From: Julien Lepiller <julien@lepiller.eu>
To: help-guix@gnu.org,Raghav Gururajan <rg@raghavgururajan.name>
Subject: Re: OpenVPN Service
Date: Wed, 18 Nov 2020 09:06:26 -0500 [thread overview]
Message-ID: <0EBA4657-3F11-4152-BD44-29A0FE12BDEE@lepiller.eu> (raw)
In-Reply-To: <62f628f6-4a6e-065b-70ca-374a998b52d2@raghavgururajan.name>
Le 17 novembre 2020 21:36:07 GMT-05:00, Raghav Gururajan <rg@raghavgururajan.name> a écrit :
>Hello Guix!
>
>I am struggling to setup OpenVPN Service Type. Here is my current
>configuration.
>
>*** START ***
>
>(service openvpn-client-service-type
> (openvpn-client-configuration
> (remote
> (list
> (openvpn-remote-configuration
> (name "vpn.riseup.net")
> (port 1194))))
> (auth-user-pass "/etc/openvpn/Riseup.txt")
> (ca "/etc/openvpn/RiseupCA.pem")))
>
>*** END ***
>
>When I do, `sudo herd status vpn-client`, I get:
>
>*** START ***
>
>Status of vpn-client:
> It is stopped.
> It is enabled.
> Provides (vpn-client).
> Requires (networking).
> Conflicts with ().
> Will be respawned.
>
>*** END ***
>
>When I do, `openvpn /gnu/store/[...]-openvpn.conf`, I get:
>
>*** START ***
>
>Options error: --ca fails with '/etc/openvpn/ca.crt': No such file or
>directory (errno=2)
I'm surprised by this one: you already set ca to something different. Can you share the generated openvpn.conf?
>Tue Nov 17 21:32:44 2020 WARNING: cannot stat file
>'/etc/openvpn/client.key': No such file or directory (errno=2)
>Options error: --key fails with '/etc/openvpn/client.key': No such file
Ok, looking at the service definition, this is not so surprising: it expects a file in the cert and key fields, and uses the defaults here. I'm surprised it doesn't complain about client.crt. I pushed a small update to the service. After you run guix pull, you should be able to specify (cert 'disabled) and (key 'disabled).
>
>or directory (errno=2)
>Tue Nov 17 21:32:44 2020 WARNING: file '/etc/openvpn/Riseup.txt' is
>group or others accessible
>Options error: Please correct these errors.
This is only a warning, but you don't want your password to be world readable: chown it to openvpn's user, and chmod it to 600.
>
>*** END ***
>
>Could anyone please help me with this?
>
>Regards,
>RG.
next prev parent reply other threads:[~2020-11-18 14:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-18 2:36 OpenVPN Service Raghav Gururajan
2020-11-18 14:06 ` Julien Lepiller [this message]
2020-11-18 19:54 ` Raghav Gururajan
2020-11-19 1:04 ` jbranso
2020-11-19 11:36 ` Julien Lepiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0EBA4657-3F11-4152-BD44-29A0FE12BDEE@lepiller.eu \
--to=julien@lepiller.eu \
--cc=help-guix@gnu.org \
--cc=rg@raghavgururajan.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.