Openvpn quit unexpected after upgrade ubuntu 14.04 to ubuntu 16.04

Question

My openvpn quits unexpectedly since I upgraded my ubuntu from 14.04 to 16.04LTS

Below is the content of the log file of openvpn.

Wed Mar  1 13:46:33 2017 username/123.123.123.123:56729 WARNING: Failed running command (--client-connect): external program exited with error status: 254
Mar  1 13:46:33 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar  1 13:46:33 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar  1 13:46:33 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar  1 13:46:36 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar  1 13:46:42 2017 :55522 TLS: 123.123.123.123Initial packet from [AF_INET]123.123.123.123:55522, sid=1272ece9 72edde04
Wed Mar  1 13:46:43 2017 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Wed Mar  1 13:46:43 2017 RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
Wed Mar  1 13:46:43 2017 RADIUS-PLUGIN: Client config file was not written, overwriteccfiles is false
.Wed Mar  1 13:46:43 2017 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to map.
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 TLS: Username/Password authentication succeeded for username 'username' [CN SET]
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Wed Mar  1 13:46:43 2017 123.123.123.123:55522 [username] Peer Connection Initiated with [AF_INET]123.123.123.123:55522
Wed Mar  1 13:46:43 2017 username/123.123.123.123:55522 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_DISCONNECT status=0
Wed Mar  1 13:46:43 2017 username/123.123.123.123:55522 openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
Wed Mar  1 13:46:43 2017 username/123.123.123.123:55522 Exiting due to fatal error
Wed Mar  1 13:46:43 2017 username/123.123.123.123:55522 /sbin/ip route del 10.25.38.0/24
Wed Mar  1 13:46:43 2017 username/123.123.123.123:55522 openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
Wed Mar  1 13:46:43 2017 username/123.123.123.123:55522 Exiting due to fatal error

I don't know why this appears.

openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)

and cause my openvpn quit LIMITNPROC=10 in /lib/systemd/system/openvpn@.service are already comment out.

Answer 1

It is a known problem in the systemd .service file of the OpenVPN.

More exactly, systemd limits the processes of the openvpn in 10 with the LimitNProc=10 setting in /lib/systemd/system/openvpn@.service file. Remove this line, and it will work.

Some sources state on the internet, that growing this value to 100 will be enough. On my experiments, it didn't work - note also, already 10 should be enough, because OpenVPN practically never forks so many processes. It is probably some systemd bug.

Note also, it is better practice to create a copy of the /lib/systemd/system/openvpn@.service to /etc/systemd/system/openvpn@.service and to modify that config file. On this way, it will override the original settings.

After modifying systemd service files, a systemctl daemon-reload should be given to re-load them (without reboot).