Discussion:
[systemd-devel] Having trouble connecting to VPN on Whonix
דניאל חומדוב
2017-11-18 22:18:51 UTC
Permalink
***@host:/home/user# systemctl status ***@openvpn.service
● ***@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/lib/systemd/system/***@.service; disabled)
Drop-In: /lib/systemd/system/***@openvpn.service.d
└─50_unpriv.conf
Active: failed (Result: exit-code) since Sat 2017-11-18 20:49:51 UTC; 20s ago
Process: 2489 ExecStartPre=/usr/bin/sudo /usr/sbin/openvpn --rmtun --dev tun0 (code=exited, status=1/FAILURE)

Nov 18 20:49:51 host sudo[2489]: #1) Respect the privacy of others.
Nov 18 20:49:51 host sudo[2489]: #2) Think before you type.
Nov 18 20:49:51 host sudo[2489]: #3) With great power comes great responsibility.
Nov 18 20:49:51 host sudo[2489]: sudo: no tty present and no askpass program specified
Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): conversation failed
Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): auth could not identify password for [tunnel]
Nov 18 20:49:51 host sudo[2489]: tunnel : command not allowed ; TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/usr/s...ev tun0
Nov 18 20:49:51 host systemd[1]: ***@openvpn.service: control process exited, code=exited status=1
Nov 18 20:49:51 host systemd[1]: Failed to start OpenVPN connection to openvpn.
Nov 18 20:49:51 host systemd[1]: Unit ***@openvpn.service entered failed state.
Lennart Poettering
2017-11-20 12:18:51 UTC
Permalink
└─50_unpriv.conf
Active: failed (Result: exit-code) since Sat 2017-11-18 20:49:51 UTC; 20s ago
Process: 2489 ExecStartPre=/usr/bin/sudo /usr/sbin/openvpn --rmtun --dev tun0 (code=exited, status=1/FAILURE)
Nov 18 20:49:51 host sudo[2489]: #1) Respect the privacy of others.
Nov 18 20:49:51 host sudo[2489]: #2) Think before you type.
Nov 18 20:49:51 host sudo[2489]: #3) With great power comes great responsibility.
Nov 18 20:49:51 host sudo[2489]: sudo: no tty present and no askpass program specified
Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): conversation failed
Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): auth could not identify password for [tunnel]
Nov 18 20:49:51 host sudo[2489]: tunnel : command not allowed ; TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/usr/s...ev tun0
Nov 18 20:49:51 host systemd[1]: Failed to start OpenVPN connection to openvpn.
This is a systemd issue. Your sudo command in the openvpn service
failed, because it needed a password, but couldn't query one, as
services in systemd run with stdin/stdout/stderr not connected to an
interactive TTY, but connected to /dev/null (in the case of stdin) and
the logging subsystem (in the case of stdout/stderr).

Or in other words: something is wrong with your unit file, or with the
drop-in you prepared. It shouldn't use sudo really. sudo is primarily
an interactive tool. If you want change privilege for non-interactive
tools, such as daemons, then setpriv(1) is the right tool to use. That
said, systemd can drop privileges for you anyway with "User="...

Lennart
--
Lennart Poettering, Red Hat
Loading...