OpenSSL - something more useful than 256 error

jinnicky · 20 March 2023 15:35

I do wish that OpenSSL would come up with something more useful than 256 error.

I had 2 net-to-net virtual nets running, but had to rebuild my firewall. Due to a change in DDNS servers, I had to re-do the certificates.

My first try after reinstalling IPfire and a backup was to remove the x509 which seemed to remove the connections. It complained about using a duplicate port of one of the old connections.

I then reinstalled the backup and deleted the two connections, reboot.

The first one set up with out problems. It’s pretty much default everything on port 1195 with OpenVPN subnet of 10.10.9.0/255.255.255.0

The second one on port 1196 with OpenVPN subnet of 10.9.9.0/255.255.255.0, copied from what was working before, gives an OpenSSL 256 error.

The names are different, I even tried changing the local VPN hostname. I tried variations in the certificate fields

tphz · 20 March 2023 15:49

Have you read this thread?

BR

ummeegge · 21 March 2023 16:13

Hi all,
@jinnicky did you checked ‘/var/log/httpd/error_log’ ? May there are more detailed information what causes the 256 error ? Such error may can be intercepted by a plausibility check in ovpnmain.cgi ?

Best,

Erik

jinnicky · 22 March 2023 02:39

Yes I did, thank you.

It turns out that the fields in the second certificate matched the first one too closely. Once I changed that, it was accepted.

bonnietwin · 13 September 2023 06:31

A post was split to a new topic: Openssl - can’t open /var/ipfire/ovpn/ca/.rnd

jon · 15 March 2024 20:43

3 posts were split to a new topic: OpenSSL produced an error: 256