FS#40838 - [openvpn] Crashes trying to start before the network is set

Attached to Project: Arch Linux
Opened by Cláudio Pereira (claudiop) - Saturday, 14 June 2014, 11:17 GMT
Last edited by Thomas Bächler (brain0) - Friday, 12 September 2014, 17:03 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Thomas Bächler (brain0)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 5
Private No

Details

Description:
The openvpn@server service crashes if set as enabled on boot, but not if started manually through systemctl.
The problem turns to be the service trying to start before the network is ready.
A good illustration of the problem is the attached svg.
I don't know if it is easily reproducible, but in my case it first happened after turning port sharing on.

Additional info:
Openvpn 2.3.4-1

I don't have the full log any more, but the problematic line was:
TCP/UDP: Socket bind failed on local address aaa.xxx.yyy.zzz Cannot assign requested address

I am sorry for not showing any configuration (its not a great idea), but its a fairly standard configuration, with non-default cryptographic settings and port sharing.
As I said previously, I suspect that the late triggered the issue, but I am not sure.

Solution:
The unit file right now is:
#-------------------------
[Unit]
Description=OpenVPN connection to %i

[Service]
Type=forking
ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid
PIDFile=/run/openvpn@%i.pid

[Install]
WantedBy=multi-user.target
#------------------------
And adding "After=network.target" in the [Unit] instructions, solved the bug.
   openvpn.svg (73.1 KiB)
This task depends upon

Closed by  Thomas Bächler (brain0)
Friday, 12 September 2014, 17:03 GMT
Reason for closing:  Not a bug
Comment by Doug Newgard (Scimmia) - Saturday, 14 June 2014, 15:18 GMT
It used to have that: https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/openvpn&id=2985ea84c6eca2beb0b819ea9a4f1f81d7c041f6
I'm guessing it's removal is related to  FS#35089 ?
Comment by Henrik Juul Pedersen (henrikjuul) - Friday, 12 September 2014, 11:43 GMT
I'm experiencing the same issues. Trying to start openvpn before the network is available makes no sense to me.

I've also re-added "After=network.target" to my unit file, just like ntp and other network-relying service files has it.
The mentioned bug  FS#35089  was closed as "won't implement" so I dont see why parts of it seems to have been implemented?
Comment by Thomas Bächler (brain0) - Friday, 12 September 2014, 17:03 GMT
That is not a crash, OpenVPN exits because it cannot apply its configuration. Binding to a specific address is not standard configuration, and OpenVPN needs to be ordered in such a way that the address exists,

Depending on its use case, OpenVPN has to be ordered Before=network.target, After=network.target or not at all. We cannot provide a useful default here.

Loading...