I was trying to use the default dietpi openvpn installer (as custom) to setup Cyberghost VPN, but seemed to fail.
Anyone had and success with installing the Cyberghost config/ovpn, crt’s and key with the dietpi VPN package?
error:
root@Pi:/etc/openvpn# systemctl status dietpi-vpn.service
Warning: The unit file, source configuration file or drop-ins of dietpi-vpn.service changed on disk. Run 'systemctl daemon-reload' to reload units.
● dietpi-vpn.service - VPN Client (DietPi)
Loaded: loaded (/etc/systemd/system/dietpi-vpn.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since *************** *******************
Process: 7897 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client.ovpn (code=exited, status=1/FAILURE)
Main PID: 7897 (code=exited, status=1/FAILURE)
*************** pi systemd[1]: Starting VPN Client (DietPi)...
*************** pi openvpn[7897]: Options error: --ca fails with 'ca.crt': No such file or directory (errno=2)
*************** pi openvpn[7897]: Options error: --cert fails with 'client.crt': No such file or directory (errno=2)
*************** pi openvpn[7897]: WARNING: cannot stat file 'client.key': No such file or directory (errno=2)
*************** pi openvpn[7897]: Options error: --key fails with 'client.key': No such file or directory (errno=2)
*************** pi openvpn[7897]: Options error: Please correct these errors.
*************** pi openvpn[7897]: Use --help for more information.
*************** pi systemd[1]: dietpi-vpn.service: Main process exited, code=exited, status=1/FAILURE
*************** pi systemd[1]: dietpi-vpn.service: Failed with result 'exit-code'.
*************** pi systemd[1]: Failed to start VPN Client (DietPi).
root@pi:/etc/openvpn#
Usually the ovpn files contain the certificate and key inline. Here it doesn’t seem to be the case. So you’d need to download those separately (probably included with the archive you got the ovpn from already?) and put them right next to the client.ovpn.
I thought thats what the dietpi openvpn ‘custom’ option does? It asked me where the cyberghost ovpn was located, I selected it and it appeared to updated the client.ovpn file. I’ll have a re-look at the difference between the orignal and the client.ovpn files to compare.
Only credentials and up/down scripts are added to the client config, nothing else. As said, usually cert and key are embedded, so nothing else is required, but obviously this is not true in case of Cyberghost VPN.
Also may be realted to the way the /var/lib/dietpi/dietpi-vpn/settings_ovpn.conf file is used.
I used the ghost default config file (was basically the same as the client.ovpn anyhow), rebooted and it worked. Strange the dietpi-VPN (custom) option fails to start the service…
If the unmodified config file works, then how does it differ from the client.ovpn derived from it? And did you copy/move the original one into /etc/openvpn or did you load it from a different directory? And if so, which other files are in this different directory?
EDIT:
The setup link actually explains pretty well what we suspected already:
Now, the saved config is a ZIP file, which contains the following single files:
ca.crt: This is the certificate of the certification authority
client.crt: This is the user certification file
client.key: This is your private key file
openvpn.ovpn: This is your OpenVPN configuration file
The first three files need to be moved into /etc/openvpn to work, while you obviously loaded openvpn.ovpn from the directory where you extracted it, where the files are present.
I’m Having issues setting up cyberghost vpn followed all the steps in their guide but when i run command “sudo update-rc.d openvpn enable” i get the following error. “update-rc.d: error: cannot find a LSB script for openvpn”
Did you already run dietpi-vpn and selected your openvpn config file provided by cyberghost VPN?
Usually after reboot it should connect automatically after it has been configured.
root@DietPi:~# journalctl -xeu dietpi-vpn.service
Dec 23 19:27:19 DietPi systemd[1]: Starting dietpi-vpn.service - VPN Client (DietPi)...
░░ Subject: A start job for unit dietpi-vpn.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit dietpi-vpn.service has begun execution.
░░
░░ The job identifier is 88.
Dec 23 19:27:20 DietPi openvpn[580]: Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client.ovpn:14: ncp-disable (2.6.3)
Dec 23 19:27:20 DietPi openvpn[580]: Use --help for more information.
Dec 23 19:27:20 DietPi systemd[1]: dietpi-vpn.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit dietpi-vpn.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Dec 23 19:27:20 DietPi systemd[1]: dietpi-vpn.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit dietpi-vpn.service has entered the 'failed' state with result 'exit-code'.
Dec 23 19:27:20 DietPi systemd[1]: Failed to start dietpi-vpn.service - VPN Client (DietPi).
░░ Subject: A start job for unit dietpi-vpn.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit dietpi-vpn.service has finished with a failure.
░░
░░ The job identifier is 88 and the job result is failed.
Dec 23 19:28:05 DietPi systemd[1]: Starting dietpi-vpn.service - VPN Client (DietPi)...
░░ Subject: A start job for unit dietpi-vpn.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit dietpi-vpn.service has begun execution.
░░
░░ The job identifier is 401.
Dec 23 19:28:05 DietPi openvpn[1860]: Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client.ovpn:14: ncp-disable (2.6.3)
Dec 23 19:28:05 DietPi openvpn[1860]: Use --help for more information.
Dec 23 19:28:05 DietPi systemd[1]: dietpi-vpn.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit dietpi-vpn.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Dec 23 19:28:05 DietPi systemd[1]: dietpi-vpn.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit dietpi-vpn.service has entered the 'failed' state with result 'exit-code'.
Dec 23 19:28:05 DietPi systemd[1]: Failed to start dietpi-vpn.service - VPN Client (DietPi).
░░ Subject: A start job for unit dietpi-vpn.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit dietpi-vpn.service has finished with a failure.
░░
░░ The job identifier is 401 and the job result is failed.
Dec 23 19:28:52 DietPi systemd[1]: Starting dietpi-vpn.service - VPN Client (DietPi)...
░░ Subject: A start job for unit dietpi-vpn.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit dietpi-vpn.service has begun execution.
░░
░░ The job identifier is 481.
Dec 23 19:28:52 DietPi openvpn[2360]: Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client.ovpn:14: ncp-disable (2.6.3)
Dec 23 19:28:52 DietPi openvpn[2360]: Use --help for more information.
Dec 23 19:28:52 DietPi systemd[1]: dietpi-vpn.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit dietpi-vpn.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Dec 23 19:28:52 DietPi systemd[1]: dietpi-vpn.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit dietpi-vpn.service has entered the 'failed' state with result 'exit-code'.
Dec 23 19:28:52 DietPi systemd[1]: Failed to start dietpi-vpn.service - VPN Client (DietPi).
░░ Subject: A start job for unit dietpi-vpn.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit dietpi-vpn.service has finished with a failure.
░░
░░ The job identifier is 481 and the job result is failed.
root@DietPi:~#
The ovpn file you are using uses an option ncp-disable, which is deprecated since openvpn 2.6.
Some more context:
ncp-disable was mainly a debug option that allowed disabling ncp if there were problem with dynamic cipher negotiation. With the current status of NCP, this option is no longer necessary.
So you can just remove this option from your ovpn file and try again.
