Re: easy-rsa script for OpenVPN issue
* Predrag Punosevac punoseva...@gmail.com [2013-09-13 17:14:22 -0400]: Deal All, I am trying to set up OpenVPN server at my work on the freshly installed OpenBSD machine using a 5.4 snapshot from July 30 (i386) and the ports tree fetched the same day. We must use OpenVPN so I am not interested in alternatives. The July 30 snapshot is pre- long long time_t, so it think that if you installed ports and plan to install ports from the current tree/packages, some or most of them will now be updated to the long long time_t versions and you may experience issues. The July 30 snapshot is the code that was used for the upcoming 5.4-REALEASE I think. I stayed with that particular snapshot for some extra time to allow for the packages to be updated before upgrading (fresh install) to a later snapshot - currently, Sep 9th. Someone hopefully can correct me if i'm wrong, I'm just trying to help you avoid further headaches wrt ports packages on that snapshot. Jamie
easy-rsa script for OpenVPN issue
Deal All, I am trying to set up OpenVPN server at my work on the freshly installed OpenBSD machine using a 5.4 snapshot from July 30 (i386) and the ports tree fetched the same day. We must use OpenVPN so I am not interested in alternatives. After spending several hours I made no progress as I am completely stamped with the behavior of easy-rsa script. After editing /usr/local/share/easy-rsa/vars file and making vars executable I am getting exactly the output from this thread http://www.daemonforums.org/showthread.php?t=7473 I tried all the things from the tread short of editing openssl-1.0.0.cnf by hand but I still get the same output which indicates that environmental variables which are supposed to be sourced with ./vars have not being set up. I do not know what to make out of the fact that OpenBSD is being shipped with openssl version is openssl-1.0.1c. On the related note I observed that openvpn directory in /etc is not created (I used ports as disclosed at the beginning of this message) during the port installation. Is that expected behavior? It also looks like there is no other version of of easy-rsa or openssl-1.0.0.cnf file shipped with OpenVPN for that matter. I appreciate any help with this. Most Kind Regards, Predrag Punosevac
Re: easy-rsa script for OpenVPN issue
On 13.09.2013 14:14, Predrag Punosevac wrote: Deal All, I am trying to set up OpenVPN server at my work on the freshly installed OpenBSD machine using a 5.4 snapshot from July 30 (i386) and the ports tree fetched the same day. We must use OpenVPN so I am not interested in alternatives. After spending several hours I made no progress as I am completely stamped with the behavior of easy-rsa script. After editing /usr/local/share/easy-rsa/vars file and making vars executable I am getting exactly the output from this thread http://www.daemonforums.org/showthread.php?t=7473 I tried all the things from the tread short of editing openssl-1.0.0.cnf by hand but I still get the same output which indicates that environmental variables which are supposed to be sourced with ./vars have not being set up. I do not know what to make out of the fact that OpenBSD is being shipped with openssl version is openssl-1.0.1c. On the related note I observed that openvpn directory in /etc is not created (I used ports as disclosed at the beginning of this message) during the port installation. Is that expected behavior? It also looks like there is no other version of of easy-rsa or openssl-1.0.0.cnf file shipped with OpenVPN for that matter. I appreciate any help with this. Most Kind Regards, Predrag Punosevac I took a clue from a private e-mail I got from one of you and installed bash shell. After source-ing vars with bash$ source ./vars and running other scripts in bash I was relieved of all my troubles. I am not sure if an installation message is appropriate but hopefully I am the last person who lost 5 productive hours due to bashism. Most Kind Regards, Predrag P.S. whichopensslcnf script is fully functional and you do not have to edit export KEY_CONFIG line. If you decide to use absolute path to openssl-1.0.0.cnf make sure you adjust quotations marks appropriately.