openvpn fails silently in systemd only

Brand new server.

I can start openvpn as a client at the cli using

openvpn --config /etc/openvpn/client.conf --verb 3

and pull a VPN ip address on the tun0 interface and ping the server just fine. But systemd fails silently without an error in any log.

service openvpn start

I did a standard

apt install openvpn

without any issues.

journalctl output:

Jun 11 06:19:12 fl.trader.com systemd[1]: Starting OpenVPN service...
Jun 11 06:19:12 fl.trader.com systemd[1]: Started OpenVPN service.

root@fl:/home/user# cat /etc/*-release

PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian

root@fl:/home/user# openvpn –version

OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

root@flounder:/home/kermit# cat /etc/openvpn/client.conf

client
remote my-server-ip
dev tun
nobind
tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/trader.com.crt
key /etc/openvpn/trader.com.key
comp-lzo
verb 3
ping-restart 60

log /var/log/openvpn/openvpn.log

server:

root@vortex:/pki# cat /etc/openvpn/server.conf

mode server
tls-server
port 1194
proto udp
dev tun

ca      /pki/ca.crt
cert    /pki/issued/trader.com.crt
key     /pki/private/trader.com.key
dh      /pki/dh.pem

server 10.9.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo         # Compression - must be turned on at both end
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 4  # verbose mode
user nobody
group nogroup
client-config-dir /etc/openvpn/ccd
client-to-client
push "redirect-gateway bypass-dhcp"
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 4.2.2.2"

log /var/log/openvpn/openvpn.log

How do I get openvpn to start in systemd?

Go to Source
Author: brad