Naminator Posted August 31, 2017 Share Posted August 31, 2017 (edited) I had been using this plugin quite well for a couple of months, but recently I screwed up my drive with the appdata, so I had to reconfigure some plugins. I configure the plugin as usual but it appears that the "server.crt" file is not being generated, the rest of the files like dh.pem, server.key, ta.key and ca.crt are being generated. This does not let me to start the server. Any ideas what happened? This is the log: Options error: --cert fails with '/mnt/cache/appdata/myVPNserver/server.crt': No such file or directory Options error: Please correct these errors. Use --help for more information. When I try to add a user I get this: Adding client: test spawn ./easyrsa build-client-full test nopass Generating a 4096 bit RSA private key ................................++ ..................++ writing new private key to '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/test.key.XXXX2yVBjF' ----- Using configuration from ./openssl-1.0.cnf Enter pass phrase for /mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'test' ERROR: adding extensions in section default 47792154144280:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension name:v3_conf.c:125: 47792154144280:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=copy_extensions, value=copy Easy-RSA error: signing failed (openssl output above may have more detail) cp: cannot stat '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/issued/test.crt': No such file or directory you got only one client script, instead of script plus 4 keys and certs /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./test.crt: No such file or directory cp: cannot stat 'test.crt': No such file or directory rm: cannot remove 'test.crt': No such file or directory Done Inline file ! Edited August 31, 2017 by Naminator Quote Link to comment
peter_sm Posted September 1, 2017 Author Share Posted September 1, 2017 I had been using this plugin quite well for a couple of months, but recently I screwed up my drive with the appdata, so I had to reconfigure some plugins. I configure the plugin as usual but it appears that the "server.crt" file is not being generated, the rest of the files like dh.pem, server.key, ta.key and ca.crt are being generated. This does not let me to start the server. Any ideas what happened? This is the log: Options error: --cert fails with '/mnt/cache/appdata/myVPNserver/server.crt': No such file or directory Options error: Please correct these errors. Use --help for more information. When I try to add a user I get this: Adding client: test spawn ./easyrsa build-client-full test nopass Generating a 4096 bit RSA private key ................................++ ..................++ writing new private key to '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/test.key.XXXX2yVBjF' ----- Using configuration from ./openssl-1.0.cnf Enter pass phrase for /mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'test' ERROR: adding extensions in section default 47792154144280:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension name:v3_conf.c:125: 47792154144280:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=copy_extensions, value=copyEasy-RSA error:signing failed (openssl output above may have more detail) cp: cannot stat '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/issued/test.crt': No such file or directory you got only one client script, instead of script plus 4 keys and certs /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./test.crt: No such file or directory cp: cannot stat 'test.crt': No such file or directory rm: cannot remove 'test.crt': No such file or directory Done Inline file !Easyrsa is broken , se my info some post I post earlier Skickat från min iPhone med Tapatalk Quote Link to comment
peter_sm Posted September 1, 2017 Author Share Posted September 1, 2017 On 28/08/2017 at 2:54 PM, peter_sm said: Below link is to easyrsa with older releases https://github.com/OpenVPN/easy-rsa/releases Link to easyrsa older releases Quote Link to comment
1812 Posted September 3, 2017 Share Posted September 3, 2017 On the client, is there a way to have it auto login if it is disconnected? Like a "retry in 4 minutes if disconnected from server." I'm trying to setup a quasi site to site setup on a remote backup and wanted to bypass adding in another pfsense setup to manage a site to site connection. Quote Link to comment
Ashe Posted September 7, 2017 Share Posted September 7, 2017 Hi Peter, Recently my ISP has appeared to block port 1194 so I have switched to 443 and subsequently re-configured the server and raised new clients for iOS and windows. on connection from iOS I am getting a transport paused message which then leads to a NETWORK_EOF_ERROR / TRANSPORT_ERROR, all configurations server and client are identical to my previous setup. Have you come across this before? iOS connection log Quote 2017-09-07 12:55:36 Client terminated, reconnecting in 1... 2017-09-07 12:55:37 EVENT: RECONNECTING 2017-09-07 12:55:37 EVENT: RESOLVE 2017-09-07 12:55:37 Contacting xx.xx.xx.xx:443 via TCP 2017-09-07 12:55:37 EVENT: WAIT 2017-09-07 12:55:37 SetTunnelSocket returned 1 2017-09-07 12:55:37 Connecting to [xxxxx.duckdns.org]:443 (xx.xx.xx.xx) via TCPv4 2017-09-07 12:55:37 TCP recv EOF 2017-09-07 12:55:37 Transport Error: Transport error on 'xxxxxxx.duckdns.org: NETWORK_EOF_ERROR 2017-09-07 12:55:37 EVENT: TRANSPORT_ERROR Transport error on 'xxxxxxx.duckdns.org: NETWORK_EOF_ERROR [ERR] 2017-09-07 12:55:37 Client terminated, restarting in 5000 ms... 2017-09-07 12:55:40 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------ 2017-09-07 12:55:40 Client terminated, reconnecting in 1... 2017-09-07 12:55:41 EVENT: RECONNECTING 2017-09-07 12:55:41 EVENT: RESOLVE 2017-09-07 12:55:41 Contacting xx.xx.xx.xx:443 via TCP 2017-09-07 12:55:41 EVENT: WAIT 2017-09-07 12:55:41 SetTunnelSocket returned 1 2017-09-07 12:55:41 Connecting to [xxxxx.duckdns.org]:443 (xx.xx.xx.xx) via TCPv4 2017-09-07 12:55:41 TCP recv EOF 2017-09-07 12:55:41 Transport Error: Transport error on 'xxxxx.duckdns.org: NETWORK_EOF_ERROR 2017-09-07 12:55:41 EVENT: TRANSPORT_ERROR Transport error on 'xxxxx.duckdns.org: NETWORK_EOF_ERROR [ERR] 2017-09-07 12:55:41 Client terminated, restarting in 5000 ms... 2017-09-07 12:55:43 EVENT: CONNECTION_TIMEOUT [ERR] 2017-09-07 12:55:43 EVENT: DISCONNECTED 2017-09-07 12:55:43 Raw stats on disconnect: BYTES_OUT : 240 PACKETS_OUT : 15 NETWORK_EOF_ERROR : 15 TRANSPORT_ERROR : 15 CONNECTION_TIMEOUT : 1 N_RECONNECT : 14 2017-09-07 12:55:43 Performance stats on disconnect: CPU usage (microseconds): 80659 Network bytes per CPU second: 2975 Tunnel bytes per CPU second: 0 2017-09-07 12:55:43 EVENT: DISCONNECT_PENDING 2017-09-07 12:55:43 ----- OpenVPN Stop ----- W10 Connection Log Quote Thu Sep 07 13:12:07 2017 MANAGEMENT: >STATE:1504775527,WAIT,,,,,, Thu Sep 07 13:12:07 2017 Connection reset, restarting [0] Thu Sep 07 13:12:07 2017 SIGUSR1[soft,connection-reset] received, process restarting Thu Sep 07 13:12:07 2017 MANAGEMENT: >STATE:1504775527,RECONNECTING,connection-reset,,,,, Thu Sep 07 13:12:07 2017 Restart pause, 5 second(s) Thu Sep 07 13:12:12 2017 MANAGEMENT: >STATE:1504775532,RESOLVE,,,,,, Thu Sep 07 13:12:12 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443 Thu Sep 07 13:12:12 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Thu Sep 07 13:12:12 2017 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:443 [nonblock] Thu Sep 07 13:12:12 2017 MANAGEMENT: >STATE:1504775532,TCP_CONNECT,,,,,, Thu Sep 07 13:12:13 2017 TCP connection established with [AF_INET]xx.xx.xx.xx:443 Thu Sep 07 13:12:13 2017 TCP_CLIENT link local: (not bound) Thu Sep 07 13:12:13 2017 TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443 Thu Sep 07 13:12:13 2017 MANAGEMENT: >STATE:1504775533,WAIT,,,,,, Thu Sep 07 13:12:13 2017 Connection reset, restarting [0] Thu Sep 07 13:12:13 2017 SIGUSR1[soft,connection-reset] received, process restarting Thu Sep 07 13:12:13 2017 MANAGEMENT: >STATE:1504775533,RECONNECTING,connection-reset,,,,, Thu Sep 07 13:12:13 2017 Restart pause, 5 second(s) Quote Link to comment
mostlydave Posted September 21, 2017 Share Posted September 21, 2017 On 8/3/2017 at 1:43 PM, crazycam425 said: I have 2 unraid servers. I had this plugin installed for a year now on 1 of the servers. Just recently the plugin stopped working and I noticed the Start button was missing entirely so i cannot start the plugin. I tried to remove the plugin and used ca to remove all app data. Then I used Krusader to remove the file myVPNserver from the cache. Then I rebooted the server and tried to install again and the same thing happened. No start button. On my second server that has never had this plugin installed on it before, I was able to install the plugin and start it no problem and everything is fine. Can someone please help me figure this out. I really need to get this plugin going again and it is by far the best openvpn plugin for what I need. Any help is much appreciated. I have the exact same thing you describe going on, did you ever figure this out? Quote Link to comment
peter_sm Posted September 21, 2017 Author Share Posted September 21, 2017 3 hours ago, mostlydave said: I have the exact same thing you describe going on, did you ever figure this out? When this happen , can you check if the openvpn process is running ? ps -ef | grep openvpn and also check if this file exist. Shall not exist if the plugin is not started /var/run/openvpnserver/openvpnserver.pid //Peter Quote Link to comment
mostlydave Posted September 21, 2017 Share Posted September 21, 2017 10 hours ago, peter_sm said: When this happen , can you check if the openvpn process is running ? ps -ef | grep openvpn and also check if this file exist. Shall not exist if the plugin is not started /var/run/openvpnserver/openvpnserver.pid //Peter First Command: root@Zelda:~# ps -ef |grep openvpn root 23009 22337 0 11:44 pts/1 00:00:00 grep openvpn root@Zelda:~# root 23009 22337 0 11:44 pts/1 00:00:00 grep openvpn I am not seeing the .pid file in my appdata\openvpn folder Quote Link to comment
peter_sm Posted September 21, 2017 Author Share Posted September 21, 2017 (edited) 2 hours ago, mostlydave said: I am not seeing the .pid file in my appdata\openvpn folder What about the path and file I asked for ? /var/run/openvpnserver/openvpnserver.pid /etc/rc.d/rc.openvpnserver restart openvpn --version Try above 2 command and post results. //Peter Edited September 21, 2017 by peter_sm Quote Link to comment
mostlydave Posted September 21, 2017 Share Posted September 21, 2017 root@Zelda:~# An error occurred, server not started!. More info in /var/log/openvpnserver.log or /var/local/emhttp/plugins/openvpnserver/openvpnserver.out -bash: !.: event not found root@Zelda:~# /var/run/openvpnserver is empty I'm thinking I might just remove the plugin and start over, I just remember it being a pain trying to get the cert on an iphone Quote Link to comment
peter_sm Posted September 21, 2017 Author Share Posted September 21, 2017 2 minutes ago, mostlydave said: -bash: !.: event not found root@Zelda:~# This tell you that the openvpn packages are not installed, maybe you should verify your USB drive in a windows computer for error. Quote Link to comment
mostlydave Posted September 21, 2017 Share Posted September 21, 2017 I just remembered I am on the beta version6.4.0-rc8q, is 6.4 maybe what's causing this? Quote Link to comment
peter_sm Posted September 21, 2017 Author Share Posted September 21, 2017 I just remembered I am on the beta version6.4.0-rc8q, is 6.4 maybe what's causing this?NO I’m on 6.4 also, try type in openvpn and see what it’s says.Skickat från min iPhone med Tapatalk Quote Link to comment
mostlydave Posted September 21, 2017 Share Posted September 21, 2017 command not found Quote Link to comment
mostlydave Posted September 21, 2017 Share Posted September 21, 2017 I'm not sure what's going on, I had this setup and working, I don't use it often but the last time I tried I could not connect. I have a big red OpenVPN Server is NOT RUNNING message on the settings page, and not start server button Quote Link to comment
peter_sm Posted September 21, 2017 Author Share Posted September 21, 2017 You must have a bad USB drive since the openvpn is not installed. Quote Link to comment
peter_sm Posted September 21, 2017 Author Share Posted September 21, 2017 command not foundLook a the syslog about info from the plugin installation Quote Link to comment
thegeneral Posted September 27, 2017 Share Posted September 27, 2017 When going to the OpenVPN Client settings i see something called "choose a file" but its not clickable for me to upload my config file. Where do i place my config file so it shows up in the list thanks. Quote Link to comment
peter_sm Posted September 27, 2017 Author Share Posted September 27, 2017 5 hours ago, thegeneral said: When going to the OpenVPN Client settings i see something called "choose a file" but its not clickable for me to upload my config file. Where do i place my config file so it shows up in the list thanks. Hi, See info on first post and a link ,I will summarize it better in first page when I have time. "Unpack your provider certificate/files to /boot/openvpn (create that folder if it's not exist) , can now be several ovpn files" Quote Link to comment
iamtheoneyouknowbest Posted September 29, 2017 Share Posted September 29, 2017 On 8/31/2017 at 0:45 AM, peter_sm said: sudo: openvpn: command not found This indicates that you don't have the openvpn packages installed, pleas check your flash drive for defects. And add the syslog. I was able to fix the issue.. If others are having this problem, this is what I did. Remove the plugin Restart the server Reinstall it Worked! Thanks for responding Quote Link to comment
Guest Posted October 6, 2017 Share Posted October 6, 2017 Hi @peter_sm, I'm getting a weird issue when I try to generate client certificates. So I changed some settings that warranted a regeneration of client certificates. But the GUI won't let me regenerate the certificates, thinking that I already had them. So I went into the appdata folder and deleted anything that was related to the username of the client I was trying to generate. (I left the important files like server.crt and stuff like that alone, just anything with the username on it was deleted) The GUI still didn't let me regenerate, so I realized it was hashing the client name. Found where it was stored and deleted the line and GUI finally let me regenerate. And this is what I got spawn ./easyrsa build-client-full ideaman924 nopass couldn't execute "./easyrsa": permission denied while executing "spawn ./easyrsa build-client-full ideaman924 nopass" cp: cannot stat '/mnt/user/appdata/openvpn-server/easy-rsa/easyrsa3/pki/issued/ideaman924.crt': No such file or directory cp: cannot stat '/mnt/user/appdata/openvpn-server/easy-rsa/easyrsa3/pki/private/ideaman924.key': No such file or directory you got only one client script, instead of script plus 4 keys and certs /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./ideaman924.crt: No such file or directory /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 498: ./ideaman924.key: No such file or directory cp: cannot stat 'ideaman924.crt': No such file or directory cp: cannot stat 'ideaman924.key': No such file or directory rm: cannot remove 'ideaman924.crt': No such file or directory rm: cannot remove 'ideaman924.key': No such file or directory Done Inline file ! Uhh permission denied? What is wrong here? Also can you *please, please please* make regeneration of client files easy through the GUI? I hate going to the console... Also it might be good if the "Generate Certificate" button initiated a download straight from the browser instead of us hunting through the appdata folder... Quote Link to comment
peter_sm Posted October 7, 2017 Author Share Posted October 7, 2017 14 hours ago, ideaman924 said: Hi @peter_sm, I'm getting a weird issue when I try to generate client certificates. So I changed some settings that warranted a regeneration of client certificates. But the GUI won't let me regenerate the certificates, thinking that I already had them. Also it might be good if the "Generate Certificate" button initiated a download straight from the browser instead of us hunting through the appdata folder... When changing settings for the server that needs new client certificate I recommend to "Regenerate the server certificates keys" this will give you a fresh server with all old clients deleted. Will this meet your requirements ? I can look at the download of client file what I can do. Quote Link to comment
Guest Posted October 7, 2017 Share Posted October 7, 2017 1 hour ago, peter_sm said: When changing settings for the server that needs new client certificate I recommend to "Regenerate the server certificates keys" this will give you a fresh server with all old clients deleted. Will this meet your requirements ? I can look at the download of client file what I can do. That is OK too but doesn't it take quite some time to regenerate? Also the download thing would be pretty sweet if it gets implemented, thanks in advance! Quote Link to comment
peter_sm Posted October 8, 2017 Author Share Posted October 8, 2017 On 2017-10-07 at 10:13 AM, ideaman924 said: Also the download thing would be pretty sweet if it gets implemented, thanks in advance! New release available , now with an new tab for download of client config files! //Peter Quote Link to comment
ksignorini Posted October 9, 2017 Share Posted October 9, 2017 Is it possible to run both the Server (for incoming connections to my network) and the Client (to connect my unRAID box to an outside VPN) at the same time? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.