Run OpenVPN on non-standard port with SELinux and Centos 6
I recently installed OpenVPN on a Centos 6 server but found that I couldn’t get
the service to start. Running
service openvpn start failed despite being
able to run
openvpn --config /path/to/config without errors.
When looking in
/var/log/messages after a failed start I found the following
TCP/UDP: Socket bind failed on local address [undef]: Permission denied Exiting due to fatal error
OpenVPN was failing to bind to the port and this was because I had configured it
to run on a non-standard port. By default in Centos 6 SELinux is set to
enforcing and it will block any services which try to start on an unusual port.
To get around this you must tell SELinux that you’re happy for it to run on a
non-standard port with the
semanage command. This is not installed by default
so you’ll need to run this install
yum install policycoreutils-python
You can then use the following command to tell SELinux you’re happy for OpenVPN to run on your specified port.
semanage port -a -t openvpn_port_t -p udp port
Once you’ve done this you
service openvpn start should now succeed.
Let me know what you think of this article on twitter @_jacobtomlinson or leave a comment below!