search

OpenMediaVault-Plugin-Developers / openmediavault-openvpn

OpenMediaVault plugin for OpenVPN
19 stars 19 forks source link

openvpn on omv5 with rapspian buster lite gives error message. #32

Closed birdybird123 closed 3 years ago

birdybird123 commented 4 years ago

i got this error trying to create certificate:

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; /usr/sbin/omv-openvpn add 'da12a8c7-a9dd-4f68-85d4-a948eb10d553' 2>&1' with exit code '2': Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?

Expected to find the EASYRSA_PKI at: /etc/openvpn/pki

Run easyrsa without commands for usage and command help.

/opt/EasyRSA-v3.0.6/easyrsa: 319: set: Illegal option -o echo

LittleWhite-tb commented 3 years ago

Hello,

I encountered the same errors. You have to run the following commands first:

sudo /usr/share/easy-rsa/easyrsa init-pki
sudo /usr/share/easy-rsa/easyrsa build-ca

You will see that build-ca asks to create a password. This password will be needed to open the CA when you will create a new certificate in the plugin interface... This will fail, since you have no way to give the password. As you can see by the following error log:

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; /usr/sbin/omv-openvpn add '71bf80c0-08f6-4473-a366-b505bee9cf48' 2>&1' with exit code '2': Using SSL: openssl OpenSSL 1.1.1d 10 Sep 2019 Generating a RSA private key ............................+++++ .........................+++++ writing new private key to '/etc/openvpn/pki/private/DVP9.key.Wg6OUwDrRx' ----- Using configuration from /etc/openvpn/pki/safessl-easyrsa.cnf Enter pass phrase for /etc/openvpn/pki/private/ca.key: User interface error 281473247750016:error:2807106B:UI routines:UI_process:processing error:../crypto/ui/ui_lib.c:545:while reading strings unable to load CA private key 281473247750016:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:570: 281473247750016:error:0906A065:PEM routines:PEM_do_header:bad decrypt:../crypto/pem/pem_lib.c:461: Easy-RSA error: signing failed (openssl output above may have more detail) /opt/EasyRSA-v3.0.6/easyrsa: 319: set: Illegal option -o echo

In fact, we can generate the CA without a password with the command:

sudo /usr/share/easy-rsa/easyrsa build-ca nopass

And now, the plugin can generate certificates!

nath67 commented 3 years ago

Hello,

I have the same error but /usr/share/easy-rsa/easyrsa is not present in my system Is there a special configuration to do after the install it or just installing it via the web is enough?

LittleWhite-tb commented 3 years ago

You have to install it, from a terminal with the following command:

sudo apt install easy-rsa

Then, you will be able to do the commands that I have posted in my previous post.

ryecoaaron commented 3 years ago

You shouldn't have to install a package. The plugin itself downloads it - https://github.com/OpenMediaVault-Plugin-Developers/openmediavault-openvpn/blob/master/usr/share/openmediavault/confdb/create.d/conf.service.openvpn.sh#L64. I guessing something went wrong when you installed the plugin.

nath67 commented 3 years ago

it install it in /opt so it might be the issue ?

ryecoaaron commented 3 years ago

/opt is where the plugin runs it from - https://github.com/OpenMediaVault-Plugin-Developers/openmediavault-openvpn/blob/master/usr/sbin/omv-openvpn#L42. So, if the install went badly (no internet or failed to download), then nothing else in the plugin is going to work.

LittleWhite-tb commented 3 years ago

I would like to see this problem fixed (I mean, I will try to help for that). Here the plugin install log:

Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  libpkcs11-helper1 openvpn
Suggested packages:
  openvpn-systemd-resolved
Recommended packages:
  easy-rsa
The following NEW packages will be installed:
  libpkcs11-helper1 openmediavault-openvpn openvpn
0 upgraded, 3 newly installed, 0 to remove and 26 not upgraded.
Need to get 538 kB of archives.
After this operation, 1591 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main arm64 libpkcs11-helper1 arm64 1.25.1-1 [45.2 kB]
Get:2 http://deb.debian.org/debian buster/main arm64 openvpn arm64 2.4.7-1 [464 kB]
Get:3 https://dl.bintray.com/openmediavault-plugin-developers/usul buster/main arm64 openmediavault-openvpn all 5.1 [29.1 kB]
Preconfiguring packages ...
Fetched 538 kB in 0s (2417 kB/s)
Selecting previously unselected package libpkcs11-helper1:arm64.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 59268 files and directories currently installed.)
Preparing to unpack .../libpkcs11-helper1_1.25.1-1_arm64.deb ...
Unpacking libpkcs11-helper1:arm64 (1.25.1-1) ...
Selecting previously unselected package openvpn.
Preparing to unpack .../openvpn_2.4.7-1_arm64.deb ...
Unpacking openvpn (2.4.7-1) ...
Selecting previously unselected package openmediavault-openvpn.
Preparing to unpack .../openmediavault-openvpn_5.1_all.deb ...
Unpacking openmediavault-openvpn (5.1) ...
Setting up libpkcs11-helper1:arm64 (1.25.1-1) ...
Setting up openvpn (2.4.7-1) ...
Restarting virtual private network daemon.:.
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn.service → /lib/systemd/system/openvpn.service.
Setting up openmediavault-openvpn (5.1) ...
Updating init script links and actions.
enabled
Updating configuration database ...
--2021-02-18 20:05:42--  https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
Resolving github.com (github.com)... 140.82.121.4
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-releases.githubusercontent.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210218%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210218T200542Z&X-Amz-Expires=300&X-Amz-Signature=d3090d090b5dea55aad59d7c4abe01ec862e581a7dd35d437ddfc77eb091b368&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream [following]
--2021-02-18 20:05:42--  https://github-releases.githubusercontent.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210218%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210218T200542Z&X-Amz-Expires=300&X-Amz-Signature=d3090d090b5dea55aad59d7c4abe01ec862e581a7dd35d437ddfc77eb091b368&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream
Resolving github-releases.githubusercontent.com (github-releases.githubusercontent.com)... 185.199.111.154, 185.199.109.154, 185.199.110.154, ...
Connecting to github-releases.githubusercontent.com (github-releases.githubusercontent.com)|185.199.111.154|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40840 (40K) [application/octet-stream]
Saving to: ‘/opt/EasyRSA-unix-v3.0.6.tgz’

EasyRSA-unix-v3.0.6   0%[                    ]       0  --.-KB/s               
EasyRSA-unix-v3.0.6 100%[===================>]  39.88K  --.-KB/s    in 0.009s  

2021-02-18 20:05:42 (4.42 MB/s) - ‘/opt/EasyRSA-unix-v3.0.6.tgz’ saved [40840/40840]

Processing triggers for libc-bin (2.28-10) ...
Processing triggers for systemd (241-7~deb10u5) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for openmediavault (5.5.23-1) ...
Updating locale files ...
Updating file permissions ...
Purging internal cache ...
Restarting engine daemon ...
Terminé...

We can see that the EasyRSA download is OK. The install seems to be done as expected:

ls /opt/EasyRSA-v3.0.6/
COPYING.md  README.md             doc      gpl-2.0.txt  openssl-easyrsa.cnf  x509-types
ChangeLog   README.quickstart.md  easyrsa  mktemp.txt   vars.example

Still, if I directly go to create a new certificate, I have the error:

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; /usr/sbin/omv-openvpn add 'eac9f553-a2de-44d9-bffc-f2cdabbb2835' 2>&1' with exit code '2': Easy-RSA error: EASYRSA_PKI does not exist (perhaps you need to run init-pki)? Expected to find the EASYRSA_PKI at: /etc/openvpn/pki Run easyrsa without commands for usage and command help. /opt/EasyRSA-v3.0.6/easyrsa: 319: set: Illegal option -o echo

I found a way to not get the error:

Maybe @ryecoaaron can find a way to avoid noob mistake trying to setup certificate directly after the install. At the beginning, I was thinking that the plugin would setup easy rsa keys at install.

rabelux commented 3 years ago

+1 for running in this rookie mistake...