pfSense 2.5.0 upgrade broke my NordVPN gateway - vpn

Ever since I upgraded to pfSense 2.5.0, my NordVPN interface does not work anymore. Traffic does not get routes to the NordVPN gateway, as pfSense reports it as "down" with 100% package loss. When checking "Status -> OpenVPN" the connection is reported as UP, but the gateway is DOWN. I don't understand how this is possible, but the log provides some clues, although I don't understand what goes wrong when reading the log.
OpenVPN Log (private IPs removed):
Feb 19 07:42:59 openvpn 79266 Initialization Sequence Completed
Feb 19 07:43:58 openvpn 79266 Authenticate/Decrypt packet error: missing authentication info
Feb 19 07:44:58 openvpn 79266 Authenticate/Decrypt packet error: missing authentication info
Feb 19 07:45:58 openvpn 79266 [nl852.nordvpn.com] Inactivity timeout (--ping-restart), restarting
Feb 19 07:45:58 openvpn 79266 SIGUSR1[soft,ping-restart] received, process restarting
Feb 19 07:45:58 openvpn 79266 Restart pause, 10 second(s)
Feb 19 07:46:08 openvpn 79266 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 07:46:08 openvpn 79266 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 19 07:46:08 openvpn 79266 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 19 07:46:08 openvpn 79266 TCP/UDP: Preserving recently used remote address: [AF_INET]194.127.172.103:1194
Feb 19 07:46:08 openvpn 79266 Socket Buffers: R=[42080->524288] S=[57344->524288]
Feb 19 07:46:08 openvpn 79266 UDPv4 link local (bound): [AF_INET]x.x.x.x:0
Feb 19 07:46:08 openvpn 79266 UDPv4 link remote: [AF_INET]y.y.y.y:1194
Feb 19 07:46:08 openvpn 79266 TLS: Initial packet from [AF_INET]y.y.y.y.z:1194, sid=2ce7940f f02613d1
Feb 19 07:46:08 openvpn 79266 VERIFY WARNING: depth=0, unable to get certificate CRL: CN=nl852.nordvpn.com
Feb 19 07:46:08 openvpn 79266 VERIFY WARNING: depth=1, unable to get certificate CRL: C=PA, O=NordVPN, CN=NordVPN CA5
Feb 19 07:46:08 openvpn 79266 VERIFY WARNING: depth=2, unable to get certificate CRL: C=PA, O=NordVPN, CN=NordVPN Root CA
Feb 19 07:46:08 openvpn 79266 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Feb 19 07:46:08 openvpn 79266 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
Feb 19 07:46:08 openvpn 79266 VERIFY KU OK
Feb 19 07:46:08 openvpn 79266 Validating certificate extended key usage
Feb 19 07:46:08 openvpn 79266 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Feb 19 07:46:08 openvpn 79266 VERIFY EKU OK
Feb 19 07:46:08 openvpn 79266 VERIFY OK: depth=0, CN=nl852.nordvpn.com
Feb 19 07:46:08 openvpn 79266 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
Feb 19 07:46:08 openvpn 79266 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
Feb 19 07:46:08 openvpn 79266 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Feb 19 07:46:08 openvpn 79266 [nl852.nordvpn.com] Peer Connection Initiated with [AF_INET]194.127.172.103:1194
Feb 19 07:46:09 openvpn 79266 SENT CONTROL [nl852.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Feb 19 07:46:09 openvpn 79266 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway z.z.z.z,topology subnet,ping 60,ping-restart 180,ifconfig g.g.g.g 255.255.255.0,peer-id 3'
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: timers and/or timeouts modified
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: explicit notify parm(s) modified
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: compression parms modified
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Feb 19 07:46:09 openvpn 79266 Socket Buffers: R=[524288->524288] S=[524288->524288]
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: --ifconfig/up options modified
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: route options modified
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: route-related options modified
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: peer-id set
Feb 19 07:46:09 openvpn 79266 OPTIONS IMPORT: adjusting link_mtu to 1657
Feb 19 07:46:09 openvpn 79266 Using peer cipher 'AES-256-CBC'
Feb 19 07:46:09 openvpn 79266 Data Channel: using negotiated cipher 'AES-256-CBC'
Feb 19 07:46:09 openvpn 79266 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Feb 19 07:46:09 openvpn 79266 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 19 07:46:09 openvpn 79266 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Feb 19 07:46:09 openvpn 79266 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 19 07:46:09 openvpn 79266 Preserving previous TUN/TAP instance: ovpnc8
Feb 19 07:46:09 openvpn 79266 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Feb 19 07:46:09 openvpn 79266 Closing TUN/TAP interface
Feb 19 07:46:09 openvpn 79266 /usr/local/sbin/ovpn-linkdown ovpnc8 1500 1637 a.b.c.d 255.255.255.0 init
Feb 19 07:46:10 openvpn 79266 ROUTE_GATEWAY a.b.c.d/255.255.254.0 IFACE=re0 HWADDR=00:e2:6c:68:07:be
Feb 19 07:46:10 openvpn 79266 TUN/TAP device ovpnc8 exists previously, keep at program end
Feb 19 07:46:10 openvpn 79266 TUN/TAP device /dev/tun8 opened
Feb 19 07:46:10 openvpn 79266 /sbin/ifconfig ovpnc8 x.x.x.x y.y.y.y mtu 1500 netmask 255.255.255.0 up
Feb 19 07:46:10 openvpn 79266 /sbin/route add -net x.x.x.x x.x.x.x 255.255.255.0
Feb 19 07:46:10 openvpn 79266 /usr/local/sbin/ovpn-linkup ovpnc8 1500 1637 x.x.x.x 255.255.255.0 init
Feb 19 07:46:10 openvpn 79266 Initialization Sequence Completed
And the gateway log:
Feb 19 04:16:02 dpinger 68141 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr x.x.x.x bind_addr x.x.x.x identifier "NORDVPN_VPNV4 "
Feb 19 04:16:04 dpinger 68141 NORDVPN_VPNV4 x.x.x.x: Alarm latency 0us stddev 0us loss 100%
Feb 19 04:19:13 dpinger 16894 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr x.x.x.x bind_addr x.x.x.x identifier "WAN_DHCP "
Feb 19 04:19:13 dpinger 17398 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr x.x.x.x bind_addr x.x.x.x identifier "NORDVPN_VPNV4 "
Feb 19 04:19:15 dpinger 17398 NORDVPN_VPNV4 x.x.x.x: Alarm latency 0us stddev 0us loss 100%
In Firewall -> Rules -> LAN I adjusted the "default allow LAN to any rule" to the gateway "NordVPN". Outbound NAT is set to manual, with the top rule taking the LAN net as source and the NORDVPN interface.
Any help is appreciated. As said, the current configuration worked fine in 2.4.5 -- the latest release before upgrading to 2.5.0. I'm considering downgrading at this point.

Changed fallback DEA to AES-256-CBC from AES-256-GCM, and it's working fine
Go to VPN/OpenVPN/Client, and edit the setting "Fallback Data Encryption Algorithm"

NordVPN has posted updated documentation for pfSense 2.5.0, titled: pfSense 2.5 Setup with NordVPN.
As #NDK has mentioned in their A'er the updated docs show that you need to change the Fallback Data Encryption Algorithm to AES-256-CBC.

Related

SFTP works over linux command line but filezilla fails

I have set up an ftp user on my ubuntu server. I can sftp in to ftp_user#ip, am asked for my password, and get connected fine.
Filezilla (which worked 3 months ago), doesn't connect. This is a redacted version of the ssh logs:
Jul 19 14:18:33 sshd[14275]: Invalid user user from port 47990
Jul 19 14:18:33 sshd[14275]: Received disconnect from port 47990:11: Normal Shutdown, Thank you for playing [preauth]
Jul 19 14:18:33 sshd[14275]: Disconnected from invalid user user port 47990 [preauth]
Jul 19 14:18:44 sshd[14277]: Invalid user user from port 48558
Jul 19 14:18:44 sshd[14277]: Received disconnect from port 48558:11: Normal Shutdown, Thank you for playing [preauth]
Jul 19 14:18:44 sshd[14277]: Disconnected from invalid user user port 48558 [preauth]
Jul 19 14:18:55 sshd[14282]: Invalid user user from port 49142
Jul 19 14:18:55 sshd[14282]: Received disconnect from port 49142:11: Normal Shutdown, Thank you for playing [preauth]
Jul 19 14:18:55 sshd[14282]: Disconnected from invalid user user port 49142 [preauth]
This sounds like Filezilla is trying user "user", which is not correct, but my settings has:
EDIT: it works if I use the quickconnect bar, but not the above main settings.
What am I doing wrong?

nginx server and ssh stop responding

I have a running Flash server on gunicorn under nginx on Raspberry pi zero.
My problem is the raspberry sometime go to sleep a cupe of minutes and server can not be reached and ssh do not work anymore.
So i desable the pi power save with this: sudo iw dev wlan0 set power_save off.
And it's better, but because having issue with 413 Request Entity Too Large i set client_max_body_size to my nginx config file.
But now it's worse, the 'sleep' happen more frequenly, sometime i have to reboot.
This my reverse-proxy.conf:
server {
listen 80;
listen [::]:80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/certs/selfsigned.crt;
ssl_certificate_key /etc/ssl/private/selfsigned.key;
error_log /var/www/flask/nginx.log debug;
ssl_dhparam /etc/nginx/dhparam.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
}
location /upload {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
client_max_body_size 200M; # file needed to upload is just a big image around 1m
}
# increase timeout , 300s, 1d, default: 60s
fastcgi_read_timeout 1d;
proxy_read_timeout 1d;
}
This is the last lines on my nginx log file after 'sleep'.
2021/03/13 21:44:18 [debug] 8220#8220: *445 reusable connection: 1
2021/03/13 21:44:18 [debug] 8220#8220: *445 event timer add: 3: 65000:7060228
2021/03/13 21:44:38 [debug] 8220#8220: *445 http keepalive handler
2021/03/13 21:44:38 [debug] 8220#8220: *445 malloc: 018D46F0:1024
2021/03/13 21:44:38 [debug] 8220#8220: *445 SSL_read: -1
2021/03/13 21:44:38 [debug] 8220#8220: *445 SSL_get_error: 5
2021/03/13 21:44:38 [debug] 8220#8220: *445 peer shutdown SSL cleanly
2021/03/13 21:44:38 [info] 8220#8220: *445 client 192.168.1.72 closed keepalive connection (104: Connection reset by peer)
2021/03/13 21:44:38 [debug] 8220#8220: *445 close http connection: 3
2021/03/13 21:44:38 [debug] 8220#8220: *445 SSL_shutdown: 1
2021/03/13 21:44:38 [debug] 8220#8220: *445 event timer del: 3: 7060228
2021/03/13 21:44:38 [debug] 8220#8220: *445 reusable connection: 0
2021/03/13 21:44:38 [debug] 8220#8220: *445 free: 018D46F0
2021/03/13 21:44:38 [debug] 8220#8220: *445 free: 00000000
2021/03/13 21:44:38 [debug] 8220#8220: *445 free: 018F56F0, unused: 8
2021/03/13 21:44:38 [debug] 8220#8220: *445 free: 01933360, unused: 120
kermel log (/var/log/syslog):
Mar 13 22:48:09 raspberrypi rngd[270]: stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us
Mar 13 22:58:08 raspberrypi systemd[1]: session-10.scope: Succeeded.
Mar 13 23:17:01 raspberrypi CRON[25098]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 13 23:44:19 raspberrypi dhcpcd[385]: wlan0: hardware address 00:00:00:00:00:00 claims 192.168.1.64
Mar 13 23:44:21 raspberrypi dhcpcd[385]: wlan0: hardware address 00:00:00:00:00:00 claims 192.168.1.64
Mar 13 23:44:21 raspberrypi dhcpcd[385]: wlan0: 10 second defence failed for 192.168.1.64
Mar 13 23:44:21 raspberrypi avahi-daemon[260]: Withdrawing address record for 192.168.1.64 on wlan0.
Mar 13 23:44:21 raspberrypi avahi-daemon[260]: Leaving mDNS multicast group on interface wlan0.IPv4 with address 192.168.1.64.
Mar 13 23:44:21 raspberrypi dhcpcd[385]: wlan0: deleting route to 192.168.1.0/24
Mar 13 23:44:21 raspberrypi dhcpcd[385]: wlan0: deleting default route via 192.168.1.254
Mar 13 23:44:21 raspberrypi avahi-daemon[260]: Interface wlan0.IPv4 no longer relevant for mDNS.
Mar 13 23:44:21 raspberrypi dhcpcd[385]: wlan0: rebinding lease of 192.168.1.64
Mar 13 23:44:21 raspberrypi dhcpcd[385]: wlan0: probing address 192.168.1.64/24
Mar 13 23:44:26 raspberrypi dhcpcd[385]: wlan0: leased 192.168.1.64 for 86400 seconds
Mar 13 23:44:26 raspberrypi avahi-daemon[260]: Joining mDNS multicast group on interface wlan0.IPv4 with address 192.168.1.64.
Mar 13 23:44:26 raspberrypi avahi-daemon[260]: New relevant interface wlan0.IPv4 for mDNS.
Mar 13 23:44:26 raspberrypi avahi-daemon[260]: Registering new address record for 192.168.1.64 on wlan0.IPv4.
Mar 13 23:44:26 raspberrypi dhcpcd[385]: wlan0: adding route to 192.168.1.0/24
Mar 13 23:44:26 raspberrypi dhcpcd[385]: wlan0: adding default route via 192.168.1.254
Mar 13 23:48:09 raspberrypi rngd[270]: stats: bits received from HRNG source: 180064
Mar 13 23:48:09 raspberrypi rngd[270]: stats: bits sent to kernel pool: 123584
Mar 13 23:48:09 raspberrypi rngd[270]: stats: entropy added to kernel pool: 123584
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS 140-2 successes: 9
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS 140-2 failures: 0
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS 140-2(2001-10-10) Monobit: 0
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS 140-2(2001-10-10) Poker: 0
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS 140-2(2001-10-10) Runs: 0
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS 140-2(2001-10-10) Long run: 0
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS 140-2(2001-10-10) Continuous run: 0
Mar 13 23:48:09 raspberrypi rngd[270]: stats: HRNG source speed: (min=101.599; avg=254.741; max=920.244)Kibits/s
Mar 13 23:48:09 raspberrypi rngd[270]: stats: FIPS tests speed: (min=924.206; avg=3071.971; max=9096.996)Kibits/s
Mar 13 23:48:09 raspberrypi rngd[270]: stats: Lowest ready-buffers level: 2
Mar 13 23:48:09 raspberrypi rngd[270]: stats: Entropy starvations: 0
Mar 13 23:48:09 raspberrypi rngd[270]: stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us
Mar 13 23:57:38 raspberrypi dhcpcd[385]: wlan0: part of Router Advertisement expired
Edit:
It's possible the problem come from my computer or the pi filtering my compyter ip, because sometime i can ssh or reach the http server from my Android phone which is in the same network, but no internet or firewall(ESET antivirus) problem in my computer.

Problem with connecting VPN (Networkmanager&Openvpn plugin) raspian RESOLVE: Cannot resolve host address

I have a problem with connecting to VPN. When I start up the raspberry device and connect the VPN with nmcli connection up VPN it succeceds. But if I bring the interface down and trying to bring it up again it fails. If I restart the raspberry I can connect to VPN again. What is the next step? Do you guys have any idea what has gone wrong?
In the journalctl log I get this message when it fails:
Could not determine IPv4/IPv6 protocol
Oct 23 15:56:24 raspberrypi nm-openvpn[2282]: SIGUSR1[soft,init_instance] received, process restarting
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: RESOLVE: Cannot resolve host address: vpn.******.**:1194 (Name or service not known)
Oct 23 15:56:29 raspberrypi nm-openvpn[2282]: RESOLVE: Cannot resolve host address: vpn.*****.**:1194 (Name or service not known).
pi#raspberrypi:~ $ openvpn --version
OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
uname -a
Linux raspberrypi 5.4.51-v7+ #1333 SMP Mon Aug 10 16:45:19 BST 2020 armv7l GNU/Linux
NetworkManager --version
1.14.6

Cipher Alogrithm 'AES-256-GCM' Not Found (OpenVPN Error)

I was trying to connect to a .ovpn file using OpenVPN but when I try to connect it with this command:
sudo openvpn --config downloaded-client-config.ovpn
It failed with the following output:
Wed Jun 17 23:53:03 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 9 2019
Wed Jun 17 23:53:03 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Jun 17 23:53:03 2020 Cipher algorithm 'AES-256-GCM' not found (OpenSSL)
Wed Jun 17 23:53:03 2020 Exiting due to fatal error
My OpenSSL version: OpenSSL 1.1.0h 27 Mar 2018
OpenVPN version: OpenVPN 2.3.10
Ubuntu Version: 16.04
Also, I ran this command as well to see the list of ciphers I have:
openvpn --show-ciphers
and AES-256-GCM was not present in that in that list.
How can I add it manually if it's possible?
PS: I am kind of a layman with respect to OpenVPN
This is an issue with the OpenVPN version. The AES-256-GCM cipher was added in version 2.4.
You can follow these steps to install OpenVPN 2.4 on Ubuntu 16.04 at which point the cipher should properly work. The suggestion in the comments to upgrade your OS entirely would also work, but is certainly not necessary!
I had a similar issue trying to connect a 2.3.2 client to a 2.4.4 server. I referred to this cipher negotiation reference and updated both server and client config to use cipher AES-256-CBC
When the 2.4 server is set to AES-256-CBC, the clients (also set to AES-256-CBC) negotiate the following ciphers:
2.5 - AES-256-GCM
2.4 - AES-256-GCM
2.3 - AES-256-CBC
2.2 - AES-256-CBC

OpenStack Keystone Identity Service Httpd Failed (rocky version)

Hello and thanks for taking some of your time to check my problem
i'm following the detailed steps by openstack to install openstack in no avail (https://docs.openstack.org/keystone/rocky/install/keystone-install-rdo.html)
I've tried to change the 5000 port for the service but the result is the same
any insights are most welcomed
[root#localhost i-openstack]# systemctl enable httpd.service
[root#localhost i-openstack]# systemctl start httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[root#localhost i-openstack]# journalctl -xe
Oct 08 05:12:39 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Oct 08 05:12:39 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Oct 08 05:12:39 localhost.localdomain systemd[1]: httpd.service failed.
Oct 08 05:12:39 localhost.localdomain polkitd[1824]: Unregistered Authentication Agent for unix-process:4229:106865 (system bus name :1.42, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Oct 08 05:27:21 localhost.localdomain polkitd[1824]: Registered Authentication Agent for unix-process:4930:195069 (system bus name :1.43 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale
Oct 08 05:27:21 localhost.localdomain systemd[1]: Reloading.
Oct 08 05:27:21 localhost.localdomain polkitd[1824]: Unregistered Authentication Agent for unix-process:4930:195069 (system bus name :1.43, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Oct 08 05:27:26 localhost.localdomain polkitd[1824]: Registered Authentication Agent for unix-process:4950:195568 (system bus name :1.44 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale
Oct 08 05:27:26 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Oct 08 05:27:26 localhost.localdomain httpd[4956]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000
Oct 08 05:27:26 localhost.localdomain httpd[4956]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000
Oct 08 05:27:26 localhost.localdomain httpd[4956]: no listening sockets available, shutting down
Oct 08 05:27:26 localhost.localdomain httpd[4956]: AH00015: Unable to open logs
Oct 08 05:27:26 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 08 05:27:26 localhost.localdomain kill[4958]: kill: cannot find process ""
Oct 08 05:27:26 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 08 05:27:26 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Oct 08 05:27:26 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Oct 08 05:27:26 localhost.localdomain systemd[1]: httpd.service failed.
Oct 08 05:27:26 localhost.localdomain polkitd[1824]: Unregistered Authentication Agent for unix-process:4950:195568 (system bus name :1.44, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Oct 08 05:34:01 localhost.localdomain polkitd[1824]: Registered Authentication Agent for unix-process:5222:235020 (system bus name :1.45 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale
Oct 08 05:34:01 localhost.localdomain systemd[1]: Reloading.
Oct 08 05:34:01 localhost.localdomain polkitd[1824]: Unregistered Authentication Agent for unix-process:5222:235020 (system bus name :1.45, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Oct 08 05:34:03 localhost.localdomain polkitd[1824]: Registered Authentication Agent for unix-process:5240:235248 (system bus name :1.46 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale
Oct 08 05:34:03 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
SOLUTION : It seemed i had to disable SELinux
Disable temporaliy
sudo setenforce 0
Restart httpd service
service httpd restart
Disable SELinux persistently (reboot required)
nano /etc/selinux/config
SELINUX=disabled

Resources