On Thu, 31.03.16 23:07, Piotr Dobrogost ([email protected]) wrote:
> Hi! > > When I start OpenVPN as a deamon from command line like this: > `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config > /etc/openvpn/xxx.conf` > the tunnel comes up with no problem. > However, when I start it as a systemd service I get this error: > > Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL, > L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA > Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1, > error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx > VPN CA > > I've been getting the same error when starting OpenVPN as a deamon > from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's > why I thought the reason for error is that when starting OpenVPN as a > systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I > verified it gets set by adding "ExecStartPre=/usr/bin/env" to the > service template file. This is probably something to ask the openvpn folks about. Note that systemd invokes services in a very minimal, cleaned-up execution evnironment. Maybe there's something missing for openvpn there, such as the right $PATH or so... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
