Unable to start the OpenVPN server

Hey!

I made all configurations given in the docs, but the server doesn’t start.
If i press “start openvpn-server” just nothing happens.

regards
f

Perhaps this will help.
https://community.ipfire.org/t/openvpn-setup-unable-to-complete/2234/6

or

or

thanks!
the start button is not greyed, so i can press it, but nothing happens after that.
i also already created one user.

I try to check everything with the video tutorials.

the problem stil exists… maby its because of the connection breaks to the firewall while creating the certificates? But if i refresh the website after the break, it shows me the certificates.

Save and start OPENvpn


related link?

really strange… it shows me “internal server error… The server encountered an internal error or misconfiguration and was unable to complete your request.”

if i refresh the page the “save” is not greyed. So i think, thats the point.

It shows “stopped” already on the openvpn page, also on services.

1 Like

Are there any errors in the Apache error_log file at /var/log/httpd/?

can i see this log somehow in the ipfire gui, without connecting over ssh?

Connection is via SSH.

And type in:

grep error /var/log/httpd/error_log

Bump, experiencing same.

no, the start button is not greyed out after puting the settings.
I will try to get the log over ssh, but it will take some time.

Output:

[cgid:error] [pid 3160:tid 124685601707776] [client w.x.y.a:54771] End of script output before headers: ovpnmain.cgi, referer: https://w.x.y.z:444/

Output when trying to “Save Advanced Options”:

End of script output before headers: ovpnmain.cgi,

3069554704:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS …x…x.x.x…x…
[cgid:error] [pid 8562:tid 2966377504] [client 192…] Script timed out before returning headers: ovpnmain.cgi, referer: https://192…/

[auth_basic:error] [pid 8562:tid 2983162912] [client 192…:52123] AH01618: user not found: /cgi-bin/index.cgi

[cgid:error] [pid 8562:tid 2922378272] [client 192…:50112] End of script output before headers: ovpnmain.cgi, referer: 192…

Hi f starter,
the Diffie-Hellman-parameter is missing, what key length are you using ? In general the DH-parameter needs longer time while creating the PKI (or single DH creation), on some boards it can take really long. The ovpnmain.cgi can run into script time out but the OpenSSL process is still working in the background. If you reload the OpenVPN page, you will see the regular page, if the machine have had reached the time to generate the DH-parameter, it will also be shown in the WUI (reload it again).
To see if OpenSSL is still working, you can run a

tailf /var/log/httpd/error_log

whereby you should see some points/symbols running over the monitor, do not reboot the machine then cause it will break this process and results in a no DH-parameter (OpenVPN do not works).

Another possibility: If you want bigger key lengths for the DH-parameter can be to generate it on another machine, if you use UNIX, Linux or OS X machines, a

openssl dhparam -out /var/tmp/dh4096.pem 4096

would generate a 4096 bit DH-parameter which you can then upload via the ’ Upload new Diffie-Hellman parameters’ function over the WUI --> https://wiki.ipfire.org/configuration/services/openvpn/config/upload_gen .

Best,

Erik

hey Erik and thanks!
i can see “DH Parameters: (2048 bit)” by the keys, so it seems to be created.
Maby its somehow broken, but its created.

Same issue here.

Any news on trying to generate and upload a new DH-parameter ?
2048 or 3072 bit should also be OK. If you generate it on IPFire, you can use also the WUI, on slow machines i would prefer 2048 bit…

Best,

Erik

tried it several times… the same issue

Hi,

just guessing: Could this be related to the accidentally missing OpenVPN update in Core Update 145 (which will be fixed in Core Update 146)?

If not, please ignore the noise. :slight_smile:

Thanks, and best regards,
Peter Müller