Help with getting OpenVPN running

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
KCCKMarshall
DD-WRT Novice


Joined: 27 Aug 2017
Posts: 1
PostPosted: Mon Aug 28, 2017 4:25    Post subject: Help with getting OpenVPN running Reply with quote
have been trying to get OpenVPN running for a while, without much success. My issue is I can't get the OpenVPN server to start.

Quote:
Dec 31 17:00:18 Gateway user.info syslog: openvpn : OpenVPN daemon (Server) starting/restarting...
Aug 27 16:06:33 Gateway daemon.notice openvpn[1134]: OpenVPN 2.3.12 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on
Aug 27 16:06:33 Gateway daemon.notice openvpn[1134]: library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
Aug 27 16:06:33 Gateway daemon.notice openvpn[1136]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
Aug 27 16:06:33 Gateway daemon.warn openvpn[1136]: NOTE: the current --script-security setting may allow this configuration to call user-defined
Aug 27 16:06:33 Gateway daemon.notice openvpn[1136]: Diffie-Hellman initialized with 2048 bit key
Aug 27 16:06:33 Gateway daemon.err openvpn[1136]: Error: private key password verification failed
Aug 27 16:06:33 Gateway daemon.notice openvpn[1136]: Exiting due to fatal error


Server log is as follows:
Quote:
dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem keepalive 10 120 verb 3 mute 3 syslog writepid /var/run/openvpnd.pid management 127.0.0.1 14 management-log-cache 100 topology subnet script-security 2 port 1194 proto udp cipher aes-256-cbc auth sha256 client-connect /tmp/openvpn/clcon.sh client-disconnect /tmp/openvpn/cldiscon.sh client-config-dir /tmp/openvpn/ccd comp-lzo adaptive tls-server ifconfig-pool-persist /tmp/openvpn/ip-pool 86400 client-to-client fast-io tun-mtu 1500 mtu-disc yes server 10.8.1.0 255.255.255.0 dev tun2 tun-ipv6 push "route IP mask gateway" push "dhcp-option DNS IP"


It appears the issue is the openVPN is unable to verify the private key. I am assuming the issue is with the server key, because it is the only key I have registered. I am using easyRSA v3.0.1. I have generated a ca.crt with a master password and I have generated a server.crt and server.key in which I also specified a password.

I am stuck I don't know how to get past this issue. Can anyone give me some suggestions how to resolve this issue?
Back to top View user's profile Send private message
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6291
Location: Texas
PostPosted: Mon Aug 28, 2017 6:50    Post subject: Reply with quote
New openSSL after r33006 will not validate keys with older md5 hash.
Sorry --- need to generate new keys.
See -
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1091841#1091841

See -
http://svn.dd-wrt.com/ticket/5923#comment:18

Make sure keys generated with sha256WithRSAEncryption.
That should be default setting with EasyRSA2 or EasyRSA3.
You can look at ca.crt generated and it will tell you what it is.
If that is not problem .... then I don't know.
Prolly could help you more if you give router & firmware you are using.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum