[systemd-devel] Different behavior when OpenVPN is started as a service through systemd
Lennart Poettering
lennart at poettering.net
Fri Apr 1 14:24:33 UTC 2016
On Thu, 31.03.16 23:07, Piotr Dobrogost (p at 2016.forums.dobrogost.net) wrote:
> Hi!
>
> When I start OpenVPN as a deamon from command line like this:
> `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config
> /etc/openvpn/xxx.conf`
> the tunnel comes up with no problem.
> However, when I start it as a systemd service I get this error:
>
> Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL,
> L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA
> Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1,
> error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx
> VPN CA
>
> I've been getting the same error when starting OpenVPN as a deamon
> from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's
> why I thought the reason for error is that when starting OpenVPN as a
> systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I
> verified it gets set by adding "ExecStartPre=/usr/bin/env" to the
> service template file.
This is probably something to ask the openvpn folks about.
Note that systemd invokes services in a very minimal, cleaned-up
execution evnironment. Maybe there's something missing for openvpn
there, such as the right $PATH or so...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list