Problem comes from systemd new setting on 17.04+ (experienced on 18.04):
Example:
1 2 3 4 5 |
Oct 5 13:55:42 tan sudo: PAM audit_log_acct_message() failed: Operation not permitted Oct 5 13:55:42 tan sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Oct 5 13:55:42 tan sudo: vpn : pam_open_session: System error ; TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/sbin/ip ro add 10.20.253.6/32 dev tun0 Oct 5 13:55:42 tan sudo: vpn : TTY=unknown ; PWD=/etc/openvpn ; USER=root ; COMMAND=/sbin/ip ro get 10.20.253.6 Oct 5 13:55:42 tan sudo: PAM audit_log_acct_message() failed: Operation not permitted |
The fix is to run:
1 |
systemctl edit openvpn@.service |
# paste
1 2 |
[Service] CapabilityBoundingSet=~ |
Write changes. This creates file:
1 |
/etc/systemd/system/openvpn@.service.d/override.conf |
Now we need to reload:
1 2 |
systemctl daemon-reload systemctl restart openvpn.service |
Fix has been mentioned:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792653#25 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792653#45