-
Notifications
You must be signed in to change notification settings - Fork 310
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Current OpenVPN-related issues and their fix proposals #5942
Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This was referenced May 12, 2024
This issue has been automatically closed because it has not had activity for a long time. If this issue is still valid, please ping a maintainer and ask them to label it as "pinned". Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are currently multiple minor issues that might prevent users from running a Mysterium Node who prefer to provide OpenVPN service due to TCP support instead of Wireguard that is restricted to UDP only. I have also noticed that you have disabled the
openvpn
service by default probably to avoid first-launch issues since many users faced them, but it appears nobody tried to debug them and mostly their causes are the incompatibilities I have demonstrated in this report.I won't create a separate issue for each of them but instead will list most significant of them that once fixed, might allow less complicated node running experience with OpenVPN service enabled.
Problem: OpenVPN service doesn't launch due to old OpenVPN version (< 2.4) without any proper debug information
Reason: OpenVPN versions prior to 2.4 don't have the
tls-crypt
option required by Mysterium Node. I have tried to launch Mysterium Node on my old idling Ubuntu Xenial box with OpenVPN service enabled, but the distribution's packed OpenVPN version doesn't supporttls-crypt
option used by the node due to its old version (2.3).Solution: Implement OpenVPN version check by calling
openvpn --version
prior to starting OpenVPN. Shutdown throwing an error indicating the minimal required OpenVPN version (2.4).Problem: Mysterium Node doesn't launch on Debian 11 (Bullseye) and Debian 12 (Bookworm) with
openvpn
service enabledReason: OpenVPN packages on Debian 11 and 12 are compiled without the
enable_iproute2
flag enabled (enable_iproute2=no
), therefore missing the--iproute
option required to run OpenVPN as non-root. Mysterium Node doesn't provide any information on that on shutdown, see log.txtSolutions:
Implement OpenVPN compile flags check by calling
openvpn --version
prior to starting OpenVPN. Shutdown throwing an error indicating the missingenable_iproute2
compile flag.Do not include the
--iproute
option if the node is running as root, since the reason why it is being included only becausemyst
assumes it's always started by a sudoer user and the iproute2 wrapper script is a requirement for running OpenVPN as non-root. (We can run the node as root under some circumstances)(Note: this was the root cause in #4243 where the user had to disable the
openvpn
service instead of having the issue resolved properly)Problem: OpenVPN server start fails with
FATAL:Linux ip link set failed: could not execute external program
but Mysterium Node continues runningReason: Missing the
nonpriv-ip
wrapper script for iproute. This may happen when one is unaware that theconfig
folder containing thenonpriv-ip
script is required for OpenVPN service and may be missing it for some reason. For example in my case it was not created automatically when I tried Mysterium Node from the release's .tar.gz archive. See log.txtSolution: Check for the
nonpriv-ip
script existence prior to starting OpenVPN. Shutdown throwing an error indicating the missing script.All the issues above concern the current
1.29.2
release.The text was updated successfully, but these errors were encountered: