Unable to start the OpenVPN server

fstarter · 19 June 2020 12:10

i hope also that that will be the fix… otherwise i can not understand the problem.

r8bit · 19 June 2020 14:59

Thanks Peter,

Hopefully that’s the fix. Do you happen to know the estimated release date?

I see the release cycle is a 40 days process, perhaps only around 3 weeks until we see core 146?

Best regards

pmueller · 19 June 2020 15:14

Nope, sorry. Please watch https://blog.ipfire.org/ for any updates.

r8bit · 19 June 2020 17:40

Well that was quick. Core 146 is available for testing, I’ve upgraded but still the issue is present. Will try a fresh install at some point to see if that makes any difference.

fstarter · 19 June 2020 19:16

oh, sh… the hope is gone

r8bit · 21 June 2020 06:05

I’ve run a fresh install inside a VM and my initial findings are the issue is resolved. Managed to generate keys and create a roadwarrior configuration without any error. OpenVPN status shows as ‘Running’ on all WUI pages, where before this was not the case. Still to test connections are working, but it seems very likely all is resolved.

fstarter · 21 June 2020 09:00

did you reinstall the whole ipfire, or just openvpn?

r8bit · 21 June 2020 09:28

A new ipfire install using the latest core 146 testing image.

fstarter · 21 June 2020 15:28

hmm… no time for that, hope the final version of 146 will fix it

roberto · 6 July 2020 13:47

With 146 core same. The error is (in Nano R1 hardware):

Using configuration from /var/ipfire/ovpn/openssl/ovpn.cnf
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
......+...................................+...............................................................................................................................................................................+............+..................................................................................................................................................+..........................................................................+.....................................................+.............+...........+.................+................+.......................+........................................................................+..........................+..........................................+...................................................................................................................................................+.........+.....................................................................+...........................................................................................................+..............................+.....................................................................................................................................................................................[Mon Jul 06 15:39:47.457406 2020] [cgid:error] [pid 3421:tid 2949612576] [client 192.168.1.89:62276] Script timed out before returning headers: ovpnmain.cgi, referer: https://192.168.1.1:444/
........................................................+.....................................................+................................................................................................................................................+............................................+..........................................................................................................................................................................................................+............................+........................................................................................................................................................................+...............+.................................+......+.................................+...+..........+.........+.........................................................................................+......................................+.................+..................................................................+..........................................+.........................+.............................+...............................................................................+........................................................................................+.......................................................................................................................................................................................................+.......+.............................................+.....................+.........................................+........................................................+...........................+.............+.....................................................................+......................unable to load DH parameters
3069321232:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS
..unable to load DH parameters
3070083088:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS
..................+..+......

I go to create DH by hand.

Regards.

roberto · 6 July 2020 18:41

Nothing, same error. Finally, the solution was copy from another IPFire “ovpn” folder to IPFire with error and modify permissions and owner.

Regards.

fstarter · 7 July 2020 20:29

upgraded to core 146 and still the same problems… by creating the root/host certificates error… no possibility to start the server.

fstarter · 8 July 2020 08:43

i give up to try it… thanks for your help guys!

jlgtx · 21 July 2020 18:57

Check the permissions on the files in /var/ipfire/ovpn . On my system, the “server.conf” file was owned by root, so the web UI couldn’t update it, so OpenVPN didn’t have a valid config file.

fstarter · 21 July 2020 19:45

thanks for that, i have also server.conf owned by the root. Should it be owned by nobody?

fstarter · 21 July 2020 20:18

HEEEEEYY!!! THANKS A LOT!! That was the problem! Just setting chown and chgrp of setup.conf to nobody

ummeegge · 27 July 2020 05:46

Hi all,
a question comes up for me, why do you have had those permissions ?

Best,

Erik

fstarter · 27 July 2020 15:19

i bought hardware with installed ipfire on it, so i think, this was some security extra

ummeegge · 27 July 2020 16:14

Interesting and thanks for the information. Just to clarify, OpenVPN lower the privileges to nobody which is a security aspect. As a beneath one, it does not work with those kind of privileges, may you can go back to your hardware dealer and give him those information…

Another information for you, i would reinstall IPFire since it is obvious that you did NOT get a regular installed IPFire version with your new hardware, who knows what else has been modified …

May someone else does have similar experiences ?

Best,

Erik

fstarter · 27 July 2020 16:31

The hardware i got is not just some ebay stuff with shady sellers.

They sell open source hardware and (as i know) work together with ipfire.
So maby you can communicate with them, to clear it out, if there are some special settings for the ipfire.

Regards
fstarter