I want to automatically run OpenVPN at boot because I need it for my VPN to work, however I didn't find a 66 service for OpenVPN, I need help to create it. Thanks in advance.

I think the best place to start would be to look at https://web.obarun.org/software/66/latest/frontend.html and the existing service files and try creating it yourself. I don't use OpenVPN myself, but after a quick glance at their how-to guide I'd start with something like this (no warranties etc):

[main]
@type = classic
@version = 0.0.1
@description = "OpenVPN daemon"
@user = ( root )
@options = ( log env )

[start]
@build = auto
@execute = (
	execl-cmdline -s { openvpn ${conf_file} } 
)

[environment]
conf_file=!/etc/openvpn/openvpn.conf

for the server:

create a file at /etc/66/service/openvpn-server@ with the following

[main]
@type = classic
@version = 0.0.1
@description = "OpenVPN server daemon"
@user = ( root )

[start]
@runas = openvpn
@execute = (
    cd /etc/openvpn/server
    execl-cmdline -s { openvpn ${conf_file} }
)

[environment]
conf_file=!--status /run/openvpn-server/status-@I.log --status-version 2 --suppress-timestamps --config @I.conf

be sure to have an existing configuration file at /etc/openvpn/server/ with the name used to enable the service. For example, if you do 66-enable openvpn-server@myenterprise you need to name the configuration file myenterprise.conf

for the client

create a file at /etc/66/service/openvpn-client@ with the following

[main]
@type = classic
@version = 0.0.1
@description = "OpenVPN client daemon"
@user = ( root )

[start]
@runas = openvpn
@execute = (
    cd /etc/openvpn/client
    execl-cmdline -s { openvpn ${conf_file} }
)

[environment]
conf_file=!--suppress-timestamps --nobind --config @I.conf

Again, be sure to have the corresponding configuration file at /etc/openvpn/client.
like said @advesperascit, no warranties etc

Please tell us if you got it running correctly

Thanks @advesperascit and @eric , the service configuration for the client worked but only if I remove the @runas =openvpn line, it looks like I have no "openvpn" user, is that normal?

  • eric replied to this.

    wastelander
    no, it's not normal, the openvpn user should be created at installation time. Just check it reading the /etc/passwd file.

      eric Ha yes, the user ovpn is there but if I add again the @runas key I get a permission denied error in opening the certificate and key files in the client folder. I think it's something to do with the openvpn user owning the client folder and requiring a password. Actually I don't even have a server conf file, my VPN just gives a single config file (that should be the client) to put in /etc/openvpn, without need to authenticate. Even simply moving the conf file to /etc/openvpn (outside the client folder) works, using the @advesperascit template.
      /etc/66/service/openvpn@:

      [main]
      @type = classic 
      @version = 0.0.1
      @description = "OpenVPN daemon"
      @user = ( root )
      
      [start]
      @execute = (
      cd /etc/openvpn
      execl-cmdline -s { openvpn ${conf_file} }
      )
      
      [environment]
      conf_file=!--config @I.conf

      Is it fine ? I removed the --nobind option because it's already in the conf file, however I think that this option and --suppress-timestamps are instead needed by the systemd service to avoid conflicts.

      Also, I took a look at the s6 service in the Artix repos, it basically uses the same command:

      #!/bin/execlineb -P
      fdmove -c 2 1
      exec openvpn --config /etc/openvpn/openvpn.conf

      to be honest i haven't tested. I gave you the options used by systemd service.
      If you want to use the Artix version be sure to remove the fdmove -c 2 1 and exec part . this is done automatically by 66. But i think the one given by @advesperascit correspond to the one given by artix (in better way regarding 66 syntax)

        eric perfect, as long as it works I'll keep the service that I am using now, thanks again for helping 😊

        wastelander changed the title to [SOLVED] Openvpn service? .
        4 months later

        Powered by Obarun