DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th September 2012
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default OpenVPN on OpenBSD 5.1

I replaced an OpenBSD 4.9 firewall with OpenVPN that was working fine but I'm having issues getting this one up.

I have installed openvpn from the packages and copied over /usr/local/share/examples/openvpn/easy-rsa/2.0/* over to /etc/openvpn/

So now when I go in to source the vars after editing the file I get the following error:
Code:
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[5]: HOME: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[6]: RANDFILE: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[7]: openssl_conf: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[12]: oid_section: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[13]: engines: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[32]: default_ca: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[37]: dir: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[38]: certs: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[39]: crl_dir: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[40]: database: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[41]: new_certs_dir: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[43]: certificate: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[44]: serial: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[45]: crl: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[46]: private_key: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[47]: RANDFILE: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[49]: x509_extensions: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[55]: default_days: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[56]: 30: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[57]: default_md: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[58]: preserve: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[63]: policy: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[67]: countryName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[68]: stateOrProvinceName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[69]: organizationName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[70]: organizationalUnitName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[71]: commonName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[72]: name: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[73]: emailAddress: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[79]: countryName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[80]: stateOrProvinceName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[81]: localityName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[82]: organizationName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[83]: organizationalUnitName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[84]: commonName: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[85]: name: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[86]: emailAddress: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[90]: default_bits: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[91]: default_keyfile: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[92]: distinguished_name: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[93]: attributes: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[94]: x509_extensions: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[106]: string_mask: not found
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf[111]: syntax error: `(' unexpected
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
I saw a post here where someone had the same problem but he didn't post his solution:
http://www.daemonforums.org/showthre...?t=3497&page=2

has anyone run into this before? Thanks in advance.
Reply With Quote
  #2   (View Single Post)  
Old 17th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Did you follow the vendor's HOWTO? That was posted at the end of the thread.
Reply With Quote
  #3   (View Single Post)  
Old 18th September 2012
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

Quote:
Originally Posted by jggimi View Post
Did you follow the vendor's HOWTO? That was posted at the end of the thread.
That's what I'm following, its on the . ./vars (sourcing vars) where it's failing.
Reply With Quote
  #4   (View Single Post)  
Old 18th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Ah. I haven't used OpenVPN or its easy-rsa toolkit in at least ten years.
Reply With Quote
  #5   (View Single Post)  
Old 19th September 2012
scrummie02 scrummie02 is offline
Port Guard
 
Join Date: Nov 2011
Posts: 27
Default

Quote:
Originally Posted by jggimi View Post
Ah. I haven't used OpenVPN or its easy-rsa toolkit in at least ten years.
You should, it's an awesome piece of software. Not hard to set up once installed really.

In any case I solved it. When you install from the packages and you copy over /usr/local/share/examples/openvpn/easy-rsa/2.0/* over to /etc/openvpn/easy-rsa (or where ever you want to copy it) you have to edit the vars file.

You have to specify the openssl-1.0.0.cnf file found with the OpenVPN package and I had to drop the $EASYRSA variable and actually put the path in.

In case someone runs into the same problem.
Reply With Quote
  #6   (View Single Post)  
Old 1st October 2012
libertas libertas is offline
New User
 
Join Date: Jan 2012
Posts: 8
Default

Quote:
Originally Posted by scrummie02 View Post
You should, it's an awesome piece of software. Not hard to set up once installed really.

In any case I solved it. When you install from the packages and you copy over /usr/local/share/examples/openvpn/easy-rsa/2.0/* over to /etc/openvpn/easy-rsa (or where ever you want to copy it) you have to edit the vars file.

You have to specify the openssl-1.0.0.cnf file found with the OpenVPN package and I had to drop the $EASYRSA variable and actually put the path in.

In case someone runs into the same problem.
I got the same error setting up OpenVPN on my 5.2 box, but solved it replacing the backticks with quotes in the line, besides eliminating the final $EASY_RSA:
Code:
export KEY_CONFIG=`$EASY_RSA/openssl-1.0.0.cnf`
to
Code:
export KEY_CONFIG="$EASY_RSA/openssl-1.0.0.cnf"

Last edited by libertas; 1st October 2012 at 05:03 PM.
Reply With Quote
  #7   (View Single Post)  
Old 19th September 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Cool! Glad you got it figured out!

I replaced OpenVPN VPNs with IPSec solutions so never needed it again. I do have an OpenVPN client on my phone, but haven't had used it as I have Dropbear ssh/sshd on the phone also.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD port of OpenVPN revisited J65nko OpenBSD Packages and Ports 4 11th February 2011 03:53 AM
openvpn on openbsd problem.... michaelk OpenBSD Security 8 9th February 2011 04:49 AM
openvpn-auth-ldap on openbsd 4.7 jespada OpenBSD General 2 26th August 2010 09:05 PM
Cannot set up OpenVPN guitarscn OpenBSD Security 8 5th October 2009 05:19 PM
openVPN 2.1_rc7 (server) on openBSD 4.3 config examples s2scott Guides 2 23rd May 2008 06:16 PM


All times are GMT. The time now is 07:32 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick