[contribteam] [Bug 11335] Initial Import in SME 10 [smeserver-openvpn-bridge]

Tue, 23 Mar 2021 01:04:29 -0700 

https://bugs.contribs.org/show_bug.cgi?id=11335

Jean-Philippe Pialasse <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |IN_PROGRESS
                 CC|                            |[email protected]
         Resolution|FIXED                       |---

--- Comment #7 from Jean-Philippe Pialasse <[email protected]> ---
installed without phpki
used interface to copy certs from another install
services failed to start with alert

mar 23 03:29:27 sme10.test10.pialasse.com openvpn-bridge[32365]: WARNING: file
'priv/key.pem' is group or others accessible
mar 23 03:29:27 sme10.test10.pialasse.com openvpn-bridge[32365]: WARNING: file
'priv/takey.pem' is group or others accessible
mar 23 03:29:27 sme10.test10.pialasse.com openvpn-bridge[32365]: Options error:
Please correct these errors.


got to the dir to chmod g-r and o-r the two files


restarted service. failed after a while


ifconfig : not bridge interface

see bug https://bugs.contribs.org/show_bug.cgi?id=11485 for more informations




also service fail to start because of the unit 


was able to have it running with something close to the default unit

###############################################
[Unit]
Description=OpenVPN Server to Server
After=network.service

[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/bridge
ExecStart=/usr/sbin/openvpn --config /etc/openvpn/bridge/openvpn.conf --cd
/etc/openvpn/bridge
PrivateTmp=true
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE
CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
RestartSec=5s
Restart=on-failure


[Install]
WantedBy=sme-server.target

##################################################



default exec would be 


ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log
--status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers
AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf


note the game changer was Type=notify

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

Reply via email to