Installing OpenVPN on Red Hat 8

Question

I am having an issue getting OpenVPN 2.4.8 installed and enabled on a Red Hat 8 server running as an EC2 instance on AWS.

The steps I have taken are as follows.

Added the EPEL (Extra Packages for Enterprise Linux) repository by running the following.

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

This installs the repository with no apparent issues, and I then install OpenVPN.

sudo dnf install openvpn

dnf finds the package and it appears to install it without any issues, as per the below output.

Extra Packages for Enterprise Linux 8 - x86_64                                                                                                                                                                                         1.5 MB/s | 4.0 MB     00:02    
Last metadata expiration check: 0:00:01 ago on Thu Nov 28 16:03:24 2019.
Dependencies resolved.
======================================================================================================================================================================================================================================================================= Package                                                             Arch                                                         Version                                                             Repository                                                  Size 
=======================================================================================================================================================================================================================================================================Installing:
 openvpn                                                             x86_64                                                       2.4.8-1.el8                                                         epel                                                       540 k 
Installing dependencies:
 pkcs11-helper                                                       x86_64                                                       1.22-7.el8                                                          epel                                                        64 k 

Transaction Summary
=======================================================================================================================================================================================================================================================================Install  2 Packages

Total download size: 604 k
Installed size: 1.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): pkcs11-helper-1.22-7.el8.x86_64.rpm                                                                                                                                                                                             571 kB/s |  64 kB     00:00     
(2/2): openvpn-2.4.8-1.el8.x86_64.rpm                                                                                                                                                                                                  4.3 MB/s | 540 kB     00:00     
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Total                                                                                                                                                                                                                                  197 kB/s | 604 kB     00:03     
warning: /var/cache/dnf/epel-fafd94c310c51e1e/packages/openvpn-2.4.8-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Extra Packages for Enterprise Linux 8 - x86_64                                                                                                                                                                                         1.6 MB/s | 1.6 kB     00:00     
Importing GPG key 0x2F86D6A1:
 Userid     : "Fedora EPEL (8) <epel@fedoraproject.org>"
 Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                                               1/1 
  Installing       : pkcs11-helper-1.22-7.el8.x86_64                                                                                                                                                                                                               1/2 
  Running scriptlet: openvpn-2.4.8-1.el8.x86_64                                                                                                                                                                                                                    2/2 
  Installing       : openvpn-2.4.8-1.el8.x86_64                                                                                                                                                                                                                    2/2 
  Running scriptlet: openvpn-2.4.8-1.el8.x86_64                                                                                                                                                                                                                    2/2 
  Verifying        : openvpn-2.4.8-1.el8.x86_64                                                                                                                                                                                                                    1/2 
  Verifying        : pkcs11-helper-1.22-7.el8.x86_64                                                                                                                                                                                                               2/2 

Installed:
  openvpn-2.4.8-1.el8.x86_64                                                                                                      pkcs11-helper-1.22-7.el8.x86_64

Complete!

If I then try to enable or start OpenVPN with sudo systemctl enable openvpn.service / sudo systemctl enable openvpn@server.service or sudo systemctl start openvpn.service / sudo systemctl start openvpn@server.service it fails to enable or start as below.

Failed to enable (or start) unit: Unit file openvpn.service does not exist.

If I run systemctl | grep openvpn nothing at all is returned for OpenVPN.

After installing OpenVPN through apt on Ubuntu, if I call sudo systemctl status openvpn.service regardless of whether I have yet provided a server.conf then systemctl gives me a status back, as below.

● openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
   Active: inactive (dead)

This is not happening on Red Hat 8. So my question is how can I find out why despite installing OpenVPN through dnf and having server.conf and the certificates in place, when I try to manage the service with systemctl the OpenVPN unit doesn't seem to have actually been installed?

Within the /usr/lib/systemd/system directory the below units exist.

openvpn-client@.service
openvpn-server@.service

If I run sudo systemctl status openvpn-server@server then I do actually get something back, but I can't start it, because it immediately fails.

● openvpn-server@server.service - OpenVPN service for server
   Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO

I have searched for a solution to no avail, so I hope somebody can help!

score 2 · Answer 1 · answered Jun 30 '20 at 17:12

For lack of detailed error logs from the poster, I will provide my solution here. Having had the same problem on an AWS RHEL 8.2 instance, I found a few configuration details needed tweaking to get the service running. These may differ across templates & tutorials/blogs being used.

Ensure `server.conf` is in the correct directory

Depending on the tutorial you are following, the location of the server.conf will differ (if they mention this detail at all!).

Having set up server on Ubuntu before, I would usually store them in /etc/openvpn/. However, apparently for RHEL 8, it should be in /etc/openvpn/server, i.e.:

cd /etc/openvpn
sudo mv server.conf server/

Create the log folder

I found that it was necessary to create the /var/log/openvpn folder:

cd /var/log
sudo mkdir openvpn

Once these commands were run, I found that the directory had been magically populated with the necessary files. I'm curiuos to see if anyone has the same results.

Change `nogroup` to `nobody`

In server.conf, change the line that read group nogroup to group nobody. This may be how it is in your config already but, coming from an Ubuntu background, I found this to be the most head scratching issue.

Finally - Starting the service

Since the OP has listed quite a few commands that he tried - and other posters suggested more - I'll give the commands that worked for me:

sudo systemctl enable openvpn-server@server.service

Note: Some source suggest using the -f flag to force it: sudo systemctl -f enable openvpn-server@server.service, but I didn't find this necessary.

Then:

sudo systemctl start openvpn-server@server.service

And you're done!

score 0 · Answer 2 · answered Nov 28 '19 at 16:59

0

It seems like the openvpn service is not yet enabled properly.Enable the openvpn service by using the below command

systemctl enable openvpn@vpnname.service

You can start the OpenVPN service manually by using the below command

systemctl start openvpn@vpnname.service

answered Nov 28 '19 at 16:59

Manikandan Ram

399
2
15

Thanks for coming back so quickly but I should clarify that even with the `server.conf` configuration and certificates in-place, I can't actually enable or start the service, because `systemctl` says the unit does not exist when I try: `Failed to enable unit: Unit file openvpn@vpnname.service does not exist.`... – Jake Price Nov 28 '19 at 17:32
Can you share me the blog you used to install this OpenVPN server – Manikandan Ram Nov 28 '19 at 17:38
Use systemctl start openvpn@server.service – Zatarra Nov 28 '19 at 19:49
As mentioned `systemctl start openvpn@server.service` and `systemctl enable openvpn@server.service` return `Failed to start (or enable) openvpn@server.service: Unit openvpn@server.service not found.` – Jake Price Nov 29 '19 at 12:03

score 0 · Answer 3 · answered Nov 29 '19 at 12:50

It seems like there no service created as openvpn@server.service. Once you install the packages have to create the config file, in these case the file needs to be server.conf.

For example:

$ sudo cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn 
$ sudo nano /etc/openvpn/server.conf

Once you configure correctly the server.conf you can use systemctl commands.

Try to use these guide. It's from Centos7 but it seems it's compatible with Red Had 8.

Installing OpenVPN on Red Hat 8

3 Answers3

Ensure server.conf is in the correct directory

Create the log folder

Change nogroup to nobody

Finally - Starting the service

Ensure `server.conf` is in the correct directory

Change `nogroup` to `nobody`