FS#67180 - [openvpn] openvpn-client@.service fails to start: ExecStart contains config conflict
Attached to Project:
Arch Linux
Opened by Jim Davis (metadope) - Thursday, 02 July 2020, 19:19 GMT
Last edited by Toolybird (Toolybird) - Wednesday, 27 September 2023, 07:10 GMT
Opened by Jim Davis (metadope) - Thursday, 02 July 2020, 19:19 GMT
Last edited by Toolybird (Toolybird) - Wednesday, 27 September 2023, 07:10 GMT
|
Details
Description:
I can successfully start my OpenVPN client with a simple command line #openvpn /etc/openvpn/client/myvpn.conf But after ^c to exit the testing, and using systemd to subsequently start the same service, the client fails to start. #systemctl start openvpn-client@myvpn #fails I've identified the ExecStart line as the problem: [from /usr/lib/systemd/system/openvpn-client@.service] ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf Specifically, the --nobind directive conflicts with my .conf file (which contains a --local <ip> directive, mutually exclusive with --nobind). I respectfully suggest that documented configuration options which are application-specific and available to the service user in an external configuration file should not be specified in the systemd .service file. I have changed my local copy of /usr/lib/systemd/system/openvpn-client@.service to overcome this: ExecStart=/usr/bin/openvpn %i.conf But I'm hoping someone upstream will agree that the extra arguments in ExecStart are spurious and need to be removed by upstream. |
This task depends upon
Closed by Toolybird (Toolybird)
Wednesday, 27 September 2023, 07:10 GMT
Reason for closing: No response
Wednesday, 27 September 2023, 07:10 GMT
Reason for closing: No response
Perhaps you should use openvpn-server@.service if your configuration really needs to bind.
There are *many* parameters to an openvpn configuration: Why choose --nobind for the .service file? Is there some value added? Does that parameter forestall problems that a majority of client-users may encounter?
The example client.conf that ships with openvpn already includes the nobind setting, so I really don't understand the addition to the ExecStart.
Anyway, that was not my decision but is shipped by upstream. Open an issue in upstream bug tracker to discuss it there. Please share the link here.
Oh, and another anyway... Does it work if you use your configuration with the server unit openvpn-server@.service?