OpenV$P$N配置后启动服务发生错误排错

时间:2024-11-14 07:43:47
  • 脚本写完测试时发现客户端无法连接OpenV P P PN服务器
  • 查看发现服务没有启动
  • 启动服务时报错
[root@C8-194 ~]# cat > /usr/lib/systemd/system/openvpn@.service << SUN
> [Unit]
> Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
> After=
> [Service]
> Type=notify
> PrivateTmp=true
> ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %
> [Install]
> WantedBy=
> SUN
[root@C8-194 ~]# ## 启动OpenVPN服务
[root@C8-194 ~]# systemctl daemon-reload
[root@C8-194 ~]# systemctl enable --now openvpn@server
Job for openvpn@ failed because the control process exited with error code.
See "systemctl status openvpn@" and "journalctl -xe" for details.
  • 执行status和-xe查看具体错误
[root@C8-194 ~]# systemctl status openvpn@
● openvpn@ - OpenVPN Robust And Highly Flexible Tunneling Application On server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2021-05-12 02:04:53 CST; 27s ago
  Process: 1411 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config  (code=exited, status=1/FAI>
 Main PID: 1411 (code=exited, status=1/FAILURE)

May 12 02:04:53 C8-194 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server>
May 12 02:04:53 C8-194 systemd[1]: openvpn@: Main process exited, code=exited, status=1/FAILURE
May 12 02:04:53 C8-194 systemd[1]: openvpn@: Failed with result 'exit-code'.
May 12 02:04:53 C8-194 systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On>
[root@C8-194 ~]# journalctl -xe
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: /support
-- 
-- The unit  has successfully entered the 'dead' state.
May 12 02:04:52 C8-194 systemd[1]: Reloading.
May 12 02:04:53 C8-194 systemd[1]: Reloading.
May 12 02:04:53 C8-194 systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server>
-- Subject: Unit openvpn@ has begun start-up
-- Defined-By: systemd
-- Support: /support
-- 
-- Unit openvpn@ has begun starting up.
May 12 02:04:53 C8-194 systemd[1]: openvpn@: Main process exited, code=exited, status=1/FAILURE
May 12 02:04:53 C8-194 systemd[1]: openvpn@: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: /support
-- 
-- The unit openvpn@ has entered the 'failed' state with result 'exit-code'.
May 12 02:04:53 C8-194 systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On>
-- Subject: Unit openvpn@ has failed
-- Defined-By: systemd
-- Support: /support
-- 
-- Unit openvpn@ has failed.
-- 
-- The result is failed.
  • 并没有具体的提示
  • 分段执行脚本中函数测试,发现卡在启动服务的函数段
  • 经仔细比对分析,确认启动脚本没有错误
  • 按照以往经验,严重怀疑时配置文件错误
  • 经重新检查发现配置文件中server字段应该填写网段而非服务器IP
[root@C8-194 ~]# cat /etc/openvpn/ 
port 1194
proto tcp
dev tun
ca /etc/openvpn/certs/
cert /etc/openvpn/certs/
key /etc/openvpn/certs/ # This file should be kept secret
dh /etc/openvpn/certs/
server 10.0.0.194 255.255.255.0
push "route 172.66.0.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
max-clients 2048
user openvpn
group openvpn
status /var/log/openvpn/
log-append /var/log/openvpn/
verb 3
mute 20

  • 订正错误
server 10.0.0.194 255.255.255.0
  • 修改为
server 10.0.0.0 255.255.255.0

其后服务可以正常启动,故障排除!
在这里插入图片描述
不过正常启动后,openvpn产生的tun0豚骨隧道网段如果和当前网段一样,会产生路由冲突,导致服务器无法访问

  • 修改为
server 10.123.223.0 255.255.255.0

豚骨隧道