openvpn startup script isn't working in ubuntu 18.04

I have a problem that may be related, but I haven't been able to get OpenVPN working. https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1772066

How do you start OpenVPN manually?

Status changed to 'Confirmed' because the bug affects multiple users.

the description suggests the command line openvpn is used, not the network-manager plugin

@Fanar, could you please attach the openvpn logs of the failed service start? You can collect them with:

  journalctl -u openvpn@myconfig > /tmp/openvpn-myconfig.log

Thanks

No results :

cat /tmp/openvpn-myconfig.log
-- Logs begin at Thu 2018-05-24 11:33:12 +03, end at Fri 2018-05-25 17:37:44 +03. --

I still can connect if I run openvpn from command line, but init script won't start the service, I tried also making changes to /etc/default/openvpn with no luck.

What do you get from "systemctl -a | grep openvpn"?

systemctl -a | grep openvpn
  openvpn.service
                                  loaded active exited
OpenVPN service

2018-05-25 17:53 GMT+03:00 Simon Déziel <email address hidden>:

> What do you get from "systemctl -a | grep openvpn"?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1771650
>
> Title:
> openvpn startup script isn't working in ubuntu 18.04
>
> Status in openvpn package in Ubuntu:
> Incomplete
>
> Bug description:
> Its very simple.
>
> 1- Install ubuntu 18.04.
> 2- Install Openvpn using apt.
> 3- Put your configuration at path /etc/openvpn, for example :
> /etc/openvpn/myconfig.conf.
> 4- start openvpn service! It won't start automatically.
>
> Note : my config have a security weakness, but it still valid and
> works perfect if I start it manually. For example : openvpn
> /etc/openvpn/myconfig.conf - it works !
>
>
> Thank you
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/
> 1771650/+subscriptions
>

Can you try to enable and start it with:

 sudo systemctl enable openvpn@myconfig
 sudo systemctl start openvpn@myconfig

Then collect the logs as mentioned before, please?

ok it worked this time, and it is still working even after restarting the service

/etc/init.d/openvpn restart

ifconfig tun0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
        inet 10.122.11.10 netmask 255.255.255.255 destination 10.0.11.9
        inet6 fe80::82bc:c88a:6a62:bc0c prefixlen 64 scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
        RX packets 0 bytes 0 (0.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 15 bytes 1304 (1.3 KB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

we shouldn't need to enable every profile by itself, should we ? we used to just add .conf file with its requirements at /etc/openvpn (or even under a subfolder there) and it would work normally.

Thank you for taking care of this anyway.

I can see that there is new file under :

/<email address hidden>

we never needed such file before to run ovpn service.

See this upstream change: https://github.com/OpenVPN/openvpn/commit/28bd79ac980488dbfce2e8136287e38c6f35a043

I believe all you had to do was place the config file in /etc/openvpn/server or /etc/openvpn/client, then the systemd units would pick it up automatically.

Could you please verify that? If that fixes your use case, then we might want to add an entry to the 18.04 release notes.

The package shipped in Bionic does create the directories /etc/openvpn/server and /etc/openvpn/client but it only ships a systemd unit that looks for configuration files from /etc/openvpn directly.

This needs further investigation, because the package does ship service files for server and client:

# dpkg -L openvpn|grep service
/lib/systemd/system/openvpn-client@.service
/lib/systemd/system/openvpn-server@.service
/lib/systemd/system/openvpn.service
/lib/systemd/system/openvpn@.service

We might be using them incorrectly.

Assuming you have a config file called /etc/openvpn/server/myconfig, can you try:

systemctl start openvpn-server@myconfig

That should trigger the openvpn-server@ service file, which will replace %i in the Exec line below with what's after @ in the systemctl start command:
ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf

So it should work?

@ahasenack, thanks, I was indeed wrong with the -client/-server@ units. It's weird they don't show up in "systemctl -a | grep openvpn" though. The openvpn.postinst only seem to enable openvpn.service.

The client/server @ units need a config file, otherwise they cannot be activated. I'm not sure what the main openvpn.service one is for now, though.

Ah, it does nothing apparently:
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true
WorkingDirectory=/etc/openvpn

@Fanar does comment #15 solve your case? If yes, I can add a release notes task to this bug and update https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes mentioning this change

to fix the problem I had to do this :

1- copy my config file to /etc/openvpn directory (not under /etc/openvpn/server)
2- systemctl enable <email address hidden>
3- systemctl enable openvpn@server2 (to be sure).
4- systemctl start openvpn-server@server2

then rebooted, all works now and starts on boot.

Thank you all, but I think some fix should be released, this is not how things used to work.

I was also able to fix the problem by switching from openvpn-server@.service to openvpn@.service

#Fanar, I think that step #3 above (coupled with the reboot) is what actually fixed your issue

It shouldn't be necessary to do explicit "enable" calls to make this work. The generator _should_ be finding all the .conf files automatically:

/lib/systemd/system-generators/openvpn-generator

However, it is NOT working for me...

I also came across this issue.
This is a not quite obvious thing in the default installation (I mean the @-services).

As far as I could get it (and found in internets), the service relies on the init-script:
/etc/init.d/openvpn

which only starts the found .conf files if the AUTOSTART var = "all":
    if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
      # all VPNs shall be started automatically
      for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
        NAME=${CONFIG%%.conf}
        start_vpn
      done

BUT /etc/default/openvpn has this:
#AUTOSTART="all"
#AUTOSTART="none"

The AUTOSTART is not defined anywhere. Fix me if I'm wrong.

In order to fix it as much closer to "default options" as possible, I installed from the OpenVPN repo, which (surpsise) has this in the init-script:

===
# Source defaults file; edit that file to configure this script.
AUTOSTART="all"
STATUSREFRESH=10
OMIT_SENDSIGS=0
if test -e /etc/default/openvpn ; then
  . /etc/default/openvpn
fi
===

So this var is actually pre-defined, according to the "defaults"-file description (see below).

I'd actually really call it a bug, since the "defaults" file contains:
# Start only these VPNs automatically via init script.
# Allowed values are "all", "none" or space separated list of
# names of the VPNs. If empty, "all" is assumed.

The last sentence..

I changed the first line of #/bin/sh -e to #/bin/bash and it worked

@Daniel, what version are you using? The /etc/init.d/openvpn screen from bionic has that same snippet you mentioned from upstream

'# Source defaults file; edit that file to configure this script.
AUTOSTART="all"
STATUSREFRESH=10'

@Paulo, from what file did you change the sh to bash and how did you test exactly?