http://bugzilla.opensuse.org/show_bug.cgi?id=1031748 Bug ID: 1031748 Summary: openVPN with systemd fails to request user name and password Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: 64bit OS: openSUSE 42.2 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: allison@lohutok.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- In Leap 42.2, when starting an openVPN connection via systemd with the command: $ systemctl start openvpn@MYVPN.service The startup process does not prompt for a username and password, but instead silently hangs and times out. I can connect to the VPN if I manually call: $ sudo systemd-tty-ask-password-agent To trigger the prompts for VPN Auth Username and Auth Password. What systemctl should do is either prompt for username and password, or else send a wall message notifying the user that they need to run 'systemd-tty-ask-password-agent' on a different terminal window to bring up the prompts. I've been told that openSUSE Tumbleweed and SLE 12 both prompt the user directly, rather then instructing them to use 'systemd-tty-ask-password-agent', so that may be the best behavior for Leap 42.2 to follow. ========== Some more details on the error... The timeout message directs the user to run 'systemctl status' and to check 'journalctl -xe': allison@test-leap:~> systemctl start openvpn@MYVPN.service Job for openvpn@MYVPN.service failed because the control process exited with error code. See "systemctl status openvpn@MYVPN.service" and "journalctl -xe" for details. However, 'journalctl -xe' gives no information about the failure, and 'systemctl status' doesn't provide much useful information about the failure: allison@test-leap:~> systemctl status openvpn@MYVPN.service ● openvpn@MYVPN.service - OpenVPN tunneling daemon instance using /etc/openvpn/MYVPN.conf Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-03-30 15:34:00 EDT; 1min 50s ago Process: 9386 ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE) Modifying the openVPN conf file to log to a special logfile with 'log-append /var/log/openvpn.log' yields more useful information, and was how I determined that systemctl was simply timing out waiting for the username and password, rather than failing with some other error: OpenVPN 2.3.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 4 2015 library versions: OpenSSL 1.0.2j-fips 26 Sep 2016, LZO 2.08 Failed to query password: Timer expired ERROR: could not read Auth username from stdin Exiting due to fatal error -- You are receiving this mail because: You are on the CC list for the bug.