[systemd-devel] Different behavior when OpenVPN is started as a service through systemd
Piotr Dobrogost
p at 2016.forums.dobrogost.net
Thu Mar 31 21:07:33 UTC 2016
Hi!
When I start OpenVPN as a deamon from command line like this:
`sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config
/etc/openvpn/xxx.conf`
the tunnel comes up with no problem.
However, when I start it as a systemd service I get this error:
Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL,
L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA
Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1,
error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx
VPN CA
I've been getting the same error when starting OpenVPN as a deamon
from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's
why I thought the reason for error is that when starting OpenVPN as a
systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I
verified it gets set by adding "ExecStartPre=/usr/bin/env" to the
service template file.
Please help.
Regards,
Piotr Dobrogost
Below is content of relevant files:
====== /usr/lib/systemd/system/openvpn at .service
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target
[Service]
PrivateTmp=true
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStartPre=/usr/bin/env
ExecStart=/usr/sbin/openvpn --daemon --writepid
/var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
[Install]
WantedBy=multi-user.target
====== /etc/systemd/system/openvpn <at> xxx.service.d/env.conf
[Service]
Environment=OPENSSL_ENABLE_MD5_VERIFY=1
Thanky you in advance.
Regards,
Piotr Dobrogost
More information about the systemd-devel
mailing list