3069554704:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS …x…x.x.x…x…
[cgid:error] [pid 8562:tid 2966377504] [client 192…] Script timed out before returning headers: ovpnmain.cgi, referer: https://192…/
[auth_basic:error] [pid 8562:tid 2983162912] [client 192…:52123] AH01618: user not found: /cgi-bin/index.cgi
[cgid:error] [pid 8562:tid 2922378272] [client 192…:50112] End of script output before headers: ovpnmain.cgi, referer: 192…
Hi f starter,
the Diffie-Hellman-parameter is missing, what key length are you using ? In general the DH-parameter needs longer time while creating the PKI (or single DH creation), on some boards it can take really long. The ovpnmain.cgi can run into script time out but the OpenSSL process is still working in the background. If you reload the OpenVPN page, you will see the regular page, if the machine have had reached the time to generate the DH-parameter, it will also be shown in the WUI (reload it again).
To see if OpenSSL is still working, you can run a
tailf /var/log/httpd/error_log
whereby you should see some points/symbols running over the monitor, do not reboot the machine then cause it will break this process and results in a no DH-parameter (OpenVPN do not works).
Another possibility: If you want bigger key lengths for the DH-parameter can be to generate it on another machine, if you use UNIX, Linux or OS X machines, a
openssl dhparam -out /var/tmp/dh4096.pem 4096
would generate a 4096 bit DH-parameter which you can then upload via the ’ Upload new Diffie-Hellman parameters’ function over the WUI --> https://wiki.ipfire.org/configuration/services/openvpn/config/upload_gen .
Best,
Erik
hey Erik and thanks!
i can see “DH Parameters: (2048 bit)” by the keys, so it seems to be created.
Maby its somehow broken, but its created.
Same issue here.
Any news on trying to generate and upload a new DH-parameter ?
2048 or 3072 bit should also be OK. If you generate it on IPFire, you can use also the WUI, on slow machines i would prefer 2048 bit…
Best,
Erik
tried it several times… the same issue
Hi,
just guessing: Could this be related to the accidentally missing OpenVPN update in Core Update 145 (which will be fixed in Core Update 146)?
If not, please ignore the noise. 
Thanks, and best regards,
Peter Müller
i hope also that that will be the fix… otherwise i can not understand the problem.
Thanks Peter,
Hopefully that’s the fix. Do you happen to know the estimated release date?
I see the release cycle is a 40 days process, perhaps only around 3 weeks until we see core 146?
Best regards
Well that was quick. Core 146 is available for testing, I’ve upgraded but still the issue is present. Will try a fresh install at some point to see if that makes any difference.
oh, sh… the hope is gone
I’ve run a fresh install inside a VM and my initial findings are the issue is resolved. Managed to generate keys and create a roadwarrior configuration without any error. OpenVPN status shows as ‘Running’ on all WUI pages, where before this was not the case. Still to test connections are working, but it seems very likely all is resolved.
did you reinstall the whole ipfire, or just openvpn?
A new ipfire install using the latest core 146 testing image.
hmm… no time for that, hope the final version of 146 will fix it
With 146 core same. The error is (in Nano R1 hardware):
Using configuration from /var/ipfire/ovpn/openssl/ovpn.cnf
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
......+...................................+...............................................................................................................................................................................+............+..................................................................................................................................................+..........................................................................+.....................................................+.............+...........+.................+................+.......................+........................................................................+..........................+..........................................+...................................................................................................................................................+.........+.....................................................................+...........................................................................................................+..............................+.....................................................................................................................................................................................[Mon Jul 06 15:39:47.457406 2020] [cgid:error] [pid 3421:tid 2949612576] [client 192.168.1.89:62276] Script timed out before returning headers: ovpnmain.cgi, referer: https://192.168.1.1:444/
........................................................+.....................................................+................................................................................................................................................+............................................+..........................................................................................................................................................................................................+............................+........................................................................................................................................................................+...............+.................................+......+.................................+...+..........+.........+.........................................................................................+......................................+.................+..................................................................+..........................................+.........................+.............................+...............................................................................+........................................................................................+.......................................................................................................................................................................................................+.......+.............................................+.....................+.........................................+........................................................+...........................+.............+.....................................................................+......................unable to load DH parameters
3069321232:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS
..unable to load DH parameters
3070083088:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS
..................+..+......
I go to create DH by hand.
Regards.
Nothing, same error. Finally, the solution was copy from another IPFire “ovpn” folder to IPFire with error and modify permissions and owner.
Regards.
upgraded to core 146 and still the same problems… by creating the root/host certificates error… no possibility to start the server.
i give up to try it… thanks for your help guys!