Hallo,
ich habe ein ähnliches Problem mit meinem OpenVPN-Server. Ich bin noch am Einrichten aber habe schon dabei das Problem, dass er nicht läuft:
$ systemctl status openvpn zeigt mir immer als (...active(exited)...) an
Hier sind die anderen Tests die ich gemacht habe:
Code
1. $ netstat -tulpen
--> openvpn wird nicht gelistet
2. $ systemctl is-enabled openvpn.service
--> enabled
3. cat /etc/default/openvpn
--> #AUTOSTART="all"
--> #AUTOSTART="none"
--> #AUTOSTART="home office"
--> #STATUSREFRESH=10
--> #STATUSREFRESH=0
--> OPTARGS=""
--> OMIT_SENDSIGS=0
4. $ systemctl list-units --all | grep -i vpn
-->
openvpn.service
loaded active exited OpenVPN service
● openvpn@openvpn.service
loaded failed failed OpenVPN connection to openvpn
n
rpivpn.service
loaded active exited rpivpn.service
system-openvpn.slice
loaded active active system-openvpn.slice
5. $ systemctl cat openvpn@server
--> # /lib/systemd/system/openvpn@.service
[Unit]
Description=OpenVPN connection to %i
PartOf=openvpn.service
ReloadPropagatedFrom=openvpn.service
Before=systemd-user-sessions.service
Documentation=man:openvpn(8)
...
[Service]
PrivateTmp=true
KillMode=mixed
Type=forking
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid
PIDFile=/run/openvpn/%i.pid
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn
ProtectSystem=yes
CapabilitySoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
[Install]
WantedBy=multi-user.target
6. $ systemd-analyze blame | grep -i vpn
-->
2.389s rpivpn.service
129ms openvpn@openvpn.service
99ms openvpn.service
7. $ ps -fC openvpn
UID PID PPID C STIME TTY TIME CMD
8. $ dmesg | grep -i tun
--> keine Ausgabe
Alles anzeigen
So sieht meine "openvpn.conf" aus:
Code
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 192.168.2.104 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 217.237.150.188"
push "dhcp-option DNS 8.8.8.8"
log-append /var/log/openvpn
persist-key
persist-tun
user nobody
group nogroup
status /var/log/openvpn-status.log
verb 5
client-to-client
comp-lzo
Alles anzeigen
Und die rpivpn:
Code
#! /bin/sh
###BEGIN INIT INFO
#Provides: rpivpn
#Required-Start: $remote_fs $syslog
#Required-Stop: $remote_fs $syslog
#Default-Start: 2 3 4 5
#Default-Stop: 0 1 6
#Short Description: VPN initialization script
### END INIT INFO
echo 'echo "1" > /proc/sys/net/ipv4/ip_forward' | sudo -s
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
Alles anzeigen
Vielen Dank für jede Hilfe