[Bug 998918] Re: openvpn openssl.cnf file missing
*** This bug is a duplicate of bug 992012 *** https://bugs.launchpad.net/bugs/992012 This is really sloppy package management, come on guys, please provide a fix for this. ps. and people still ask me why I recommend Debian and Fedora over Ubuntu... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
*** This bug is a duplicate of bug 992012 *** https://bugs.launchpad.net/bugs/992012 Hi, I am running into this problem too. The issue, as eas mentioned, is in the pattern matching. On Ubuntu 12.04.2 LTS (Precise): ~# dpkg -l | grep -i openssl ii openssl 1.0.1-4ubuntu5.9Secure Socket Layer (SSL) binary and related cryptographic tools ~# openssl version OpenSSL 1.0.1 14 Mar 2012 On Debian 7 (Wheezy): ~# dpkg -l | grep -i openssl ii openssl 1.0.1e-2 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools ~# openssl version OpenSSL 1.0.1e 11 Feb 2013 In ./easy-rsa/whichopensslcnf, this line tries to match [[:alnum:]] after [[:digit:]], which is non existent for the Ubuntu package. elif $OPENSSL version | grep -E 1\.0\.([[:digit:]][[:alnum:]]) /dev/null; then Running this pattern match manually reproduces this; On Ubuntu 12.04.2 LTS (Precise): ~# openssl version | grep -E 1\.0\.([[:digit:]][[:alnum:]]) ~# echo $? 1 On Debian 7 (Wheezy): ~ # openssl version | grep -E 1\.0\.([[:digit:]][[:alnum:]]) OpenSSL 1.0.1e 11 Feb 2013 ~# echo $? 0 The easy fix is to remove [[:alnum:]] from the regex, but I am not sure if that would introduce regressions. More foolproof solution would be for the script to check if it's running on Debian or Ubuntu and take that into consideration when doing the pattern match. It will also be interesting to know why the Debian package has e in its version number and the Ubuntu package doesn't. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
*** This bug is a duplicate of bug 992012 *** https://bugs.launchpad.net/bugs/992012 ** This bug has been marked a duplicate of bug 992012 No /openssl.cnf file could be found because of a wrong regex in whichopensslcnf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
I spent a little time debugging this. I don't think it is a matter of a missing config file. When you 'source vars', one of the things that happens is this: # This variable should point to # the openssl.cnf file included # with easy-rsa. export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` If you look at whichopensslcnf, you see that the first section includes logic for determining the correct config file to used based on the OpenSSL version installed on the system. On my system (12.04 lts), 'openssl version' produces the following output: # openssl version OpenSSL 1.0.1 14 Mar 2012 Which, presumably, should generate a match in this code in whichopensslcnf: elif $OPENSSL version | grep -E 1\.0\.([[:digit:]][[:alnum:]]) /dev/null; then cnf=$1/openssl-1.0.0.cnf else cnf=$1/openssl.cnf fi Instead it is falling through to the default value (tested by running the grep command on its own) , which results in the output noted by others above. One workaround is to symlink openssl.cnf to the appropriate config file mentioned above. The solution is to fix the pattern matching... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
This is exactly the problem I encountered and which needs fixing. As a work around, I added a link to openssl-1.0.0.cnf with the name of openssl.cnf in the same directory: cd /etc/openvpn/easy-rsa sudo ln -s openssl-1.0.0.cnf openssl.cnf This worked, created the necessary certificate file and it is all working fine now. But that means that something is wrong with the package, as it seems to be missing a file. It also strikes me that there may be a missing openssl-1.0.1.cnf file. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
I hope this helps clarify things. Below are the instructions on how to set up an openvpn server from the ubuntu help page (ill keep them brief) located here - https://help.ubuntu.com/community/OpenVPN. Following the instructions are my results. Create the CA: cd /etc/openvpn/easy-rsa/ ## move to the easy-rsa directory sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/ sudo chmod g+w . ## make this directory writable by the system administrators source ./vars ## execute your new vars file ./clean-all ## Setup the easy-rsa directory (Deletes all keys) ./build-dh ## takes a while consider backgrounding ./pkitool --initca ## creates ca cert and key ./pkitool --server server ## creates a server cert and key cd keys openvpn --genkey --secret ta.key ## Build a TLS key sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../ Results: Using CA Common Name: changeme grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf The correct version should have a comment that says: easy-rsa version 2.x username@vpnserver001:/etc/openvpn/easy-rsa$ ./pkitool --server server Using Common Name: changeme grep: /etc/openvpn/easy-rsa/openssl.cnf: No such file or directory pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong version of openssl.cnf: /etc/openvpn/easy-rsa/openssl.cnf The correct version should have a comment that says: easy-rsa version 2.x username@vpnserver001:/etc/openvpn/easy-rsa$ cd keys username@vpnserver001:/etc/openvpn/easy-rsa/keys$ openvpn --genkey --secret ta.key username@vpnserver001:/etc/openvpn/easy-rsa/keys$ sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/ cp: cannot stat `server.crt': No such file or directory cp: cannot stat `server.key': No such file or directory cp: cannot stat `ca.crt': No such file or directory I am running the above commands on Ubuntu 12.04 64Bit, I installed Ubuntu using the Alternative install. I appreciate everything that everyone here does to make Ubuntu what it is. Getting this problem fixed is going to allow me to fully migrate over to 12.04. Let me know if I can be of any assistance. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
** Changed in: openvpn (Ubuntu) Importance: Undecided = Medium ** Changed in: openvpn (Ubuntu) Status: New = Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
** Changed in: openvpn (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 998918] Re: openvpn openssl.cnf file missing
so have I, but the script whichopensslcnf (in the easy-rsa directory of openvpn) expects to find an openssl.cnf file in the same directory as itself ** Package changed: ubuntu = openvpn (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/998918 Title: openvpn openssl.cnf file missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/998918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs