[systemd-devel] Having trouble connecting to VPN on Whonix

Lennart Poettering lennart at poettering.net
Mon Nov 20 12:18:51 UTC 2017 

On So, 19.11.17 00:18, דניאל חומדוב (thedexless24 at gmail.com) wrote:

> root at host:/home/user# systemctl status openvpn at openvpn.service                                                                       
>openvpn at openvpn.service - OpenVPN connection to openvpn                                                                            
>    Loaded: loaded (/lib/systemd/system/openvpn at .service; disabled)                                                                   
>   Drop-In: /lib/systemd/system/openvpn at openvpn.service.d                                                                             
>            └─50_unpriv.conf                                                                                                          
>    Active: failed (Result: exit-code) since Sat 2017-11-18 20:49:51 UTC; 20s ago                                                     
>   Process: 2489 ExecStartPre=/usr/bin/sudo /usr/sbin/openvpn --rmtun --dev tun0 (code=exited, status=1/FAILURE)                      
>                                                                                                                                      
> Nov 18 20:49:51 host sudo[2489]: #1) Respect the privacy of others.                                                                  
> Nov 18 20:49:51 host sudo[2489]: #2) Think before you type.                                                                          
> Nov 18 20:49:51 host sudo[2489]: #3) With great power comes great responsibility.                                                    
> Nov 18 20:49:51 host sudo[2489]: sudo: no tty present and no askpass program specified                                               
> Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): conversation failed                                                            
> Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): auth could not identify password for [tunnel]                                  
> Nov 18 20:49:51 host sudo[2489]: tunnel : command not allowed ; TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/usr/s...ev tun0
> Nov 18 20:49:51 host systemd[1]: openvpn at openvpn.service: control process exited, code=exited status=1
> Nov 18 20:49:51 host systemd[1]: Failed to start OpenVPN connection to openvpn.
> Nov 18 20:49:51 host systemd[1]: Unit openvpn at openvpn.service entered failed state.

This is a systemd issue. Your sudo command in the openvpn service
failed, because it needed a password, but couldn't query one, as
services in systemd run with stdin/stdout/stderr not connected to an
interactive TTY, but connected to /dev/null (in the case of stdin) and
the logging subsystem (in the case of stdout/stderr).

Or in other words: something is wrong with your unit file, or with the
drop-in you prepared. It shouldn't use sudo really. sudo is primarily
an interactive tool. If you want change privilege for non-interactive
tools, such as daemons, then setpriv(1) is the right tool to use. That
said, systemd can drop privileges for you anyway with "User="...

Lennart

-- 
Lennart Poettering, Red Hat

More information about the systemd-devel mailing list