Project

General

Profile

Bug #2246

Amahi 10 OpenVPN App

Added by bigfoot65 about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
VPN
Target version:
Start date:
05/20/2017
Due date:
% Done:

0%


Description

The app installs without error, however the following was observed:
  • OpenVPN Server in Servers tab shows as stopped
  • There is no /run/openvpn directory created as well as no PID file (amahi.pid).
    • After establishing the directory, amahi.pid is not created
    • Tried changing permissions to 775 with no change
  • openvpn@.service, openvpn-client@.service, and openvpn-server@.service are created.
    -rw-r--r--  1 root root  685 May 11 09:36 openvpn-client@.service
    -rw-r--r--  1 root root  758 May 11 09:36 openvpn-server@.service
    -rw-r--r--  1 root root  244 May 11 09:36 openvpn@.service
    
  • monit continues to try and restart OpenVPN since it does know it's running
    [CDT May 20 04:29:37] error    : 'openvpn-amahi' process is not running
    [CDT May 20 04:29:37] info     : 'openvpn-amahi' trying to restart
    [CDT May 20 04:29:37] info     : 'openvpn-amahi' start: /usr/bin/systemctl
    [CDT May 20 04:30:07] error    : 'openvpn-amahi' failed to start (exit status 0)
    

    The only work around to prevent the log from filling up is to disable watchdog

I have tested connectivity with OpenVPN running and appears to be working correctly.

History

#1 Updated by cpg about 3 years ago

it does not appear to create a PID. even if it did, IIRC, it had bad permissions in previous releases.

this has no clean solution.

i tried to fix it by doing this:

systemctl stop openvpn@amahi
# added  --writepid /run/openvpn-server/amahi.pid to /usr/lib/systemd/system/openvpn@.service at the end of the ExecStart line
systemctl daemon-reload
systemctl start openvpn@amahi

this could be automated in the install script (without he stop command) and maybe it works, but the permissions of the /run/openvpn-server/ directory are still 710 and that will make it to NEVER be readable.

we clearly would need to add a feature to the platform to either escalate privileges to see this status (proper way? maybe via ps or the /proc file system) or somehow change permissions to 755 after each start of that process. maybe somehting in the .service file can take care of it. not sure.

#2 Updated by bigfoot65 about 3 years ago

Could we make the /run/openvpn directory, chmod it to 755 and then update the line in the service to point there for the PID?

I did a test on my HDA and appears to have worked.

#3 Updated by bigfoot65 about 3 years ago

In /usr/lib/systemd/system/openvpn@.service I made the following changes:
  1. Modified the ExecStart line to add --writepid /run/openvpn/amahi.pid
    ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf --writepid /run/openvpn/amahi.pid
    
  2. Added 2 lines above ExecStart
    ExecStartPre=-/usr/bin/mkdir -p /run/openvpn/
    ExecStartPre=/usr/bin/chmod -R 755 /run/openvpn/
    

    Did a reboot and it is working as expected.

#4 Updated by cpg about 3 years ago

awesome job!

i was hesitant about this because of the daemon-reload, but if it works on reboots, that's a great thing!

#5 Updated by bigfoot65 about 3 years ago

Do you want me to update the app?

#6 Updated by cpg about 3 years ago

  • Assignee changed from cpg to bigfoot65

yes please.

at the moment i got this when trying to install it:

chmod: cannot access '/var/run/openvpn': No such file or directory

#7 Updated by bigfoot65 about 3 years ago

  • Status changed from New to Feedback
  • Assignee changed from bigfoot65 to cpg

Updated. It should now work as designed.

I tested, to include stopping the service via dashboard. Monit restarted it within seconds.

#8 Updated by cpg about 3 years ago

  • Status changed from Feedback to Closed

tested. great job!

can't test a reboot yet as my hda is in use, but i will check it later.

#9 Updated by cpg about 3 years ago

works after reboot. great job!

Also available in: Atom