OpenVPN failed to start – Ubuntu / LXD issue

Recently I noticed that one of my OpenVPN servers stopped working. It was just after the update on the Ubuntu 16.04.4 LTS. What I found was that the service failed on start:

user@host:~$ sudo systemctl start openvpn@server.service
Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" for details.

The status message was also not helpful:

user@host:~$ sudo systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2018-12-13 14:52:59 CET; 7s ago

Dec 13 14:52:59 vz15951 systemd[1]: Starting OpenVPN connection to server…
Dec 13 14:52:59 vz15951 ovpn-server[1854]: OpenVPN 2.3.18 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Sep 26 2017
Dec 13 14:52:59 vz15951 ovpn-server[1854]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Dec 13 14:52:59 vz15951 ovpn-server[1854]: daemon() failed or unsupported: Resource temporarily unavailable (errno=11)
Dec 13 14:52:59 vz15951 ovpn-server[1854]: Exiting due to fatal error
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
Dec 13 14:52:59 vz15951 systemd[1]: Failed to start OpenVPN connection to server.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Unit entered failed state.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

Anything in the logs?

Unfortunately, logs also don’t look good:

Dec 13 14:52:59 vz15951 systemd[1]: Starting OpenVPN connection to server...
Dec 13 14:52:59 vz15951 ovpn-server[1854]: OpenVPN 2.3.18 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Sep 26 2017
Dec 13 14:52:59 vz15951 ovpn-server[1854]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Dec 13 14:52:59 vz15951 ovpn-server[1854]: daemon() failed or unsupported: Resource temporarily unavailable (errno=11)
Dec 13 14:52:59 vz15951 ovpn-server[1854]: Exiting due to fatal error
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
Dec 13 14:52:59 vz15951 systemd[1]: Failed to start OpenVPN connection to server.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Unit entered failed state.
Dec 13 14:52:59 vz15951 systemd[1]: openvpn@server.service: Failed with result 'exit-code'.

There is no clear evidence what failed. I remember that my provider was changing something in the virtual machine configurations recently (the company was bought by the bigger one) and this led me to the simple but brilliant solution…

Service configuration update

There is a known issue with OpenVPN on LXD containers. It has the same symptoms. So I tried to adjust the service configuration file:

user@host:~$ sudo vi /lib/systemd/system/openvpn@.service

I found the line with the LimitNPROC=10 and commented it out:

#LimitNPROC=10

Once updated, I had to perform two more steps – first was the reload of systemctl daemon:

user@host:~$ sudo systemctl daemon-reload

Next, I turned the OpenVPN service on again:

user@host:~$ sudo systemctl start openvpn@server.service

No error message, this looks much better. Let’s take a look at the status:

user@host:~$ sudo systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2018-12-13 15:15:17 CET; 39s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3497 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/
 Main PID: 3498 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3498 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /

Dec 13 15:15:17 vz15951 ovpn-server[3498]: succeeded -> ifconfig_pool_set()
Dec 13 15:15:17 vz15951 ovpn-server[3498]: Initialization Sequence Completed

Wonderful. It is working now. Such a simple solution but it requires a little bit of luck to find it 🙂

4 Replies to “OpenVPN failed to start – Ubuntu / LXD issue”

  1. vim is not allowing me to comment out #LimitNPROC=10, i went to the folder and tried to chane it from there it wouldnt allow me either since its protected

    can you help me change it

    1. Hello Ahmad,

      I can see possible issues here:
      1) you may not be familiar with vi editor – in such case instead of vi, use nano – it should be easier. If you have to use vi, please remember that you have to do the following things:
      – find the place you want to edit
      – enter “insert mode” by pressing “i” letter on the keyboard
      – make your change
      – exit from “insert mode” by pressing ESC on the keyboard
      – enter the command “:wq” which means “I want to write and quit”, remember that the command starts with “:”

      2) there is also a possibility that you skipped “sudo” before your vi command. This file is not editable for everyone so if you want to save it, you have to use “sudo vi [filename]”

      3) there can be other issues not mentioned above, but I need more information to help 🙂

      Dulare

  2. sudo vi /lib/system/system/openvpn@.service when i am using this command it is showing nothing, once its showing the same as to mention above I comment the thing also , I am removing something else and I guess I remove that complete file, now what can I do?

    1. Hi there 🙂

      If the vi command shows nothing, most likely the file you tried to edit (openvpn@.service) was not there and it was created by the editor. You will have to find the proper file location in order to comment out the line mentioned in the post. On the other hand, if you removed the file completely, you can backup your VPN configuration, remove and install it again. Have you checked what is the service file? If it is really openvpn@.service?

Leave a Reply

Your email address will not be published. Required fields are marked *