OpenVPN is not listening on any port

Question

Dear ladies and gentlemen! I know that there is a lot of questions typical to mine in the Internet, but I could not find the solution anywhere. Maybe someone here can help me?

I have a VPS with Ubuntu 20.04, and there I have installed an OpenVPN server; it worked for several months until today all the clients unexpectedly became unable to connect. I deleted and reinstalled/reconfigured VPN, but it does not work though. It should establish TCP connection through the port 1194 (first it was 993, but now I had tried 1194, and both are not working). Moreover, openvpn even does not listen to any of my ports, while it is active.

netstat -tulpn | grep LISTEN

tcp        0      0 0.0.0.0:19597           0.0.0.0:*               LISTEN      988/xe_d000_XE
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      193/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      326/sshd: /usr/sbin
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      12098/cupsd
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      453/postgres
tcp6       0      0 :::80                   :::*                    LISTEN      356/apache2
tcp6       0      0 :::1521                 :::*                    LISTEN      794/tnslsnr
tcp6       0      0 :::22                   :::*                    LISTEN      326/sshd: /usr/sbin
tcp6       0      0 :::5432                 :::*                    LISTEN      453/postgres

sudo systemctl status openvpn

● openvpn.service - OpenVPN service
     Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
     Active: active (exited) since Mon 2024-02-12 21:23:41 EET; 3h 18min ago
    Process: 306 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 306 (code=exited, status=0/SUCCESS)

Feb 12 21:23:41 vm-6959-vm454191 systemd[1]: Starting OpenVPN service...
Feb 12 21:23:41 vm-6959-vm454191 systemd[1]: Finished OpenVPN service.

Here is my server.conf file:

key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
push "block-outside-dns"
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
"server.conf" 25L, 467C local ##MY IP
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt

Can someone graciously help me to understand how to fix the issue, please?

UPDATE:

I have reinstalled openvpn, but it does not listen to any port though. There is the following information in the logs (this message appears every 5 seconds):

Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: [email protected]: Scheduled restart job, restart counter is at 315.
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Stopped OpenVPN service for server.
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Starting OpenVPN service for server...
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Aug 21 2023
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Started OpenVPN service for server.
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Diffie-Hellman initialized with 2048 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: CRL: loaded 1 CRLs from file crl.pem
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: TUN/TAP device tun0 opened
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: /sbin/ip link set dev tun0 up mtu 1500
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: /sbin/ip -6 addr add fddd:1194:1194:1194::1/64 dev tun0
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5968]: RTNETLINK answers: Permission denied
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: Linux ip -6 addr add failed: external program exited with error status: 2
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: Exiting due to fatal error
Feb 13 20:12:21 vm-6959-vm454191 systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Feb 13 20:12:21 vm-6959-vm454191 systemd[1]: [email protected]: Failed with result 'exit-code'.

ExecStart=/bin/true looks like you or something intentionally disabled the service — Daniel T, Commented Feb 12 at 23:01
So the problem is that I have /bin/true in openvpn.service? # This service is actually a systemd target, # but we are using a service since targets cannot be reloaded. [Unit] Description=OpenVPN service After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true WorkingDirectory=/etc/openvpn [Install] WantedBy=multi-user.target If yes, could you please suggest with what path should I replace it? — Ratherius, Commented Feb 13 at 9:59
Which executable program file are you trying to run? ExecStart=/bin/true literally runs /bin/true, which always exit immediately and with an exit code of success. With Type=oneshot, that is interpreted as if the service has started successfully — Daniel T, Commented Feb 13 at 10:02
Dear Daniel, may I ask you what executable file should be indicated in ExecStart field in openvpn.service file to make my Openvpn work? — Ratherius, Commented Feb 13 at 10:16
Sorry, I posted that from my phone. I found the real problem and I am writing an answer — Daniel T, Commented Feb 13 at 10:30

Daniel T · Accepted Answer · 2024-02-14 19:57:09Z

0

The problem is that you are targeting the wrong service with your sudo systemctl status openvpn. You don't want openvpn.service which is a dummy service that just exits immediately with /bin/true, and instead want [email protected].

According to the official instructions, you need to create a new instance of the [email protected] template. You named your config /etc/openvpn/server/server.conf , so the systemd instance name you need to create is server:

# Enable and start the service
sudo systemctl enable --now openvpn-server@server
# Check the status and for any errors
systemctl status openvpn-server@server
journalctl -u openvpn-server@server

If furthermore you get /sbin/ip -6 addr [...] RTNETLINK answers: Permission denied, then let's fix IPv6.

Open /etc/sysctl.conf and add the following to the bottom:

net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

sudo sysctl -p

edited Feb 14 at 19:57

answered Feb 13 at 10:39

Daniel T

4,73812 silver badges28 bronze badges

Thank you so much, Daniel! I had created the file in /usr/lib/systemd/system directory and rebooted my VPS, but, unfortunately, none port listens to Openvpn as before. May I ask you to suggest a piece of advice, please? By the way, when I run the command added to the file, I have the following message: # sudo systemctl enable --now openvpn-server@server The unit files have no installation config (WantedBy=, RequiredBy=, Also=, Alias= settings in the [Install] section, and DefaultInstance= for template units). This means they are not meant to be enabled using systemctl.
– Ratherius
Commented Feb 13 at 12:19
I see that some fields in some config file are missing, but I have no idea what should I add and where is that file. May I humbly ask you for your help?
– Ratherius
Commented Feb 13 at 12:21
You should not create any file in /usr/lib/systemd/system. The only file you (already) created is /etc/openvpn/server/server.conf. Do not create any systemd files with anything between the @ and the . . The @ means that it's a systemd template. If /lib/systemd/system/[email protected] is missing, then you need to sudo apt install openvpn , and remove anything you installed using the old method
– Daniel T
Commented Feb 13 at 12:25
I am sorry for my low qualification, but, frankly speaking, I thought that I need [email protected]. I have [email protected] generated by the system, but I did not touch it because it does not have "service" between @ and .
– Ratherius
Commented Feb 13 at 14:01
1

Dear Daniel! Thank you so much for your patient precious assistance. At last it works! :)
– Ratherius
Commented Feb 14 at 19:54

| Show 12 more comments

Stack Exchange Network

OpenVPN is not listening on any port

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
server
20.04
vpn
openvpn
.

Hot Network Questions

OpenVPN is not listening on any port

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged server20.04vpnopenvpn.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
server
20.04
vpn
openvpn
.