Problem Description:

When running OpenVPN in an LXC environment, users may encounter a specific error that prevents the OpenVPN service from operating correctly. The error manifests as follows:

Jan 08 00:56:47 fw openvpn[404]: openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
Jan 08 00:56:47 fw openvpn[404]: Exiting due to fatal error
Jan 08 00:56:47 fw systemd[1]: openvpn-client@yourvpn.service: Main process exited, code=exited, status=1/FAILURE

Solution:

To resolve this issue, it’s necessary to edit the OpenVPN service using the systemctl command. Here are the steps to follow:

1. Edit the OpenVPN Service:
   • Run the command systemctl edit openvpn-client@
   • In the editor that opens, add the following lines in the appropriate section (after the comment ### Anything between here and the comment below will become the new contents of the file)

[Service]
LimitNPROC=infinity

2. Save and close the editor.
3. Reload the Systemctl Daemon:
   • Execute systemctl daemon-reload for the changes to take effect.
4. Restart the OpenVPN Service:
   • Restart the service with the command systemctl restart openvpn-client@yourvpn, replacing yourvpn with the name of your VPN configuration.
5. Repeat for systemctl edit openvpn-server@ (if needed)

Additional Considerations:

Although this problem frequently occurs in LXC environments using Ubuntu, it may arise in other operating systems or similar configurations. The key to solving the issue lies in adjusting the process limit for the OpenVPN service, allowing it to create the necessary processes for normal operation.