Wegen Problem mit dem TUN/TAP-Device habe ich auf die Schnelle mal openvpn getestet. - Es startet, mit workarround.
Anleitung:
https://openvpn.net/community-resources/static-key-mini-howto/Config
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key
Erster Versuch: Fehlstart
# systemctl restart openvpn@server
Mar 22 11:24:20 srvXXXX systemd[1]: openvpn@server.service: Failed to set invocation ID on control
Mar 22 11:24:20 srvXXXX systemd[1]: Starting OpenVPN connection to server...
Mar 22 11:24:20 srvXXXX ovpn-server[5139]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Mar 22 11:24:20 srvXXXX ovpn-server[5139]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Mar 22 11:24:20 srvXXXX ovpn-server[5139]: library versions: OpenSSL 1.0.2r 26 Feb 2019, LZO 2.08
Mar 22 11:24:20 srvXXXX ovpn-server[5139]: daemon() failed or unsupported: Resource temporarily unavailable (errno=11)
Mar 22 11:24:20 srvXXXX ovpn-server[5139]: Exiting due to fatal error
Mar 22 11:24:20 srvXXXX systemd[1]: openvpn@server.service: Control process exited, code=exited st
Mar 22 11:24:20 srvXXXX systemd[1]: Failed to start OpenVPN connection to server.
Mar 22 11:24:20 srvXXXX systemd[1]: openvpn@server.service: Unit entered failed state.
Mar 22 11:24:20 srvXXXX systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
Workaround:
https://github.com/angristan/openvpn-install/issues/129"Problem running on OpenVZ"
comment out the LimitNPROC line in /lib/systemd/system/openvpn@.service
systemctl daemon-reload
OK.
● openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2020-03-22 11:30:20 CET; 8s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 5165 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.stat
Main PID: 5166 (openvpn)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
└─5166 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: WARNING: INSECURE cipher with block size less than 128
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: TUN/TAP device tun0 opened
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: /sbin/ip link set dev tun0 up mtu 1500
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: UDPv4 link local (bound): [AF_INET][undef]:1194
Mar 22 11:30:20 srvXXXX ovpn-server[5166]: UDPv4 link remote: [AF_UNSPEC]
Mar 22 11:30:20 srvXXXX systemd[1]: Started OpenVPN connection to server.
Diese Zeile kann man ignorieren:
Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Option --txqueuelen kann nicht gesetzt werden. Default ist 100.