Score:0

Server

Getting OpenVPN server status failed after fully configuration on Centos 7 VPS

Sasan

10/7/23, 7:55 AM

I am going to setup a VPN Server on Centos 7 VPS, running as Docker container. However, after installing OpenVPN and configuring it, I see the server status failed:

This is my server.conf file:

port 1194
proto udp
dev tun

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

And this is what written in messages file in var/log/ after run command below:

systemctl start [email protected]

Oct  7 08:35:39 systemd: Cannot add dependency job for unit systemd-vconsole-setup.service, ignoring: Unit is masked.
Oct  7 08:35:39 systemd: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server...
Oct  7 08:35:39 openvpn: Fri Oct  7 08:35:39 2022 OpenVPN 2.4.12 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 17 2022
Oct  7 08:35:39 openvpn: Fri Oct  7 08:35:39 2022 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Oct  7 08:35:39 openvpn: Fri Oct  7 08:35:39 2022 Diffie-Hellman initialized with 2048 bit key
Oct  7 08:35:39 openvpn: Fri Oct  7 08:35:39 2022 ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Oct  7 08:35:39 openvpn: Fri Oct  7 08:35:39 2022 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Oct  7 08:35:39 openvpn: Fri Oct  7 08:35:39 2022 Exiting due to fatal error
Oct  7 08:35:39 systemd: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
Oct  7 08:35:39 systemd: [email protected]: main process exited, code=exited, status=1/FAILURE
Oct  7 08:35:39 systemd: Unit [email protected] entered failed state.
Oct  7 08:35:39 systemd: [email protected] failed.

690

1 + 7

vps

openvpn

docker

centos7

Nikita Kipriyanov

10/7/23, 8:09 AM

So what's in the log? It should log to syslog, so check `messages` or `syslog` or `daemon` file. Also you can try to start it by hand (not as a service) using `openvpn --config <config-file-name>` and see what it says.

Sasan

10/7/23, 8:16 AM

@NikitaKipriyanov Where can I read its log? Could you please share the path.

Sasan

10/7/23, 8:22 AM

I found `openvpn-status.log` file in openvpn folder, but it is empty.

Nikita Kipriyanov

10/7/23, 8:25 AM

No, that's not a log file, but a status file that you defined. It is empty because it didn't started in the first place. Typically syslog writes its log files to `/var/log/`.

Sasan

10/7/23, 8:39 AM

@NikitaKipriyanov I shared the log after command `systemctl start [email protected]`

Nikita Kipriyanov

10/7/23, 8:41 AM

`Oct 7 08:35:39 pandora openvpn: Fri Oct 7 08:35:39 2022 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)` What is the system you are running it on? Is it OpenVZ or any other container (Docker, LXC)? If so, you're generally out of luck. This is not something which is typically done within a container.

Sasan

10/7/23, 8:44 AM

@NikitaKipriyanov Yes. A website is running on Docker Container. I have no way?

Score:1

Server

Nikita Kipriyanov

10/7/23, 8:52 AM

In the container it is only possible to create and use a tun device if the hosting provider gives your container such a possibility. They need:

to load a tuntap driver on the host
to give your container a permission to use it

If this requirement is met, you may create a missing device node and use it with OpenVPN or other applications:

mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 0666 /dev/net/tun

Probably you'll need to create it each time container boots, in which case it is convenient to create a systemd unitt which runs these commands for you and set it up to be required for network:

[Unit]
Description=/dev/net/tun device node
Requires=sysinit.target
After=sysinit.target
Documentation=https://www.kernel.org/doc/Documentation/networking/tuntap.txt

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=mkdir -p /dev/net
ExecStart=mknod /dev/net/tun c 10 200
ExecStart=chmod 0666 /dev/net/tun

[Install]
WantedBy=network-pre.target

Save this into /etc/systemd/system/tuntap-dev.service and run systemctl enable tuntap-dev.service to start it at boot.

+ 6

Sasan

10/7/23, 9:23 AM

But I am not going to setup a VPN Server as Docker container. Docker container is exist to run up my web site . I am going to setup a vpn server independent of Docker.

Nikita Kipriyanov

10/7/23, 9:30 AM

Then you must run the server not in the container. Your last comment hinted that you are running OpenVPN within a container, and this is what is need to run it in the container. There'll be no missing `/dev/net/tun` device node if you run it on the bare metal or in the VM, since it would appear normally (created by `udev`) in that case.

Sasan

10/7/23, 9:33 AM

I got it. After run `mkdir -p /dev/net` `mknod /dev/net/tun c 10 200` `chmod 0666 /dev/net/tun` and restarting OpenVPN its status change to `active`. Does it need to create `tuntap-dev.service`?

Nikita Kipriyanov

10/7/23, 9:39 AM

I'll suggest you to restart a container. If it happens everything was retained, you don't need a service. If the device node disappears, create a service and it will reappear each time, so you don't need to worry about it.

Sasan

10/7/23, 9:49 AM

Thanks a lot Nikita

Sasan

10/7/23, 11:57 AM

https://serverfault.com/questions/1112488/why-cant-i-connect-to-the-openvpn-server-from-windows-client-to-centos-vps-even Can you give me a help?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Getting OpenVPN server status failed after fully configuration on Centos 7 VPS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.