Add own service

Hello,

After the unsuccessful attempt to connect my 2 RPi’s via wireguard I started a try via vpnc. The goal is to connect the RPi3 client via Remote-Fritzxbox to have access to the remote network.

I installed vpnc and created a default-config-file with the VPN-Settings. That works fine:

root@DietPi:/etc/vpnc# vpnc
VPNC started in background (pid: 28518)...

Now I try to create a service to start this connection with every boot of the RPi3. For that I created an additional file:

root@DietPi:/etc/systemd/system# cat fritzbox.service
[Service]
ExecStart=/usr/sbin/vpnc
WorkingDirectory=/etc/vpnc
Restart=always
StandardOutput=journal+console
StandardError=journal+console
SyslogIdentifier=vpnc_fritzbox
User=root
Group=root

[Install]
WantedBy=multi-user.target

After adding this service via dietpi-services I tried to start the service but it failed:

root@DietPi:/etc/systemd/system# dietpi-services start fritzbox
[ SUB1 ] DietPi-Services > start fritzbox
[FAILED] DietPi-Services | start : fritzbox

Here are the log:

Warning: The unit file, source configuration file or drop-ins of fritzbox.service changed on disk. Run 'systemctl    │
      │ daemon-reload' to reload units.                                                                                      │
      │ ● fritzbox.service                                                                                                   │
      │    Loaded: bad-setting (Reason: Unit fritzbox.service has a bad unit file setting.)                                  │
      │   Drop-In: /etc/systemd/system/fritzbox.service.d                                                                    │
      │            └─dietpi-services_edit.conf                                                                               │
      │    Active: inactive (dead) since Wed 2020-11-18 09:02:58 CET; 45min ago                                              │
      │  Main PID: 32507 (code=killed, signal=TERM)

And

Nov 18 09:47:58 DietPi systemd[1]: fritzbox.service: Service has more than one ExecStart= setting, which is
only allowed for Type=oneshot services. Refusing.

The systemctl daemon-reload I did, same result.

Any idea what I’m doing wrong?

Edit: In addition this service should start before the network drive mapping happens.

did you tried to add Type=oneshot into your service definition? At least thats what the error message suggesting

Nov 18 09:47:58 DietPi systemd[1]: fritzbox.service: Service has more than one ExecStart= setting, which is
only allowed for Type=oneshot services. Refusing.

Ok, now I added Type=oneshot and after the next error message I changed Restart=always to Restart=no.

No, my name resolution is broken again (like in my wireguard post).

root@DietPi:/# ping heise.de
ping: heise.de: Temporärer Fehler bei der Namensauflösung

I cannot apply the DNS settings again in Dietpi-Config/Network Options: Adapter as long the fritzbox_service is setup. If I remove the fritzbox_service entries I can repair the DNS settings. But I run then in the same issue with not starting fritzbox_service.

Nov 18 14:25:10 DietPi systemd[1]: Starting fritzbox.service...                                                      │
      │ Nov 18 14:25:25 DietPi vpnc[30891]: terminated by signal: 15                                                         │
      │ Nov 18 14:25:26 DietPi systemd[1]: fritzbox.service: Succeeded.                                                      │
      │ Nov 18 14:25:26 DietPi systemd[1]: Started fritzbox.service.

root@DietPi:/# dietpi-services status fritzbox
[ SUB1 ] DietPi-Services > status fritzbox
[ INFO ] DietPi-Services | fritzbox             inactive (dead)

something is relay strange on your system. I did a test installation on my RPi3B+, connected to a mobile hotspot and was able to use Wireguard as client to connect back home to my RPi4B hosting my WireGuard server.

You would need to find out why your DNS settings are going to vanish all the time.

To check what is going on with your service, just run

systemctl status fritzbox.service
journalctl -u fritzbox.service

Sometime I think the wireguard-issue is an issue with my provider or the router of the provider or the restriction of the provider. But at the moment I have no chance to put the RPi3 in another network/provider.

root@DietPi:/# systemctl status fritzbox.service
● fritzbox.service
   Loaded: loaded (/etc/systemd/system/fritzbox.service; disabled; vendor preset: enabled)
   Active: inactive (dead)

Nov 18 14:17:49 DietPi systemd[1]: Started fritzbox.service.
Nov 18 14:22:42 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 14:22:42 DietPi vpnc_fritzbox[19144]: /usr/sbin/vpnc: unknown host `xxx.net'
Nov 18 14:22:42 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 14:22:42 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 14:22:42 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 14:25:10 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 14:25:25 DietPi vpnc[30891]: terminated by signal: 15
Nov 18 14:25:26 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 14:25:26 DietPi systemd[1]: Started fritzbox.service.

root@DietPi:/# journalctl -u fritzbox.service
-- Logs begin at Wed 2020-11-18 13:18:34 CET, end at Wed 2020-11-18 15:15:15 CET. --
Nov 18 13:43:18 DietPi systemd[1]: fritzbox.service: Service has Restart= setting other than no, which isn't allowed fo
r Type=oneshot services. Refusing.
Nov 18 13:43:51 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 13:44:06 DietPi vpnc_fritzbox[396]: RTNETLINK answers: File exists
Nov 18 13:44:07 DietPi vpnc[545]: select: Interrupted system call
Nov 18 13:44:07 DietPi vpnc[395]: select: Interrupted system call
Nov 18 13:44:07 DietPi vpnc[395]: terminated by signal: 15
Nov 18 13:44:07 DietPi vpnc[545]: terminated by signal: 15
Nov 18 13:44:19 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 13:44:19 DietPi systemd[1]: Started fritzbox.service.
Nov 18 13:45:13 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 13:45:13 DietPi vpnc_fritzbox[5133]: /usr/sbin/vpnc: unknown host `xxx.net'
Nov 18 13:45:13 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 13:45:13 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 13:45:13 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 13:47:13 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 13:47:28 DietPi vpnc[16865]: HMAC mismatch in ESP mode
Nov 18 13:47:29 DietPi vpnc_fritzbox[16866]: RTNETLINK answers: File exists
Nov 18 13:47:29 DietPi vpnc[16865]: select: Interrupted system call
Nov 18 13:47:29 DietPi vpnc[16865]: terminated by signal: 15
Nov 18 13:47:29 DietPi vpnc[17168]: terminated by signal: 15
Nov 18 13:47:42 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 13:47:42 DietPi systemd[1]: Started fritzbox.service.
Nov 18 13:49:54 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 13:50:10 DietPi vpnc[28570]: HMAC mismatch in ESP mode
Nov 18 13:50:10 DietPi vpnc[28570]: HMAC mismatch in ESP mode
Nov 18 13:50:10 DietPi vpnc[28570]: HMAC mismatch in ESP mode
Nov 18 13:50:10 DietPi vpnc_fritzbox[28571]: RTNETLINK answers: File exists
Nov 18 13:50:11 DietPi vpnc[28570]: select: Interrupted system call
Nov 18 13:50:11 DietPi vpnc[28570]: terminated by signal: 15
Nov 18 13:50:11 DietPi vpnc[28888]: select: Interrupted system call
Nov 18 13:50:11 DietPi vpnc[28888]: terminated by signal: 15
Nov 18 13:50:11 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 13:50:11 DietPi systemd[1]: Started fritzbox.service.
Nov 18 14:11:37 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 14:11:53 DietPi vpnc_fritzbox[6743]: RTNETLINK answers: File exists
Nov 18 14:11:53 DietPi vpnc[6742]: select: Interrupted system call
Nov 18 14:11:53 DietPi vpnc[6742]: terminated by signal: 15
Nov 18 14:11:53 DietPi vpnc[6891]: terminated by signal: 15
Nov 18 14:12:06 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 14:12:06 DietPi systemd[1]: Started fritzbox.service.
Nov 18 14:15:32 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 14:15:32 DietPi vpnc_fritzbox[20615]: /usr/sbin/vpnc: unknown host `xxx.net'
Nov 18 14:15:32 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 14:15:32 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 14:15:32 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 14:17:20 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 14:17:36 DietPi vpnc_fritzbox[32206]: RTNETLINK answers: File exists
Nov 18 14:17:37 DietPi vpnc[32516]: select: Interrupted system call
Nov 18 14:17:37 DietPi vpnc[32204]: select: Interrupted system call
Nov 18 14:17:37 DietPi vpnc[32516]: terminated by signal: 15
Nov 18 14:17:37 DietPi vpnc[32204]: terminated by signal: 15
Nov 18 14:17:49 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 14:17:49 DietPi systemd[1]: Started fritzbox.service.
Nov 18 14:22:42 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 14:22:42 DietPi vpnc_fritzbox[19144]: /usr/sbin/vpnc: unknown host `xxx.net'
Nov 18 14:22:42 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 14:22:42 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 14:22:42 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 14:25:10 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 14:25:25 DietPi vpnc[30891]: terminated by signal: 15
Nov 18 14:25:26 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 14:25:26 DietPi systemd[1]: Started fritzbox.service.

hmm some unknown host `xxx.net’ messages. So we are down to the DNS challange. What DNS Server you are using? Some local one or from your provider? Or is your /etc/resolv.conf empty again?

root@DietPi:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 9.9.9.9
nameserver 149.112.112.112

root@DietPi:~# ls -al /etc/res*
lrwxrwxrwx 1 root root   31 Nov 16 12:15 /etc/resolv.conf -> /etc/resolvconf/run/resolv.conf

If the the name resolution will not work, the IP-Adress from the Remote Fritzbox is added as the first nameserver in resolv.conf.

This I don’t undertstand. What do mean by this

Nameserver 9.9.9.9 and 149.112.112.112 are fine. This is Quad9 global DNS. Can you try to resolve DNS of your fritz.box

nslookup <your_dynDNS>

root@DietPi:~# nslookup xxx.myfritz.net
Server:		9.9.9.9
Address:	9.9.9.9#53

Non-authoritative answer:
Name:	xxx.myfritz.net
Address: aa.xxx.yyy.ccc
Name:	xxx.myfritz.net
Address: xxx:xxx:xxx:xxx:xxx:xxx:xxx:xxx

What I meant was if it happens that the name resolution doesn’t work and I looked into my resolve.conf there are 3 DNS servers in:

192.168.1.2 (local IP Fritzbox)
9.9.9.9
149.112.112.112

ok at least your myfritz address is recognised correctly with vpn client disabled.

I guess you VPN client is adding the DNS server entry. However you VPN client service is still failing?

Delete the last comment with the 3 DNS Servers in resolv.conf.

It happens again that the name resolution will not work, but only the 2 DNS servers are in the file. What I did? I started dietpi-services, edit the fritzbox-service (removed the # in front of the code-lines) and tried to start the service.

But the service is inactive and name resolution isn’t working again.

If I run the /usr/sbin/vpnc manually it works perfect.

forget about dietpi-services for a moment. You can try to start the service like systemctl start <your_service>. I I Guess that’s gonne fail already. Btw can you post your service file systemctl cat <your_service>

root@DietPi:~# systemctl start fritzbox.service
Job for fritzbox.service failed because the control process exited with error code.
See "systemctl status fritzbox.service" and "journalctl -xe" for details.

root@DietPi:~# systemctl cat fritzbox.service
# /etc/systemd/system/fritzbox.service
[Service]
ExecStart=/usr/sbin/vpnc
WorkingDirectory=/etc/vpnc
Restart=no
StandardOutput=journal+console
StandardError=journal+console
SyslogIdentifier=vpnc_fritzbox
User=root
Group=root
Type=oneshot

[Install]
WantedBy=multi-user.target

# /etc/systemd/system/fritzbox.service.d/dietpi-services_edit.conf
[Service]
ExecStart=/usr/sbin/vpnc
WorkingDirectory=/etc/vpnc
Restart=no
StandardOutput=journal+console
StandardError=journal+console
SyslogIdentifier=vpnc_fritzbox
User=root
Group=root
Type=oneshot

[Install]
WantedBy=multi-user.target

well your configuration is doubled now. Pls remove the following and reload your services.

rm /etc/systemd/system/fritzbox.service.d/dietpi-services_edit.conf
systemctl daemon-reload
systemctl restart fritzbox.service
journalctl -u fritzbox.service

Nov 18 20:12:48 DietPi systemd[1]: Starting fritzbox.service…
Nov 18 20:13:02 DietPi vpnc[18075]: select: Interrupted system call
Nov 18 20:13:02 DietPi vpnc[18075]: terminated by signal: 15
Nov 18 20:13:03 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 20:13:03 DietPi systemd[1]: Started fritzbox.service.

does it mean it’s still failing?

Yes, service is not running.

I think about to install DietPI fresh on this RPi3. Or will you try something different to find the issue?

pls can you provide journal once service was restarted

systemctl restart fritzbox.service
journalctl -u fritzbox.service

root@DietPi:~# systemctl restart fritzbox.service
root@DietPi:~# journalctl -u fritzbox.service
-- Logs begin at Wed 2020-11-18 17:33:16 CET, end at Thu 2020-11-19 15:31:50 CET. --
Nov 18 18:48:30 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 18:48:46 DietPi vpnc_fritzbox[20145]: RTNETLINK answers: File exists
Nov 18 18:48:46 DietPi vpnc[20278]: select: Interrupted system call
Nov 18 18:48:46 DietPi vpnc[20144]: select: Interrupted system call
Nov 18 18:48:46 DietPi vpnc[20278]: terminated by signal: 15
Nov 18 18:48:46 DietPi vpnc[20144]: terminated by signal: 15
Nov 18 18:48:58 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 18:48:58 DietPi systemd[1]: Started fritzbox.service.
Nov 18 18:56:22 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 18:56:22 DietPi vpnc_fritzbox[18388]: /usr/sbin/vpnc: unknown host `xxx.myfritz.net'
Nov 18 18:56:22 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 18:56:22 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 18:56:22 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 18:57:15 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 18:57:31 DietPi vpnc_fritzbox[21582]: RTNETLINK answers: File exists
Nov 18 18:57:32 DietPi vpnc[21916]: select: Interrupted system call
Nov 18 18:57:32 DietPi vpnc[21916]: terminated by signal: 15
Nov 18 18:57:32 DietPi vpnc[21580]: select: Interrupted system call
Nov 18 18:57:32 DietPi vpnc[21580]: terminated by signal: 15
Nov 18 18:57:32 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 18:57:32 DietPi systemd[1]: Started fritzbox.service.
Nov 18 19:11:39 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 19:11:39 DietPi vpnc_fritzbox[8776]: /usr/sbin/vpnc: unknown host `xxx.myfritz.net'
Nov 18 19:11:39 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 19:11:39 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 19:11:39 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 19:13:25 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 19:13:25 DietPi vpnc_fritzbox[17344]: /usr/sbin/vpnc: unknown host `xxx.myfritz.net'
Nov 18 19:13:25 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 19:13:25 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 19:13:25 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 19:13:43 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 19:13:43 DietPi vpnc_fritzbox[17381]: /usr/sbin/vpnc: unknown host `xxx.myfritz.net'
Nov 18 19:13:43 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 19:13:43 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 19:13:43 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 19:14:54 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 19:14:54 DietPi vpnc_fritzbox[21812]: /usr/sbin/vpnc: unknown host `xxx.myfritz.net'
Nov 18 19:14:54 DietPi systemd[1]: fritzbox.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 19:14:54 DietPi systemd[1]: fritzbox.service: Failed with result 'exit-code'.
Nov 18 19:14:54 DietPi systemd[1]: Failed to start fritzbox.service.
Nov 18 19:16:31 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 19:16:46 DietPi vpnc[29249]: select: Interrupted system call
Nov 18 19:16:46 DietPi vpnc[29249]: terminated by signal: 15
Nov 18 19:16:46 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 19:16:46 DietPi systemd[1]: Started fritzbox.service.
Nov 18 20:12:48 DietPi systemd[1]: Starting fritzbox.service...
Nov 18 20:13:02 DietPi vpnc[18075]: select: Interrupted system call
Nov 18 20:13:02 DietPi vpnc[18075]: terminated by signal: 15
Nov 18 20:13:03 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 18 20:13:03 DietPi systemd[1]: Started fritzbox.service.
Nov 19 15:31:35 DietPi systemd[1]: Starting fritzbox.service...
Nov 19 15:31:50 DietPi vpnc[23006]: select: Interrupted system call
Nov 19 15:31:50 DietPi vpnc[23006]: terminated by signal: 15
Nov 19 15:31:50 DietPi systemd[1]: fritzbox.service: Succeeded.
Nov 19 15:31:50 DietPi systemd[1]: Started fritzbox.service.

I played a little bit with VPNC and got it working on my RPi3B+

root@DietPi3:~# systemctl status vpnc@fb.service
● vpnc@fb.service - VPNC connection to fb
   Loaded: loaded (/lib/systemd/system/vpnc@.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-11-19 16:43:16 CET; 26s ago
  Process: 548 ExecStart=/usr/sbin/vpnc --pid-file=/run/vpnc@fb.pid /etc/vpnc/fb.conf (code=exited, status=0/SUCCESS)
 Main PID: 603 (vpnc)
    Tasks: 1 (limit: 2182)
   CGroup: /system.slice/system-vpnc.slice/vpnc@fb.service
           └─603 /usr/sbin/vpnc --pid-file=/run/vpnc@fb.pid /etc/vpnc/fb.conf

Nov 19 16:43:14 DietPi3 systemd[1]: Starting VPNC connection to fb...
Nov 19 16:43:16 DietPi3 systemd[1]: Started VPNC connection to fb.
root@DietPi3:~#

Basically the idea was from this board https://forums.bunsenlabs.org/viewtopic.php?id=4126

I created following file

nano /lib/systemd/system/vpnc@.service

added following

[Unit]
Description=VPNC connection to %i
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target

[Service]
Type=forking
ExecStart=/usr/sbin/vpnc --pid-file=/run/vpnc@%i.pid /etc/vpnc/%i.conf
PIDFile=/run/vpnc@%i.pid

[Install]
WantedBy=multi-user.target

start and stop of the service

systemctl start vpnc@<your_config_file>
systemctl stop vpnc@<your_config_file>

<your_config_file> would need to be replaced by the name of the file you created in /etc/vpnc/ without .conf

In my case I created /etc/vpnc/fb.conf with following content

IPSec gateway <your_DDNS>

IKE DH Group dh2
Perfect Forward Secrecy nopfs

IPSec ID <ID>
# "key" from the Fritz!Box VPN configuration
IPSec secret <key>

NAT Traversal Mode force-natt

Xauth username <user>
Xauth password <pw>

The only thing not working is to have the service started on reboot. It’s starting to early and is not waiting on a valid network connection.

MichaIng I know we had similar in past with Wiregard starting to early. But I’m not sure what you did to have it delayed

What I noticed as well, vpnc is able to damage the entire network configuration if the VPN connection could not be established correctly. Not realy fail save…