openvpn fails to run a learn-address script
- Date: Wed, 27 Feb 2019 12:05:10 +0100
- From: Dominik <dr896543@xxxxxxxxx>
- Subject: openvpn fails to run a learn-address script
Since a few days (after an update of systemd and openvpn), openvpn fails
while running the learn-address script with the following message:
Feb 25 09:07:56 vpn openvpn: sudo: unable to send audit message
Feb 25 09:07:56 vpn openvpn: sudo: pam_open_session: System error
Feb 25 09:07:56 vpn openvpn: sudo: policy plugin failed session initialization
I found the following bug reports, that may be related and make me assume that systemd is causing the error:
As a work around, openvpn is now running as superuser, instead of user
vpn. However, I would like to change this back.
I tried to give appropriate rights to the daemon using an override-file
and restarting the service
sudo systemctl daemon-reload
sudo service openvpn-server@clstest restart
The error persists with two different versions of override.conf
> CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE
> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
I reported the issue against
which may have been wrong, since the bug was already closed and
downgrading to the version before the update did not resolve the issue.
I'm looking for help related to three questions:
1) How do I get additional information about what is causing the error?
Why is systemd blocking sudo despite the modifications in the override.conf
2) More generally: How can I run openvpn in a daemon as user vpn with
the ability to use sudo in a learn-address-script?
3) Would it be appropriate to file a bug report against systemd at this
Thanks in advance,