can i see this log somehow in the ipfire gui, without connecting over ssh?
Connection is via SSH.
And type in:
grep error /var/log/httpd/error_log
Bump, experiencing same.
no, the start button is not greyed out after puting the settings.
I will try to get the log over ssh, but it will take some time.
Output:
[cgid:error] [pid 3160:tid 124685601707776] [client w.x.y.a:54771] End of script output before headers: ovpnmain.cgi, referer: https://w.x.y.z:444/
Output when trying to “Save Advanced Options”:
End of script output before headers: ovpnmain.cgi,
3069554704:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS …x…x.x.x…x…
[cgid:error] [pid 8562:tid 2966377504] [client 192…] Script timed out before returning headers: ovpnmain.cgi, referer: https://192…/
[auth_basic:error] [pid 8562:tid 2983162912] [client 192…:52123] AH01618: user not found: /cgi-bin/index.cgi
[cgid:error] [pid 8562:tid 2922378272] [client 192…:50112] End of script output before headers: ovpnmain.cgi, referer: 192…
Hi f starter,
the Diffie-Hellman-parameter is missing, what key length are you using ? In general the DH-parameter needs longer time while creating the PKI (or single DH creation), on some boards it can take really long. The ovpnmain.cgi can run into script time out but the OpenSSL process is still working in the background. If you reload the OpenVPN page, you will see the regular page, if the machine have had reached the time to generate the DH-parameter, it will also be shown in the WUI (reload it again).
To see if OpenSSL is still working, you can run a
tailf /var/log/httpd/error_log
whereby you should see some points/symbols running over the monitor, do not reboot the machine then cause it will break this process and results in a no DH-parameter (OpenVPN do not works).
Another possibility: If you want bigger key lengths for the DH-parameter can be to generate it on another machine, if you use UNIX, Linux or OS X machines, a
openssl dhparam -out /var/tmp/dh4096.pem 4096
would generate a 4096 bit DH-parameter which you can then upload via the ’ Upload new Diffie-Hellman parameters’ function over the WUI --> https://wiki.ipfire.org/configuration/services/openvpn/config/upload_gen .
Best,
Erik
hey Erik and thanks!
i can see “DH Parameters: (2048 bit)” by the keys, so it seems to be created.
Maby its somehow broken, but its created.
Same issue here.
Any news on trying to generate and upload a new DH-parameter ?
2048 or 3072 bit should also be OK. If you generate it on IPFire, you can use also the WUI, on slow machines i would prefer 2048 bit…
Best,
Erik
tried it several times… the same issue
Hi,
just guessing: Could this be related to the accidentally missing OpenVPN update in Core Update 145 (which will be fixed in Core Update 146)?
If not, please ignore the noise. 
Thanks, and best regards,
Peter Müller
i hope also that that will be the fix… otherwise i can not understand the problem.
Thanks Peter,
Hopefully that’s the fix. Do you happen to know the estimated release date?
I see the release cycle is a 40 days process, perhaps only around 3 weeks until we see core 146?
Best regards
Well that was quick. Core 146 is available for testing, I’ve upgraded but still the issue is present. Will try a fresh install at some point to see if that makes any difference.
1 Like
oh, sh… the hope is gone
I’ve run a fresh install inside a VM and my initial findings are the issue is resolved. Managed to generate keys and create a roadwarrior configuration without any error. OpenVPN status shows as ‘Running’ on all WUI pages, where before this was not the case. Still to test connections are working, but it seems very likely all is resolved.
did you reinstall the whole ipfire, or just openvpn?