On 08.08.2017 19:59, Mio Vlahović wrote:
> Hi all,
> 
> We have a problem with the clients after the server reboot.
> 
 > [CUT]

One update... I can no longer generate new certificates. It seemse that 
whichopensslcnf scripts can't find openssl.cnf (which is there in the 
same directory...)

[root@vpn 2.0]# pwd
/etc/openvpn/easy-rsa/2.0
[root@vpn 2.0]# ls -la
drwx------. 3 nobody nobody  4096 Aug  8 20:25 .
drwx------. 3 nobody nobody    33 Feb  6  2016 ..
-rwx------. 1 nobody nobody   119 Feb  6  2016 build-ca
-rwx------. 1 nobody nobody   352 Feb  6  2016 build-dh
-rwx------. 1 nobody nobody   188 Feb  6  2016 build-inter
-rwx------. 1 nobody nobody   163 Feb  6  2016 build-key
-rwx------. 1 nobody nobody   157 Feb  6  2016 build-key-pass
-rwx------. 1 nobody nobody   249 Feb  6  2016 build-key-pkcs12
-rwx------. 1 nobody nobody   268 Feb  6  2016 build-key-server
-rwx------. 1 nobody nobody   213 Feb  6  2016 build-req
-rwx------. 1 nobody nobody   158 Feb  6  2016 build-req-pass
-rwx------. 1 nobody nobody   449 Feb  6  2016 clean-all
-rwx------. 1 nobody nobody   424 Feb  6  2016 dh2048.pem
-rwx------. 1 nobody nobody  1471 Feb  6  2016 inherit-inter
drwx------  2 nobody nobody 36864 Jul 26 15:07 keys
-rwx------. 1 nobody nobody   302 Feb  6  2016 list-crl
-rwx------. 1 nobody nobody  7791 Feb  6  2016 openssl-0.9.6.cnf
-rwx------. 1 nobody nobody  8348 Feb  6  2016 openssl-0.9.8.cnf
-rwx------  1 nobody nobody  8247 Aug  8 18:37 openssl-1.0.0.cnf
-rwx------  1 nobody nobody  8247 Aug  8 19:14 openssl.cnf
-rwx------. 1 nobody nobody 12966 Feb  6  2016 pkitool
-rwx------. 1 nobody nobody   928 Feb  6  2016 revoke-full
-rwx------. 1 nobody nobody   178 Feb  6  2016 sign-req
-rwx------  1 nobody nobody  2138 Aug  8 20:25 vars
-rwx------. 1 nobody nobody   740 Feb  6  2016 whichopensslcnf

root@vpn 2.0]# ./build-key xxx
grep: /etc/openvpn/easy-rsa/2.0/openssl.cnf /etc/openvpn/easy-rsa/2.0: 
No such file or directory
pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong
version of openssl.cnf: /etc/openvpn/easy-rsa/2.0/openssl.cnf 
/etc/openvpn/easy-rsa/2.0
The correct version should have a comment that says: easy-rsa version 2.x

Regards!


-- 
Mio Vlahović
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to