On 12/05/2025 11:52, Stefanie Leisestreichler (Febas) wrote:
> Hi.
> I have a fresh install of openvpn 3.5.0.8 on arch and try to get
> autostart for systemd working.
>
> The log is displaying this error:
> Options error: --key fails with 'gateway25.key': Permission denied
> (errno=13)
> Options error: --status fails with '/run/openvpn-server/status-
> gateway25.log': Permission denied (errno=13)
>
> I do not know special details about when openvpn drops privilegs but I
> get a shiver when there is a need to change perms or ownership for key
> files.
>
> What do you think/recommend?
Notice this line in the systemd unit file:
User=openvpn
This indicates that the OpenVPN process is started as the openvpn user.
Your permissions is that only root has read access to the key file.
Try to change the owner of the key file from root to openvpn.
The openvpn-server@.service and openvpn-client@.service units has been
written to lock down and strip the openvpn process from as many
privileges as possible. Unfortunately, the list of needed privileges is
still fairly long.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
