Jacob Tomlinson
Home Blog Talks Newsletter About

Run OpenVPN on non-standard port with SELinux and Centos 6

1 minute read #centos-6, #selinux, #openvpn

I recently installed OpenVPN on a Centos 6 server but found that I couldn’t get the service to start. Running service openvpn start failed despite being able to run openvpn --config /path/to/config without errors.

When looking in /var/log/messages after a failed start I found the following error message

TCP/UDP: Socket bind failed on local address [undef]: Permission denied
Exiting due to fatal error

OpenVPN was failing to bind to the port and this was because I had configured it to run on a non-standard port. By default in Centos 6 SELinux is set to enforcing and it will block any services which try to start on an unusual port.

To get around this you must tell SELinux that you’re happy for it to run on a non-standard port with the semanage command. This is not installed by default so you’ll need to run this install policycoreutils-python.

yum install policycoreutils-python

You can then use the following command to tell SELinux you’re happy for OpenVPN to run on your specified port.

semanage port -a -t openvpn_port_t -p udp port

Once you’ve done this you service openvpn start should now succeed.

Have thoughts?

I love hearing feedback on my posts. You should head over to Twitter and let me know what you think!

Spotted a mistake? Why not suggest an edit!