- How to restart openvpn service (or any service) running under «nobody» user?
- 7 Answers 7
- Как перезапустить сервис openvpn (или любой сервис), работающий под пользователем «nobody»?
- 6 ответов
- OpenVPN Support Forum
- Restarting OpenVPN Server
- Re: Restarting OpenVPN Server
- Re: Restarting OpenVPN Server
- Re: Restarting OpenVPN Server
- Re: Restarting OpenVPN Server
- Controlling a running OpenVPN process
- Running on Windows as a GUI
- Running in a Windows command prompt window
- Running as a Windows Service
- Modifying a live server configuration
- Status File
- Using the management interface
How to restart openvpn service (or any service) running under «nobody» user?
On my Ubuntu 16.04 server, I have the OpenVPN service running as the user nobody . How can I restart the service or reload the config file for the service using, for instance, systemctl ? An openvpn process is running, but I don’t know how to access it.
310 nobody 20 0 44440 3184 1968 S 0.0 0.3 1263:30 openvpn
7 Answers 7
Try this, I’ve noticed that restart doesn’t work for me.
sudo systemctl stop openvpn@server sudo systemctl enable openvpn@server.service sudo systemctl start openvpn@server
OpenVPN is a templatized service under systemd . The services are named openvpn@config.service . So you should restart your /etc/openvpn/myvpn.conf instance with:
systemctl restart openvpn@myvpn.service
The trouble is using systemctl status openvpn@myvpn.service doesn’t reveal an active service when doing this under my login or under root user, as I assume the service is running under the nobody user
Go to the this directory and take a look at files:
sudo su cd /etc/systemd/system/multi-user.target.wants ls
there should be a file in this format (could be different depend on openvpn version):
if you see multiple files in this format, it’s because you probably use this code before:
sudo systemctl enable openvpn-something@server.service
this self-made files (created by enable) does nothing and could be removed later. But for now you should find the one works well with this commands without causing any error:
sudo systemctl stop sudo systemctl start
and replace with all files in this format (starts with openvpn and ends with .service) in the directory. The one that truly stops and starts openvpn service is the file you need and others could be removed (you shouldn’t have made them in first place by enabling them):
Be careful to not to remove the one that is making the service start and stop
Как перезапустить сервис openvpn (или любой сервис), работающий под пользователем «nobody»?
На моем сервере Ubuntu 16.04 у меня есть служба OpenVPN, работающая как пользователь nobody , Как я могу перезапустить службу или перезагрузить файл конфигурации для службы, используя, например, systemctl ?
openvpn процесс запущен, но я не знаю, как получить к нему доступ.
310 nobody 20 0 44440 3184 1968 S 0.0 0.3 1263:30 openvpn
Команда su nobody не работает, потому что пароль не установлен. Есть ли альтернатива?
6 ответов
Попробуйте это, я заметил, что restart не работает для меня
sudo systemctl stop [email protected] sudo systemctl enable [email protected] sudo systemctl start [email protected]
OpenVPN — это шаблонный сервис под systemd , Услуги названы openvpn@config.service , Таким образом, вы должны перезагрузить свой /etc/openvpn/myvpn.conf пример с:
Перезапуск systemctl openvpn @myvpn.service
Перейдите в этот каталог и посмотрите файлы:
sudo su cd /etc/systemd/system/multi-user.target.wants ls
должен быть файл в этом формате (может быть другим в зависимости от версии openvpn):
если вы видите несколько файлов в этом формате, это потому, что вы, вероятно, использовали этот код раньше:
эти самодельные файлы (созданные с помощью enable) ничего не делают и могут быть удалены позже. Но пока вы должны обнаружить, что одна из них хорошо работает с этими командами, не вызывая ошибок:
sudo systemctl stop [email protected]> sudo systemctl start [email protected]>
и заменить всеми файлами в этом формате (начинается с openvpn и заканчивается на.service) в каталоге. Тот, который действительно останавливает и запускает службу openvpn, — это нужный вам файл, а другие могут быть удалены (вы не должны были создавать их в первую очередь, включив их):
Будьте осторожны, чтобы не удалить тот, который запускает и останавливает службу.
OpenVPN Support Forum
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Restarting OpenVPN Server
Post by ScKaSx444 » Tue Jun 07, 2011 11:46 pm
I am trying to debug my configuration files for a client-server setup, where (client=my laptop, Windows 7) and (server=NAS hard drive, Linux). When I make changes to the server configuration I would like to restart the OpenVPN server. To do this is it okay to just run from the command line:
Re: Restarting OpenVPN Server
Post by Bebop » Wed Jun 08, 2011 7:37 am
Power cycle is definitely not necessary. The exact method you use will depend on your OS, and whether you start as a service or not.
are you stopping the old instance first? (ctrl+c)
If yes, then you are doing all that is required. Nothing further required.
Re: Restarting OpenVPN Server
Post by ScKaSx444 » Thu Jun 16, 2011 5:08 pm
Thanks for the response, great name btw as it was also a great show.
I read about stopping the service with ctrl-c but I can’t tell if that does anything when I do that. Can I check ‘jobs’ or ‘processes’ in linux to see if it is/isn’t running in the background? Does linux have a restart function like with Debian or Centos?
janjust Forum Team Posts: 2703 Joined: Fri Aug 20, 2010 2:57 pm Location: Amsterdam Contact:
Re: Restarting OpenVPN Server
Post by janjust » Fri Jun 17, 2011 7:37 am
this depends on your linux distro; the centos+debian scripts are wrappers around the openvpn command itself; if openvpn is launched from the command line without using ‘deamon’ then a CTRL+C is sufficient; if openvpn is daemonized you can find the processes using
Re: Restarting OpenVPN Server
Post by david01 » Thu Jun 03, 2021 3:00 pm
to restart the service
if you on Redhat or CentOS
[root@localhost ~]# systemctl list-units —type service //to check service name
[root@localhost ~]# systemctl status openvpn-server@server.service // for me the service is «openvpn-server@server.service»
[root@localhost ~]# systemctl restart openvpn-server@server.service // to restart the service
- Announcements
- Forum & Website Support
- Community Project
- ↳ Server Administration
- ↳ Configuration
- ↳ Examples
- ↳ Routed Example
- ↳ Installation Help
- ↳ Tutorials
- ↳ Testing branch
- ↳ Scripting and Customizations
- ↳ Authentication Scripts
- ↳ Routing and Firewall Scripts
- ↳ Rolling Your Own Installer
- ↳ Wishlist
- ↳ Cert / Config management
- ↳ Easy-RSA
- OpenVPN Inc. enterprise business solutions
- ↳ The OpenVPN Access Server
- ↳ CloudConnexa (previously OpenVPN Cloud)
- ↳ OpenVPN Connect (Windows)
- ↳ OpenVPN Connect (macOS)
- ↳ OpenVPN Connect (Android)
- ↳ OpenVPN Connect (iOS)
- Off Topic, Related
- Braggin’ Rights
- ↳ My VPN
- ↳ Doh!
- Pay OpenVPN Service Provider Reviews/Comments
Controlling a running OpenVPN process
Use the writepid directive to write the OpenVPN daemon’s PID to a file, so that you know where to send the signal (if you are starting openvpn with an initscript, the script may already be passing a —writepid directive on the openvpn command line).
Running on Windows as a GUI
Running in a Windows command prompt window
On Windows, you can start OpenVPN by right clicking on an OpenVPN configuration file (.ovpn file) and selecting «Start OpenVPN on this config file».
Once running in this fashion, several keyboard commands are available:
- F1 — Conditional restart (doesn’t close/reopen TAP adapter)
- F2 — Show connection statistics
- F3 — Hard restart
- F4 — Exit
Running as a Windows Service
When OpenVPN is started as a service on Windows, the only way to control it is:
- Via the service control manager (Control Panel / Administrative Tools / Services) which gives start/stop control.
- Via the management interface (see below).
Modifying a live server configuration
While most configuration changes require you to restart the server, there are two directives in particular which refer to files which can be dynamically updated on-the-fly, and which will take immediate effect on the server without needing to restart the server process.
client-config-dir — This directive sets a client configuration directory, which the OpenVPN server will scan on every incoming connection, searching for a client-specific configuration file (see the the manual page for more information). Files in this directory can be updated on-the-fly, without restarting the server. Note that changes in this directory will only take effect for new connections, not existing connections. If you would like a client-specific configuration file change to take immediate effect on a currently connected client (or one which has disconnected, but where the server has not timed-out its instance object), kill the client instance object by using the management interface (described below). This will cause the client to reconnect and use the new client-config-dir file.
crl-verify — This directive names a Certificate Revocation List file, described below in the Revoking Certificates section. The CRL file can be modified on the fly, and changes will take effect immediately for new connections, or existing connections which are renegotiating their SSL/TLS channel (occurs once per hour by default). If you would like to kill a currently connected client whose certificate has just been added to the CRL, use the management interface (described below).
Status File
The default server.conf file has a line
status openvpn-status.log
which will output a list of current client connections to the file openvpn-status.log once per minute.
Using the management interface
The OpenVPN management interface allows a great deal of control over a running OpenVPN process. You can use the management interface directly, by telneting to the management interface port, or indirectly by using an OpenVPN GUI which itself connects to the management interface.
To enable the management interface on either an OpenVPN server or client, add this to the configuration file:
management localhost 7505
This tells OpenVPN to listen on TCP port 7505 for management interface clients (port 7505 is an arbitrary choice — you can use any free port).
Once OpenVPN is running, you can connect to the management interface using a telnet client. For example:
ai:~ # telnet localhost 7505 Trying 127.0.0.1. Connected to localhost. Escape character is '^]'. >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info help Management Interface for OpenVPN 2.0_rc14 i686-suse-linux [SSL] [LZO] [EPOLL] built on Feb 15 2005 Commands: echo [on|off] [N|all] : Like log, but only show messages in echo buffer. exit|quit : Close management session. help : Print this message. hold [on|off|release] : Set/show hold flag to on/off state, or release current hold and start tunnel. kill cn : Kill the client instance(s) having common name cn. kill IP:port : Kill the client instance connecting from IP:port. log [on|off] [N|all] : Turn on/off realtime log display + show last N lines or 'all' for entire history. mute [n] : Set log mute level to n, or show level if n is absent. net : (Windows only) Show network info and routing table. password type p : Enter password p for a queried OpenVPN password. signal s : Send signal s to daemon, s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2. state [on|off] [N|all] : Like log, but show state history. status [n] : Show current daemon status info using format #n. test n : Produce n lines of output for testing/debugging. username type u : Enter username u for a queried OpenVPN username. verb [n] : Set log verbosity level to n, or show if n is absent. version : Show current version number. END exit Connection closed by foreign host. ai:~ #