Hi, I am still unsure if this is an openVPN bug or a Systemd "Feature", but it does not seem to be related to the bugs listed before. Here's what I found out today to fix it:
... the problem persists here, even after removing the --ask-pass option. Strange. Mind this: Calling openvpn --config returns the desired effect, but the systemd startup file does not. Strange. I will look into that. Should I add my findings to the bug in bugzilla? Somehow they don't seem to be related... (... later ...) Maybe I just found *my* solution: rcopenvpn status Warning: openvpn@fibonacci.service changed on disk. Run 'systemctl daemon- reload' to reload units. * openvpn@fibonacci.service - OpenVPN tunneling daemon instance using /etc/ openvpn/fibonacci.conf
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor
preset: disabled)
Active: active (running) since Wed 2018-03-14 14:28:34 CET; 2s ago
Process: 23847 ExecStart=/usr/sbin/openvpn --daemon --askpass --suppress-
timestamps --writepid /run/openvpn/fibonacci.pid --cd /etc/openvpn/ --config fibonacci.conf (code=exited, status=0
Main PID: 23851 (openvpn)
and after a systemctl daemon-reload the new ExecStart from the config file was being used. Weird and unintuitve, I guess: I changed openvpn's systemd startup file, killed the service, restarted it, but still I have to tell systemd about the change - I did not know that.
Again what learnt.
Can it be that Systemd caches a start file and needs a daemon-reload when I change it even if the correspondig service is not running? That sounds weird. I wonder if this is rather a systemd topic than a openvpn one.
Did that help? Am Freitag, 9. März 2018, 17:19:57 CET schrieb Bjoern Voigt:
Jiri Slaby wrote:
On 03/05/2018, 03:19 PM, Markus Feilner wrote:
I found the systemd openvpn startup script (which is linked to /etc/systemd/ system/multitarget.wants/... contains an option "--askpass" that caused the problem.
Removing the option did the trick for me, but I am unsure if this is a bug, a feature or a security measure to educate people against passwordless keys.
I just thought some other people might find this helpful, I didn't find anything online about this. Not yet.
Please open a bug. This beats me too.
There is already a bug report for this: https://bugzilla.opensuse.org/show_bug.cgi?id=985798
Greetings, Björn
-- Markus Feilner Team Lead Documentation P.S.: I moved - new home address: Wöhrdstraße 10, 93059 Regensburg - - - _This incident will be documented._ - - - +49 173 5876 838 (also via Signal), privat: +49 170 302 7092 mfeilner@suse.[com|de] http://www.suse.com G+: https://plus.google.com/+MarkusFeilner Xing: http://www.xing.com/profile/Markus_Feilner LinkedIn: https://www.linkedin.com/in/markusfeilner #mfeilner: Jabber, Skype, Twitter openSUSE: http://www.opensuse.org - - - SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)