Openssl - can't open /var/ipfire/ovpn/ca/.rnd

Hi guys.

With version CU178 I get the same error when trying to create a certificate with OpenVPN (OpenSSL produjo un error: 256 ).

I have read the previous forum threads but they have not solved anything for me. This appears in “error_log”:

Country Name (2 letter code) [GB]:State or Province Name (full name) []:Locality Name (eg, city) []:Organization Name (eg, company) [My Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:Cannot write random bytes:
4097E55E647D0000:error:12000079:random number generator:RAND_write_file:Cannot open file:crypto/rand/randfile.c:240:Filename=/var/ipfire/ovpn/ca/.rnd
Can't load /var/ipfire/ovpn/ca/.rnd into RNG
4037B5A691760000:error:12000079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:106:Filename=/var/ipfire/ovpn/ca/.rnd
.+.....+...+......+....+........+.........+.+...+..+.......+...+..+.......+...+........+...+....+........+...+.+...+..+++++++++++++++++++++++++++++++++++++++++++++*...+.+++++++++++++++++++++++++++++++++++++++++++++*.+..+......+.......+...+........+....+.....+................+.....+....+...+.....+.......+..+....+......+.....+.+........................+......+........+................+........+.+.....+....+.....+.......+......+...............+........+....+...+.....+.............+.....+.......+.....+.............+.....+.......+.........+.....+........................................+...+......+.....+.........+............+..........+...............+......+...+.....+.+...........+....+........+............+.............+...+....................+.......+......+...........+...+............+.+..+.+............+..+...+....+.........+...........+.............+......+..+++++
...............+......+.....+.+++++++++++++++++++++++++++++++++++++++++++++*...........+....+......+...+.....+.............+.....+...+....+..+.+............+........+...+.+......+...+..+.......+......+......+.....+.+.........+.....+.+.....+.......+..+....+..+.........+...+.+..+...............+...+.........+......+++++++++++++++++++++++++++++++++++++++++++++*.+...........................+...+.......+...+..+.....................+...............+.+..................+......+..+............+++++

I’ve checked the permissions of the “ovpn” folders in /var/ipfire, but I haven’t seen anything strange.

Does this happen to anyone else?.

Thank you so much.

The error message is saying that it can’t open the randfile /var/ipfire/ovpn/ca/.rnd

Is that file present and if yes what permissions and ownership does it have. On my system the ownership and permissions are

drwxr-xr-x 2 nobody nobody 4.0K Jun 26 15:48 .
drwxr-xr-x 9 nobody nobody 4.0K Sep 11 16:41 …
-rw-r–r-- 1 nobody nobody 2.3K Jun 26 15:48 cacert.pem
-rw------- 1 nobody nobody 3.2K Jun 26 15:48 cakey.pem
-rw------- 1 root root 1.0K Jul 27 2020 .rnd

Hi all,
the RAND file and the ‘.rnd’ entries in /var/ipfire/ovpn/openssl/ovpn.cnf has been deleted with Core 128 → git.ipfire.org Git - ipfire-2.x.git/commit .
@roberto , is it possible that you do have the ‘.rnd’ entries in your ovpn.cnf again ? If so, you should delete them for OpenVPN like in here → git.ipfire.org Git - ipfire-2.x.git/blobdiff - config/ovpn/openssl/ovpn.cnf and for OpenSSL configuration /etc/ssl/openssl.cnf like in here → git.ipfire.org Git - ipfire-2.x.git/blobdiff - config/ssl/openssl.cnf .

Best,

Erik

Hi @ummeegge

So the .rnd file can be removed from the ca directory. It is no longer needed.

Hello @bonnietwin ,
yes this has been done system wide with Core 128 → git.ipfire.org Git - ipfire-2.x.git/commit .

OK. I still have the .rnd file on my system although the .conf file is correct.

Probably I did a restore from an earlier backup that had the .rnd file stored.

I will remove it from my production system then. Thanks.

YES @ummeegge.

I copied the file from another IPFire that works fine and bang, it works.

Thank you for your speed.