Bug 1133870 - compile with --enable-systemd to use systemd password agent
Summary: compile with --enable-systemd to use systemd password agent
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openvpn
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Steven Pritchard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-26 10:46 UTC by Jan Včelák
Modified: 2014-08-30 03:59 UTC (History)
4 users (show)

Fixed In Version: openvpn-2.3.2-6.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-30 03:59:08 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
patch for Fedora 20 spec file (1.29 KB, patch)
2014-08-26 10:46 UTC, Jan Včelák 		no flags Details | Diff
View All

Description Jan Včelák 2014-08-26 10:46:41 UTC 
Created attachment 930821 [details]
patch for Fedora 20 spec file

Description of problem:

Currently, OpenVPN is compiled with systemd support disabled. As a result, instances started using openvpn@.service requiring password will fail.

Please, add --enable-systemd to configure options.


Version-Release number of selected component (if applicable):
openvpn-2.3.2-4.fc20
openvpn-2.3.4-3.fc21
openvpn-2.3.4-3.fc22

How reproducible:
always


Steps to Reproduce:
1. create sample '/etc/openvpn/example.conf' with 'key' parameter pointing to encrypted PEM certificate
2. run: systemctl start openvpn@example
3. check logs: journalctl _SYSTEMD_UNIT=openvpn

Actual results:

$ sudo systemctl start openvpn@example
Job for openvpn failed. See 'systemctl status openvpn' and 'journalctl -xn' for details

$ sudo journalctl _SYSTEMD_UNIT=openvpn
...
Aug 26 01:09:02 fedora openvpn[2984]: Tue Aug 26 01:09:02 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 20
Aug 26 01:09:02 fedora openvpn[2984]: Enter Private Key Password:
Aug 26 01:09:02 fedora openvpn[2984]: Tue Aug 26 01:09:02 2014 Error: private key password verification failed
Aug 26 01:09:02 fedora openvpn[2984]: Tue Aug 26 01:09:02 2014 Exiting due to fatal error
...

Expected results:

$ sudo systemctl start openvpn@example
Enter Private Key Password: ********

$ sudo journalctl _SYSTEMD_UNIT=openvpn
...
Aug 26 12:28:27 fedora openvpn[18023]: OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Aug 26 2014
Aug 26 12:28:30 fedora openvpn[18023]: Control Channel Authentication: using 'openvpn_static' as a OpenVPN static key file
Aug 26 12:28:30 fedora openvpn[18023]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 12:28:30 fedora openvpn[18023]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
...


Additional info:
Comment 1 Gwyn Ciesla 2014-08-26 13:22:40 UTC 
Thanks, I'll get this in rawhide, f21 and f20 ASAP.
Comment 2 Fedora Update System 2014-08-26 15:05:56 UTC 
openvpn-2.3.2-6.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openvpn-2.3.2-6.fc20
Comment 3 Fedora Update System 2014-08-28 15:33:46 UTC 
Package openvpn-2.3.2-6.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openvpn-2.3.2-6.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-9852/openvpn-2.3.2-6.fc20
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2014-08-30 03:59:08 UTC 
openvpn-2.3.2-6.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.