[Openvpn-users] Permission Error with systemd

Mon, 12 May 2025 03:12:06 -0700 

Hi.
I have a fresh install of openvpn 3.5.0.8 on arch and try to get autostart for systemd working. 

The log is displaying this error:

Options error: --key fails with 'gateway25.key': Permission denied 
(errno=13)
Options error: --status fails with 
'/run/openvpn-server/status-gateway25.log': Permission denied (errno=13)



I do not know special details about when openvpn drops privilegs but I 
get a shiver when there is a need to change perms or ownership for key 
files.


What do you think/recommend?

Thanks.

The unit file looks like this:

[Unit]
Description=OpenVPN service for %I
After=network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server

ExecStart=/usr/bin/openvpn --status %t/openvpn-server/status-%i.log 
--status-version 2 --config %i.conf

User=openvpn
Group=network

AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT 
CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT 
CAP_DAC_OVERRIDE CAP_AUDIT_WR>

LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
RestartSec=5s
Restart=on-failure

[Install]
WantedBy=multi-user.target

File permissions are as followed:
[root@gatway25 /etc/openvpn/server]# ll
insgesamt 24K
drwxr-x--- 2 openvpn network 4,0K 12. Mai 10:32 ./
drwxr-xr-x 4 root    root    4,0K  5. Mai 20:58 ../
-rw-r--r-- 1 root    root     684  9. Mai 19:11 gateway25.crt
-rw------- 1 root    root     306  9. Mai 19:11 gateway25.key
-rw------- 1 root    root     636 11. Mai 21:04 gateway25.ta.key
-rw-r--r-- 1 root    root    2,4K 12. Mai 11:03 gateway25.conf





_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to