[gentoo-user] systemd + openvpn

[gentoo-user] systemd + openvpn

[Joseph]

How do I start and stop "systemd" services, I would imagine systemd works the same across all distros.
My openvpn server is running on Gentoo but client openvpn I setup on Fedora 21 (as the computer is old and slow).

Normally I would create configuration files in /etc/openvpn/
and run:
/etc/init.d/ln -s openvpn.client1 openvpn
/etc/init.d/openvpn.client1 start

But on Fedora when I do 
systemctl enable openvpn@eeepc.service

I get:
Failed to execute operation: No such file or directory.

-- 
Joseph

Re: [gentoo-user] systemd + openvpn

[Rich Freeman]

On Wed, Feb 11, 2015 at 1:58 PM, Joseph <syscon780@gmail.com> wrote:
> How do I start and stop "systemd" services, I would imagine systemd works
> the same across all distros.

You run systemd start <service> - that is the same on all distros
(well, if they're not writing fancy wrappers around it or whatever -
Gentoo follows upstream).

> My openvpn server is running on Gentoo but client openvpn I setup on Fedora
> 21 (as the computer is old and slow).
>
> Normally I would create configuration files in /etc/openvpn/
> and run:
> /etc/init.d/ln -s openvpn.client1 openvpn
> /etc/init.d/openvpn.client1 start
>
> But on Fedora when I do systemctl enable openvpn@eeepc.service

I ended up having to add the following to my unit:
ExecStartPre=-/bin/mkdir -p /dev/net
ExecStartPre=-/bin/mknod /dev/net/tun c 10 200

I forget if that is reported somewhere, fixed upstream, etc.  It has
been a while since I studied tap/tun so it might also not be necessary
in some configurations.

-- 
Rich

Re: [gentoo-user] systemd + openvpn

[Joseph]

On 02/11/15 14:16, Rich Freeman wrote:
>On Wed, Feb 11, 2015 at 1:58 PM, Joseph <syscon780@gmail.com> wrote:
>> How do I start and stop "systemd" services, I would imagine systemd works
>> the same across all distros.
>
>You run systemd start <service> - that is the same on all distros
>(well, if they're not writing fancy wrappers around it or whatever -
>Gentoo follows upstream).
>
>> My openvpn server is running on Gentoo but client openvpn I setup on Fedora
>> 21 (as the computer is old and slow).
>>
>> Normally I would create configuration files in /etc/openvpn/
>> and run:
>> /etc/init.d/ln -s openvpn.client1 openvpn
>> /etc/init.d/openvpn.client1 start
>>
>> But on Fedora when I do systemctl enable openvpn@eeepc.service
>
>I ended up having to add the following to my unit:
>ExecStartPre=-/bin/mkdir -p /dev/net
>ExecStartPre=-/bin/mknod /dev/net/tun c 10 200
>
>I forget if that is reported somewhere, fixed upstream, etc.  It has
>been a while since I studied tap/tun so it might also not be necessary
>in some configurations.
>
>-- 
>Rich

I have tried "xubuntu" on this old eeepc 1GB of ram only and I was able to make the openvpn to work but freenx would not work, I only need client on the laptop.
"nomachine" installed on xubuntu but they disabled ssh connection on the free download version the only free protocol is "nx" and it doesn't work with
nxserver-freenx.
"x2go" I make it to work but the fonts are unreadable, complete gibberish.

So, I've tried Fedora just to get stuck on EVIL "systemd" :-/

I could install Gentoo on this laptop via "distcc" but it would take a long time. Besides I like the way the network works on those new laptop, it switches 
seamlessly between cable "eth0" and "wifi".

-- 
Joseph

[gentoo-user] Re: systemd + openvpn

[walt]

On 02/11/2015 10:58 AM, Joseph wrote:
> on Fedora when I do systemctl enable openvpn@eeepc.service
> 
> I get:
> Failed to execute operation: No such file or directory.

You need to escape the @ by typing openvpn\@eeepc.service,
which is not clear from the error message.

Re: [gentoo-user] Re: systemd + openvpn

[Joseph]

On 02/11/15 13:52, walt wrote:
>On 02/11/2015 10:58 AM, Joseph wrote:
>> on Fedora when I do systemctl enable openvpn@eeepc.service
>>
>> I get:
>> Failed to execute operation: No such file or directory.
>
>You need to escape the @ by typing openvpn\@eeepc.service,
>which is not clear from the error message.

I'm still getting the same "failed" error message.

systemctl start openvpn\@eeepc.service

-- 
Joseph

[gentoo-user] Re: systemd + openvpn

[walt]

On 02/11/2015 02:38 PM, Joseph wrote:
> On 02/11/15 13:52, walt wrote:
>> On 02/11/2015 10:58 AM, Joseph wrote:
>>> on Fedora when I do systemctl enable openvpn@eeepc.service
>>>
>>> I get:
>>> Failed to execute operation: No such file or directory.
>>
>> You need to escape the @ by typing openvpn\@eeepc.service,
>> which is not clear from the error message.
> 
> I'm still getting the same "failed" error message.
> 
> systemctl start openvpn\@eeepc.service

Yes, I see the same, which I feel is a systemd bug.  The escaping
trick works only with the 'enable' command, not stop or start. Dumb.

As an experiment you might try systemctl start openvpn\*  or even
openvpn[@]eeepc  in case regexps might work.

BTW the .service is optional, systemd assumes it as the default.

Re: [gentoo-user] Re: systemd + openvpn

[Joseph]

On 02/11/15 15:26, walt wrote:
>On 02/11/2015 02:38 PM, Joseph wrote:
>> On 02/11/15 13:52, walt wrote:
>>> On 02/11/2015 10:58 AM, Joseph wrote:
>>>> on Fedora when I do systemctl enable openvpn@eeepc.service
>>>>
>>>> I get:
>>>> Failed to execute operation: No such file or directory.
>>>
>>> You need to escape the @ by typing openvpn\@eeepc.service,
>>> which is not clear from the error message.
>>
>> I'm still getting the same "failed" error message.
>>
>> systemctl start openvpn\@eeepc.service
>
>Yes, I see the same, which I feel is a systemd bug.  The escaping
>trick works only with the 'enable' command, not stop or start. Dumb.
>
>As an experiment you might try systemctl start openvpn\*  or even
>openvpn[@]eeepc  in case regexps might work.
>
>BTW the .service is optional, systemd assumes it as the default.

Thanks for trying to help.
I'm getting the same error message :-/
Trying to install Gentoo on it will take me 1-2 weeks :-/ so I was looking for an alternative.

-- 
Joseph

Re: [gentoo-user] Re: systemd + openvpn

[Rich Freeman]

On Wed, Feb 11, 2015 at 6:26 PM, walt <w41ter@gmail.com> wrote:
>
> Yes, I see the same, which I feel is a systemd bug.  The escaping
> trick works only with the 'enable' command, not stop or start. Dumb.
>

It seems more likely to be an error with the unit, which has nothing
to do with systemd.  As I mentioned already, I had to make some
changes in mine.

If you write a bad init.d scripts, that isn't an openrc bug either.  :)

-- 
Rich

Re: [gentoo-user] Re: systemd + openvpn

[Joseph]

On 02/11/15 19:26, Rich Freeman wrote:
>On Wed, Feb 11, 2015 at 6:26 PM, walt <w41ter@gmail.com> wrote:
>>
>> Yes, I see the same, which I feel is a systemd bug.  The escaping
>> trick works only with the 'enable' command, not stop or start. Dumb.
>>
>
>It seems more likely to be an error with the unit, which has nothing
>to do with systemd.  As I mentioned already, I had to make some
>changes in mine.
>
>If you write a bad init.d scripts, that isn't an openrc bug either.  :)
>
>-- 
>Rich

No, the problem in Fedora was thier "selinux". I suppose to be some extra security, but it seems to me it creates only more problems.
So I disabled it, and openvpn connects just fine.
I was able to install on it "nxclient-3.5" as well, it works fine.

-- 
Joseph

Re: [gentoo-user] Re: systemd + openvpn

[Rich Freeman]

On Thu, Feb 12, 2015 at 11:37 PM, Joseph <syscon780@gmail.com> wrote:
> No, the problem in Fedora was thier "selinux". I suppose to be some extra
> security, but it seems to me it creates only more problems.

A common observation with SELinux.  Even so, it definitely DOES
provide additional security.  It is a standard Linux feature and
available on Gentoo as well.  If the configuration isn't right (and it
is easy to get it wrong) then you'll have problems.

I forget all the details of SELinux, but you should be able to put it
in a mode that logs but does not enforce.  Using those logs you should
be able to determine exactly what roles/permissions/labels/etc are
missing.  I suspect that if you just dumped the relevant logs on
Fedora's bugzilla that they'd fix their openvpn package for you.  If I
had a working SELinux setup I wouldn't be too quick to just completely
disable it over one package.

-- 
Rich