From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mak@complife.ru>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=ham autolearn_force=no version=3.4.1
To: ALT Linux Community general discussions <community@lists.altlinux.org>
From: "Michael A. Kangin" <mak@complife.ru>
Message-ID: <77fa8e3e-7e46-b94a-3eda-5081206284ca@complife.ru>
Date: Sat, 18 Jun 2016 19:23:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: [Comm] openvpn + systemd + ask password
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Community general discussions
 <community@lists.altlinux.org>
List-Id: ALT Linux Community general discussions <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/community>,
 <mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
 <mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2016 17:23:44 -0000
Archived-At: <http://lore.altlinux.org/community/77fa8e3e-7e46-b94a-3eda-5081206284ca@complife.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

Добрый день.

А как правильно нужно пользовался openvpn с systemd-ask-password?
Сейчас конфигурация, использующая запароленный сертификат, отказывается 
стартовать из-под systemd:

-- Unit openvpn-client@my.service has begun starting up.
Jun 18 19:06:15 mak-ws openvpn[12225]: OpenVPN 2.3.7 
x86_64-alt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on 
Jun 17 2016
Jun 18 19:06:15 mak-ws openvpn[12225]: library versions: OpenSSL 1.0.1t 
3 May 2016, LZO 2.06
Jun 18 19:06:15 mak-ws systemd[1]: PID file 
/var/run/openvpn/client_my.pid not readable (yet?) after start.
Jun 18 19:06:15 mak-ws openvpn[12226]: WARNING: this configuration may 
cache passwords in memory -- use the auth-nocache option to prevent this
Jun 18 19:06:15 mak-ws openvpn[12226]: Error: private key password 
verification failed
Jun 18 19:06:15 mak-ws openvpn[12226]: Exiting due to fatal error
Jun 18 19:06:15 mak-ws systemd[1]: openvpn-client@my.service never wrote 
its PID file. Failing.
Jun 18 19:06:15 mak-ws systemd[1]: Failed to start OpenVPN tunnel for my.
-- Subject: Unit openvpn-client@my.service has failed

Попытки погуглить приводят к мысли, что openvpn должна как-то сама уметь 
им пользоваться, а то что у нас не умеет, это возможно баг.