When I use the following configuration that works on 1.2.5-epa1 the OpenVPN service fails to start.
set interfaces openvpn vtun0 authentication password xxxxxx set interfaces openvpn vtun0 authentication username xxxxxx set interfaces openvpn vtun0 hash 'sha512' set interfaces openvpn vtun0 mode 'client' set interfaces openvpn vtun0 openvpn-option '--persist-key' set interfaces openvpn vtun0 openvpn-option '--persist-tun' set interfaces openvpn vtun0 openvpn-option '--nobind' set interfaces openvpn vtun0 openvpn-option '--comp-lzo' set interfaces openvpn vtun0 openvpn-option '--cipher AES-256-CBC' set interfaces openvpn vtun0 openvpn-option '--tls-auth /config/auth/nordvpn/tls.key 1' set interfaces openvpn vtun0 openvpn-option '--script-security 2' set interfaces openvpn vtun0 openvpn-option '--route-method exe' set interfaces openvpn vtun0 openvpn-option '--ns-cert-type server' set interfaces openvpn vtun0 openvpn-option '--key-direction 1' set interfaces openvpn vtun0 openvpn-option '--route-delay 2' set interfaces openvpn vtun0 openvpn-option '--mssfix 1450' set interfaces openvpn vtun0 openvpn-option '--keysize 256' set interfaces openvpn vtun0 openvpn-option '--sndbuf 524288' set interfaces openvpn vtun0 openvpn-option '--rcvbuf 524288' set interfaces openvpn vtun0 openvpn-option '--fast-io' set interfaces openvpn vtun0 openvpn-option '--verb 3' set interfaces openvpn vtun0 openvpn-option '--auth-retry nointeract' set interfaces openvpn vtun0 openvpn-option '--route-nopull' set interfaces openvpn vtun0 openvpn-option '--tun-mtu 1532' set interfaces openvpn vtun0 persistent-tunnel set interfaces openvpn vtun0 protocol 'udp' set interfaces openvpn vtun0 remote-host 'xxx.xxx.42.68' set interfaces openvpn vtun0 remote-port '1194' set interfaces openvpn vtun0 tls ca-cert-file xxxxxx
Error given on commit
[ interfaces openvpn vtun0 tls ca-cert-file /config/auth/nordvpn/ca.crt ] [ interfaces openvpn vtun0 ] Job for [email protected] failed because the control process exited with error code. See "systemctl status [email protected]" and "journalctl -xe" for details. RTNETLINK answers: Operation not supported
In the logs for OpenVPN the following is written.
Apr 19 11:29:33 vyos systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE Apr 19 11:29:33 vyos systemd[1]: [email protected]: Failed with result 'exit-code'. Apr 19 11:29:38 vyos systemd[1]: [email protected]: Service RestartSec=5s expired, scheduling restart. Apr 19 11:29:38 vyos systemd[1]: [email protected]: Scheduled restart job, restart counter is at 55. Apr 19 11:29:38 vyos openvpn-vtun0[2513]: DEPRECATED OPTION: --compat-names, please update your configuration. This will be removed in OpenVPN 2.5. Apr 19 11:29:38 vyos openvpn-vtun0[2513]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6 Apr 19 11:29:38 vyos openvpn-vtun0[2513]: WARNING: file '/config/auth/nordvpn/tls.key' is group or others accessible Apr 19 11:29:38 vyos openvpn-vtun0[2513]: WARNING: cannot stat file '/tmp/openvpn-vtun0-pw': No such file or directory (errno=2) Apr 19 11:29:38 vyos openvpn-vtun0[2513]: Options error: --auth-user-pass fails with '/tmp/openvpn-vtun0-pw': No such file or directory (errno=2) Apr 19 11:29:38 vyos openvpn-vtun0[2513]: Options error: Please correct these errors.