|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
OpenVPN & Libre & esayrsa
Hi All,
SO I'm trying to get openvpn working on openbsd 5.9 and sofar its been nothing but a nightmare with libre and easyrsa. The install guide I am using is http://www.openbsdsupport.org/openvp...MissingOpenSSL the fix was here: https://forums.openvpn.net/viewtopic.php?t=17800 For the sake of testing I installed EasyRsa-v3.0.0-rc2 OpenSSL> version LibreSSL 2.3.2 My install process is: pkg_add openvpn install -m 700 -d /etc/openvpn/private install -m 700 -d /etc/openvpn/private-client-conf install -m 755 -d /etc/openvpn/certs install -m 755 -d /var/log/openvpn install -m 755 -d /var/openvpn/chrootjail/etc/openvpn install -m 755 -d /etc/openvpn/chrootjail/etc/openvpn/ccd # client custom configuration dir install -m 755 -d /var/openvpn/chrootjail/var/openvpn install -m 755 -d /var/openvpn/chrootjail/tmp mv /etc/openvpn/ccd/ /etc/openvpn/crl.pem /var/openvpn/chrootjail/etc/openvpn/ ln -s /var/openvpn/chrootjail/etc/openvpn/crl.pem /etc/openvpn/crl.pem ln -s /var/openvpn/chrootjail/etc/openvpn/ccd/ /etc/openvpn/ ln -s /var/openvpn/chrootjail/etc/openvpn/replay-persist-file /etc/openvpn/replay-persist-file everything except that move works.. tar czvf /ins/easyrsa.old.tgz /etc/openvpn/easy-rsa/3/ cd /etc/openvpn/easy-rsa/3/ tar tzvf /root/EasyRSA-3.0.0-rc2.tgz tar tzvsf +EasyRSA[^/]*/++gp /root/EasyRSA-3/EasyRSA-3.0.0-rc2.tgz '*/easyrsa' '*/openssl*.cnf' '*/vars.example' '*/x509-types' tar xzvsf +EasyRSA[^/]*/++gp /3/EasyRSA-3.0.0-rc2.tgz '*/easyrsa' '*/openssl*.cnf' '*/vars.example' '*/x509-types' install -m 700 -d /etc/openvpn/private install -m 700 -d /etc/openvpn/private-client-conf install -m 755 -d /etc/openvpn/certs install -m 755 -d /var/log/openvpn install -m 755 -d /var/openvpn/chrootjail/etc/openvpn install -m 755 -d /etc/openvpn/chrootjail/etc/openvpn/ccd # client custom configuration dir install -m 755 -d /var/openvpn/chrootjail/var/openvpn install -m 755 -d /var/openvpn/chrootjail/tmp mv /etc/openvpn/ccd/ /etc/openvpn/crl.pem /var/openvpn/chrootjail/etc/openvpn/ ln -s /var/openvpn/chrootjail/etc/openvpn/crl.pem /etc/openvpn/crl.pem ln -s /var/openvpn/chrootjail/etc/openvpn/ccd/ /etc/openvpn/ ln -s /var/openvpn/chrootjail/etc/openvpn/replay-persist-file /etc/openvpn/replay-persist-file install -m 700 -d /etc/openvpn/easy-rsa /etc/openvpn/easy-rsa/3 cd /etc/openvpn/easy-rsa/3/ ls -alpd easyrsa vars* less vars.example tar czvf /ins/easyrsa.old.tgz /etc/openvpn/easy-rsa/3/ cd /etc/openvpn/easy-rsa/3/ tar tzvf /ins/EasyRSA-3.0.0-rc2.tgz tar tzvsf +EasyRSA[^/]*/++gp /ins/EasyRSA-3.0.0-rc2.tgz '*/easyrsa' '*/openssl*.cnf' '*/vars.example' '*/x509-types' tar xzvsf +EasyRSA[^/]*/++gp /ins/EasyRSA-3.0.0-rc2.tgz '*/easyrsa' '*/openssl*.cnf' '*/vars.example' '*/x509-types' Then I get to this part Optional - fixing error "Missing or invalid OpenSSL" If you get an error with easyrsa like Missing or invalid OpenSSL or Expected to find openssl command at: openssl then search forward in this document for Appendix A - fixing error Missing or invalid OpenSSL That was needed in November 2014 with OpenBsd 5.6 and EasyRSA-3.0.0-rc2 Appendix A - fixing error Missing or invalid OpenSSL If you get an error with easyrsa like: Easy-RSA error: Missing or invalid OpenSSL Expected to find openssl command at: openssl Check the openssl version openssl version LibreSSL 2.0 If the version does not start with OpenSSL - then might be not recognized by easyrsa script and then needs correction. That was the case for OpenBsd version 5.6 and EasyRSA-3.0.0-rc2. The fix is quite simple (but verify that all further executions of easyrsa are working correctly). I mod the file as noted. I dont get any errors.. but the Diff command returns no changes. ?!?!? cp -p easyrsa easyrsa.old ## cat easyrsa.old | perl -pe 's/(\[ "\$\{val.. \*\}" = ")OpenSSL(" ] \|\| die)/$1LibreSSL$2/' > easyrsa cat easyrsa.old | perl -pe 's/(\[)( "\$\{val.. \*\}" = ")(OpenSSL)(")( ] \|\| die)/$1$2$3$4 -o $2LibreSSL$4$5/' > easyrsa; diff easyrsa easyrsa.old 291c291 < [ "${val%% *}" = "LibreSSL" ] || die "\ --- [ "${val%% *}" = "OpenSSL" -o "${val%% *}" = "LibreSSL" ] || die "\ ls -alp /etc/openvpn/private/vpn-ta.key || openvpn --genkey --secret /etc/openvpn/private/vpn-ta.key I can generate the private key it shows up here... /etc/openvpn/private/vpn-ta.key I get right up to here ./easyrsa --batch=0 init-pki # creates empty dirs pki/ pki/private/ pki/reqs/ . batch=1 - overwrite/delete without asking And it dies horrifically The Diff command does not report any changes. ki/private/ pki/reqs/ . batch=1 - overwrite/delete without asking < 560871696:error:0E065068:configuration file routines:STR_COPY:variable has no value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_def.c:573:line 3 Easy-RSA error: Missing or invalid OpenSSL Expected to find openssl command at: openssl ----------------------- I've never set up openvpn but just wondering: DO I need this easy rsa? can this stuff be generated with libre its self? if so what would I need? should i do all this stuff on a linux box with openssl? any help would be awesome.. thanks |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
VPN Provider (OpenVPN) | Peter_APIIT | OpenBSD Security | 3 | 8th September 2015 06:03 PM |
European IT authorities want better OOXML in Libre/OpenOffice | J65nko | News | 0 | 16th December 2011 04:22 AM |
Does pf conflict with OpenVPN? | Emile | OpenBSD Packages and Ports | 37 | 2nd February 2011 11:03 PM |
OpenVPN BSD_Auth | There0 | OpenBSD Installation and Upgrading | 0 | 8th May 2010 09:53 AM |
Cannot set up OpenVPN | guitarscn | OpenBSD Security | 8 | 5th October 2009 05:19 PM |