Red Hat Bugzilla – Bug 832788
openvpn does not start on boot
Last modified: 2012-06-18 16:40:48 EDT
Openvpn server does not start on boot with message
cannot bind 220.127.116.11:1194
but restaring it manually
systemctl restart email@example.com
if in /etc/openvpn/server.conf
I comment the line
then openvpn server starts on boot OK and listen on 0/0:1194
probably some interaction with Network Manager
If the network interface which you want OpenVPN to bind to isn't available when OpenVPN tries to start at boot time, this is the expected behaviour.
Generally speaking, any kind of errors like "cannot bind 18.104.22.168:1194" indicates that there are no network interfaces configured with the given IP address available when OpenVPN started. By not using the --local option, OpenVPN will listen to any IP addresses; including from IP addresses on network interfaces which was not available when OpenVPN was started. It is not possible to bind to an not configured IP address.
Closing as NOTABUG. If you feel this is not the right solution, please re-open this bz and attach a complete log file with verb set to 4 (f.ex using --log /var/tmp/openvpn.log --verb 4). Otherwise it will be difficult to analyse further what went wrong.
I do have all interfaces configured right, and
everything is working OK if I start openvpn AFTER boot is done.
The problem is that on boot openvpn is starded by systemd BEFORE
network interfaces are up.
I think openvpn supposed to wait for network manager to get interfaces up
or scheduled to be started after NewtworkManager.
It SysV it was very clear: start nework on runlevel N
start other program on level N+1. (after N).
Ultimate example - start openvpn before network is up and
have guaranteed failure.
People from https://bugzilla.redhat.com/show_bug.cgi?id=752774
suggested me the two workarounds, but I think openvpn .service
script should be adjusted to be started later.
The best solution would be for openvpn to use IP_FREEBIND so that it can bind
to the address evenm if it doesn't exist yet.
A workaround is to enable NetworkManager-wait-online.service so that things
which depend on network.target (like openvpn) only start once NetworkManager
has finished bringing the network up.
----END OF QUOTE