Hi! When I start OpenVPN as a deamon from command line like this: `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config /etc/openvpn/xxx.conf` the tunnel comes up with no problem. However, when I start it as a systemd service I get this error:
Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL, L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1, error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx VPN CA I've been getting the same error when starting OpenVPN as a deamon from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's why I thought the reason for error is that when starting OpenVPN as a systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I verified it gets set by adding "ExecStartPre=/usr/bin/env" to the service template file. Please help. Regards, Piotr Dobrogost Below is content of relevant files: ====== /usr/lib/systemd/system/openvpn@.service [Unit] Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I After=network.target [Service] PrivateTmp=true Type=forking PIDFile=/var/run/openvpn/%i.pid ExecStartPre=/usr/bin/env ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf [Install] WantedBy=multi-user.target ====== /etc/systemd/system/openvpn@xxx.service.d/env.conf [Service] Environment=OPENSSL_ENABLE_MD5_VERIFY=1 ====== /etc/openvpn/xxx.conf client dev tun proto udp remote x.x.x.x 1194 remote y.y.y.y 1194 resolv-retry infinite nobind script-security 2 up /etc/openvpn/client.up plugin /usr/lib64/openvpn/plugins/openvpn-plugin-down-root.so "/etc/openvpn/client.down" persist-key persist-tun pkcs12 /etc/openvpn/xxx/piotr.dobrogost.xxx.vpn.p12 cipher AES-256-CBC comp-lzo mute-replay-warnings verb 3 ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
