[systemd-devel] Different behavior when OpenVPN is started as a service through systemd
Reindl Harald
h.reindl at thelounge.net
Thu Mar 31 21:49:00 UTC 2016
Am 31.03.2016 um 23:07 schrieb Piotr Dobrogost:
> When I start OpenVPN as a deamon from command line like this:
> `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config
> /etc/openvpn/xxx.conf`
> the tunnel comes up with no problem.
> However, when I start it as a systemd service I get this error:
>
> Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL,
> L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA
> Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1,
> error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx
> VPN CA
>
> I've been getting the same error when starting OpenVPN as a deamon
> from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's
> why I thought the reason for error is that when starting OpenVPN as a
> systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I
> verified it gets set by adding "ExecStartPre=/usr/bin/env" to the
> service template file.
>
> Please help
get rid of MD5 and SHA1 certs in 2016
openvpn works pretty fine with systemd
we connect 6 different networks in all directions with openvpn and systemd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160331/c8c58556/attachment.sig>
More information about the systemd-devel
mailing list