Bug#770811: openvpn: openVPN tmp-dir missing
I'll add this just in case it'll be helpful for someone: when using chroot, ovenpvn can't access /etc/localtime file and can't get correct timezone, so you need to mount this file in chroot as well: mkdir /etc/openvpn/etc touch /etc/openvpn/etc/localtime mount --bind /etc/localtime /etc/openvpn/etc/localtime And write this changes in your /etc/fstab: echo /etc/localtime /etc/openvpn/etc/localtime none bind /etc/fstab -- Regards, Polotnyanko Nikita Sergeevich mailto:pboxw...@gmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770811: openvpn: openVPN tmp-dir missing
Another thing to consider while talking about chrooting is running OpenVPN in a Docker image. I put one together: https://registry.hub.docker.com/u/kylemanna/openvpn/ https://github.com/kylemanna/docker-openvpn On Tue Feb 03 2015 at 12:27:10 AM Polotnyanko Nikita Sergeevich pboxw...@gmail.com wrote: I'll add this just in case it'll be helpful for someone: when using chroot, ovenpvn can't access /etc/localtime file and can't get correct timezone, so you need to mount this file in chroot as well: mkdir /etc/openvpn/etc touch /etc/openvpn/etc/localtime mount --bind /etc/localtime /etc/openvpn/etc/localtime And write this changes in your /etc/fstab: echo /etc/localtime /etc/openvpn/etc/localtime none bind /etc/fstab -- Regards, Polotnyanko Nikita Sergeevich mailto:pboxw...@gmail.com
Bug#770811: openvpn: openVPN tmp-dir missing
Hi, This is not a bug, when using chroot you can't access anything outside of chroot directory, so if you want to use chroot in openvpn, for example, chroot /etc/openvpn in your config file, then you need to create tmp directory in openvpn chroot directory (/etc/openvpn/tmp) and mount /tmp directory in /etc/openvpn/tmp: mkdir /etc/openvpn/tmp mount --bind /tmp /etc/openvpn/tmp And write this changes in your /etc/fstab: echo /tmp /etc/openvpn/tmp none bind /etc/fstab -- Regards, Polotnyanko Nikita Sergeevich mailto:pboxw...@gmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770811: openvpn: openVPN tmp-dir missing
Package: openvpn Version: 2.3.4-4 Severity: minor I have discovered by chance today that I get this message in the openvpn log and it won't start: Options error: Temporary directory (--tmp-dir) fails with '/etc/openvpn//tmp': No such file or directory The workaround to fix this is as easy as: mkdir /etc/openvpn/tmp But, if it is needed, why it is not created automatically in the upgrade? -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.53 ii init-system-helpers1.21 ii initscripts2.88dsf-58 ii iproute2 3.16.0-2 ii libc6 2.19-13 ii liblzo2-2 2.08-1 ii libpam0g 1.1.8-3.1 ii libpkcs11-helper1 1.11-2 ii libssl1.0.01.0.1j-1 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-1 Versions of packages openvpn suggests: ii openssl 1.0.1j-1 pn resolvconf none -- debconf information: openvpn/create_tun: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770811: openvpn: openVPN tmp-dir missing
Hi, Did you specify a tmp-dir option on your configuration file? By default it should use /tmp, /etc shouldn't be used for tmp... Regards, Alberto On Mon, Nov 24, 2014 at 11:35:03AM +0100, Adrian wrote: Package: openvpn Version: 2.3.4-4 Severity: minor I have discovered by chance today that I get this message in the openvpn log and it won't start: Options error: Temporary directory (--tmp-dir) fails with '/etc/openvpn//tmp': No such file or directory The workaround to fix this is as easy as: mkdir /etc/openvpn/tmp But, if it is needed, why it is not created automatically in the upgrade? -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.53 ii init-system-helpers1.21 ii initscripts2.88dsf-58 ii iproute2 3.16.0-2 ii libc6 2.19-13 ii liblzo2-2 2.08-1 ii libpam0g 1.1.8-3.1 ii libpkcs11-helper1 1.11-2 ii libssl1.0.01.0.1j-1 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-1 Versions of packages openvpn suggests: ii openssl 1.0.1j-1 pn resolvconf none -- debconf information: openvpn/create_tun: false -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770811: openvpn: openVPN tmp-dir missing
That's the strange thing. I have nothing related to dir in my server.conf, so it must be something related to an upgrade: chroot /etc/openvpn # Which local IP address should OpenVPN # listen on? (optional) ;local a.b.c.d port 1194 # TCP or UDP server? ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca /etc/openvpn/scripts/keys/ca.crt cert /etc/openvpn/scripts/keys/servidor.crt key /etc/openvpn/scripts/keys/servidor.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh /etc/openvpn/scripts/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt push route 192.168.0.0 255.255.255.0 ;push route 192.168.20.0 255.255.255.0 push redirect-gateway def1 # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats push dhcp-option DNS 8.8.8.8 push dhcp-option DNS 8.8.4.4 ;push dhcp-option WINS 8.8.4.4 keepalive 10 120 tls-auth /etc/openvpn/scripts/keys/ta.key 0 # This file is secret cipher AES-256-CBC comp-lzo max-clients 2 user nobody group nobody cipher AES-256-CBC # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. mute 10 Enviado con MailTrack https://mailtrack.io/trace/link/4f698ed4d8079620ac074b95295a6a4900c5a334 2014-11-24 13:22 GMT+01:00 Alberto Gonzalez Iniesta a...@inittab.org: Hi, Did you specify a tmp-dir option on your configuration file? By default it should use /tmp, /etc shouldn't be used for tmp... Regards, Alberto On Mon, Nov 24, 2014 at 11:35:03AM +0100, Adrian wrote: Package: openvpn Version: 2.3.4-4 Severity: minor I have discovered by chance today that I get this message in the openvpn log and it won't start: Options error: Temporary directory (--tmp-dir) fails with '/etc/openvpn//tmp': No such file or directory The workaround to fix this is as easy as: mkdir /etc/openvpn/tmp But, if it is needed, why it is not created automatically in the upgrade? -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.53 ii init-system-helpers1.21 ii initscripts2.88dsf-58 ii iproute2 3.16.0-2 ii libc6 2.19-13 ii liblzo2-2 2.08-1 ii libpam0g 1.1.8-3.1 ii libpkcs11-helper1 1.11-2 ii libssl1.0.01.0.1j-1 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-1 Versions of packages openvpn suggests: ii openssl 1.0.1j-1 pn resolvconf none -- debconf information: openvpn/create_tun: false -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Bug#770811: openvpn: openVPN tmp-dir missing
Hi, I don't know why this didn't fail before, but since you are chroot'ing openvpn in /etc/openvpn, a tmp/ dir there could be necessary. Not a bug, but a requirement due to your settings. Regards, Alberto On Mon, Nov 24, 2014 at 01:52:30PM +0100, Adrián Arévalo Tirado wrote: That's the strange thing. I have nothing related to dir in my server.conf, so it must be something related to an upgrade: chroot /etc/openvpn # Which local IP address should OpenVPN # listen on? (optional) ;local a.b.c.d port 1194 # TCP or UDP server? ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca /etc/openvpn/scripts/keys/ca.crt cert /etc/openvpn/scripts/keys/servidor.crt key /etc/openvpn/scripts/keys/servidor.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh /etc/openvpn/scripts/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt push route 192.168.0.0 255.255.255.0 ;push route 192.168.20.0 255.255.255.0 push redirect-gateway def1 # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats push dhcp-option DNS 8.8.8.8 push dhcp-option DNS 8.8.4.4 ;push dhcp-option WINS 8.8.4.4 keepalive 10 120 tls-auth /etc/openvpn/scripts/keys/ta.key 0 # This file is secret cipher AES-256-CBC comp-lzo max-clients 2 user nobody group nobody cipher AES-256-CBC # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. mute 10 Enviado con MailTrack https://mailtrack.io/trace/link/4f698ed4d8079620ac074b95295a6a4900c5a334 2014-11-24 13:22 GMT+01:00 Alberto Gonzalez Iniesta a...@inittab.org: Hi, Did you specify a tmp-dir option on your configuration file? By default it should use /tmp, /etc shouldn't be used for tmp... Regards, Alberto On Mon, Nov 24, 2014 at 11:35:03AM +0100, Adrian wrote: Package: openvpn Version: 2.3.4-4 Severity: minor I have discovered by chance today that I get this message in the openvpn log and it won't start: Options error: Temporary directory (--tmp-dir) fails with '/etc/openvpn//tmp': No such file or directory The workaround to fix this is as easy as: mkdir /etc/openvpn/tmp But, if it is needed, why it is not created automatically in the upgrade? -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.53 ii init-system-helpers1.21 ii initscripts2.88dsf-58 ii iproute2 3.16.0-2 ii libc6 2.19-13 ii liblzo2-2 2.08-1 ii libpam0g 1.1.8-3.1 ii libpkcs11-helper1 1.11-2 ii libssl1.0.01.0.1j-1 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-1 Versions of packages openvpn suggests: ii openssl 1.0.1j-1 pn resolvconf none -- debconf information: openvpn/create_tun: false -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org