![openvpn[]: 選項錯誤: 在 [CMD-LINE]:1: 開啟設定檔時發生錯誤](https://rvso.com/image/51228/openvpn%5B%5D%3A%20%E9%81%B8%E9%A0%85%E9%8C%AF%E8%AA%A4%3A%20%E5%9C%A8%20%5BCMD-LINE%5D%3A1%3A%20%E9%96%8B%E5%95%9F%E8%A8%AD%E5%AE%9A%E6%AA%94%E6%99%82%E7%99%BC%E7%94%9F%E9%8C%AF%E8%AA%A4.png)
當試圖service openvpn start
Oct 12 14:02:01 ccushing1 openvpn[9091]: Options error: In [CMD-LINE]:1: Error opening configuration file: devnet-client-vm.conf
跑步openvpn devnet-client-vm.conf效果很好。為什麼 openvpn 無法啟動?我該如何修復它?
答案1
你可能想跑
fixfiles -R openvpn restore
ls -alZ 應該會給你類似這樣的東西(顯示你的檔案現在位於正確的 selinux 上下文中):
[root@server openvpn]# ls -alZ /etc/openvpn/
drwxr-xr-x. root root system_u:object_r:openvpn_etc_t:s0 .
drwxr-xr-x. root root system_u:object_r:etc_t:s0 ..
drwxr-xr-x. root root unconfined_u:object_r:openvpn_etc_t:s0 certs
-rw-r--r--. root root unconfined_u:object_r:openvpn_etc_t:s0 dh2048.pem
drwxr-xr-x. root root unconfined_u:object_r:openvpn_etc_t:s0 easy-rsa
-rw-------. root root unconfined_u:object_r:openvpn_etc_rw_t:s0 ipp.txt
-rw-------. root root unconfined_u:object_r:openvpn_etc_t:s0 ta.key
-rw-------. openvpn openvpn unconfined_u:object_r:openvpn_etc_t:s0 server.conf
如果你有這樣的聲明
status openvpn-status.log
在您的 openvpn 設定檔中,您可能會注意到伺服器仍然無法啟動。看一下 /var/log/audit/audit.log 就會發現
type=AVC msg=audit(1413580155.710:1265): avc: denied { write } for pid=19725 comm="openvpn" name="openvpn-status.log" dev="dm-1" ino=54153273 scontext=system_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:openvpn_etc_t:s0 tclass=file
將此文件的上下文更改為 rw 可以解決問題:
chcon -t openvpn_etc_rw_t openvpn-status.log
和
[root@server openvpn]# ls -alZ openvpn-status.log
-rw-------. root root unconfined_u:object_r:openvpn_etc_t:s0 openvpn-status.log
會變成
-rw-------. root root unconfined_u:object_r:openvpn_etc_rw_t:s0 openvpn-status.log
隨後撥打電話
service openvpn@server start
工作完美。
[root@server openvpn]# service openvpn@server status
Redirecting to /bin/systemctl status [email protected]
[email protected] - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/[email protected]; disabled)
Active: active (running) since Fri 2014-10-17 23:13:49 CEST; 9s ago
Process: 20445 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=0/SUCCESS)
Main PID: 20449 (openvpn)
CGroup: /system.slice/system-openvpn.slice/[email protected]
└─20449 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --cd /etc/openvpn/ --config server.conf
Oct 17 23:13:49 server openvpn[20445]: ROUTE_GATEWAY xx.xxx.xx.x/255.255.255.0 IFACE=eth0 HWADDR=XX:XX:XX:XX:XX:XX
Oct 17 23:13:49 server openvpn[20449]: GID set to nobody
Oct 17 23:13:49 server openvpn[20449]: UID set to nobody
Oct 17 23:13:49 server openvpn[20449]: UDPv4 link local (bound): [undef]
Oct 17 23:13:49 server openvpn[20449]: UDPv4 link remote: [undef]
Oct 17 23:13:49 server openvpn[20449]: MULTI: multi_init called, r=256 v=256
Oct 17 23:13:49 server openvpn[20449]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Oct 17 23:13:49 server systemd[1]: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
Oct 17 23:13:49 server openvpn[20449]: IFCONFIG POOL LIST
Oct 17 23:13:49 server openvpn[20449]: Initialization Sequence Completed
PS:我用的是Centos 7。
答案2
對於找到此線程的其他人,我在 Fedora 26 上遇到了問題。
答案3
問題是SELinux,編輯/etc/sysconfig/selinux和設定SELINUX=permissive然後重新啟動為我解決了它。我記得在 Fedora 中,必須執行一個命令才能正確使用 cert 目錄,但我忘記了該命令是什麼。設定為寬鬆修復可以完全修復,但更好的方法是修復它,以便它可以正確使用目錄。
答案4
我透過將conf檔案移到目錄解決了上述錯誤 client,例如,
/etc/openvpn/client/openvpn.conf