2020 us=191195 enable_c2c = DISABLED
        Sun Oct 4 18:06:54 2020 us=191203 duplicate_cn = DISABLED
        Sun Oct 4 18:06:54 2020 us=191223 cf_max = 0
        Sun Oct 4 18:06:54 2020 us=191233 cf_per = 0
        Sun Oct 4 18:06:54 2020 us=191241 max_clients = 1024
        Sun Oct 4 18:06:54 2020 us=191250 max_routes_per_client = 256
        Sun Oct 4 18:06:54 2020 us=191259 auth_user_pass_verify_script = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191267 auth_user_pass_verify_script_via_file = DISABLED
        Sun Oct 4 18:06:54 2020 us=191275 auth_token_generate = DISABLED
        Sun Oct 4 18:06:54 2020 us=191284 auth_token_lifetime = 0
        Sun Oct 4 18:06:54 2020 us=191291 port_share_host = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191299 port_share_port = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191307 client = ENABLED
        Sun Oct 4 18:06:54 2020 us=191316 pull = ENABLED
        Sun Oct 4 18:06:54 2020 us=191324 auth_user_pass_file = ‘[UNDEF]’
        Sun Oct 4 18:06:54 2020 us=191333 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2019
        Sun Oct 4 18:06:54 2020 us=191349 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
        Sun Oct 4 18:06:54 2020 us=191445 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
        Sun Oct 4 18:06:54 2020 us=191872 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
        Sun Oct 4 18:06:54 2020 us=191891 Cannot load certificate file /home/jeroen/Documenten/vpn/openvpn/2/jeroen/jeroen.crt
        Sun Oct 4 18:06:54 2020 us=191900 Exiting due to fatal error

        I edited the config file so the dirs to de certs are right.

        I don’t know what is going on. All the logs are empty as well.
        Hope you can help.

        1. I will get back to you on your email. It will be easier than talking through comments 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *