Cat: error with easyTLS 2.7.0 (most recent) in combination with easyRSA 3.1.0 (most recent)

[JackAprilia]

Am busy setting up an openVPN environment. Am using windows 10.

I have installed easyRSA most recent (3.1.0) and then worked on easyTLS most recent (2.7.0).

EasyTLS is unable to find some of the files it needs. It seems easyRSA has put some of its files on windows locations where easyTLS can no longer find them. Was able to modify the easyTLS script so that it finds the files. One change the script needed as changing "easy-RSA" into "easyRSA" (without the "-"). With this the script runs better.

I have been able to change the windows file locations in the easyTLS script but I am reaching a point where it gets too complicated for my level of understanding.

I am stuck with following error:

EasyRSA Shell
# ./easytls init-tls

WARNING!!!

You are about to remove the EASYTLS_PKI at: C:/program files/openvpn/easyRSA/pki/easytls
and initialize a fresh TLS PKI here.

  Type the word 'yes' to continue, or any other input to abort.

  Confirm removal: yes

Saved CA Identity: C:/program files/openvpn/easyRSA/pki/easytls/data/easytls-ca-identity.txt
cat: C:/program: No such file or directory
cat: files/openvpn/easyRSA/pki/easytls/data/easytls-inline-index.txt: No such file or directory
cat: C:/program: No such file or directory
cat: files/openvpn/easyRSA/pki/easytls/data/easytls-key-index.txt: No such file or directory
cat: C:/program: No such file or directory
cat: files/openvpn/easyRSA/pki/easytls/data/easytls-config.txt: No such file or directory
cat: C:/program: No such file or directory
cat: files/openvpn/easyRSA/pki/easytls/data/easytls-disabled-list.txt: No such file or directory
Easy-TLS 2.7.0.0.0
OpenVPN 2.5.7
OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
Error: save_faster_hash/validate_hash

ERROR:
validate_hash - forbidden_hash

[TinCanTech]

The problem appears to be due to the space between Program and files.

For simplicity, you could copy your entire Easy-RSA folder to a path without a space. eg. C:\users\$user_name\easyrsa\ or even C:\easyrsa

I'll test this locally..

[TinCanTech]

This is what I get on Windows 7:

Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.

Invoke './easyrsa' to call the program. Without commands, help is displayed.

EasyRSA Shell
# ./easytls init-tls

WARNING!!!

You are about to remove the EASYTLS_PKI at: C:/easy-rsa/mas ter/easyrsa3/pki/easytls
and initialize a fresh TLS PKI here.

  Type the word 'yes' to continue, or any other input to abort.

  Confirm removal: yes

Saved CA Identity: C:/easy-rsa/mas ter/easyrsa3/pki/easytls/data/easytls-ca-identity.txt

init-tls complete; you may now create TLS keys and .inline files.
  Your newly created TLS dir is:

    C:/easy-rsa/mas ter/easyrsa3/pki/easytls

To configure your Easy-TLS custom group now, use:
    'easytls config custom.group YOUR_GROUP'

To configure your Easy-TLS temporary directory now, use:
    'easytls config tmp.dir YOUR_DIR'

Recommended temporary directory setting:
    Windows - C:/Windows/Temp (Use '/' NOT '\')

EasyRSA Shell
#

Note: There is a space in the path C:/easy-rsa/mas ter/easyrsa3/... and it works for me.

I have no idea why it does not work for you ..

[TinCanTech]

The only problem I can imagine is that your user does not have sufficient access rights to work in C:\Program Files\.

[JackAprilia]

The script is running in the windows CMD command prompt that I opened as administator. All other read/write activities that easyRSA and easyTLS do seem okay. EasyTLS creates a "PKI" directory at initiation, creates subdirs "easyTLS/data" plus various files and "easyTLS/metadata".

[TinCanTech]

Even Windows 10 version 1803:

EasyRSA Shell
# ./easytls init-tls

Saved CA Identity: C:/Program Files/OpenVPN/easy-rsa/pki/easytls/data/easytls-ca-identity.txt

init-tls complete; you may now create TLS keys and .inline files.
  Your newly created TLS dir is:

    C:/Program Files/OpenVPN/easy-rsa/pki/easytls

To configure your Easy-TLS custom group now, use:
    'easytls config custom.group YOUR_GROUP'

To configure your Easy-TLS temporary directory now, use:
    'easytls config tmp.dir YOUR_DIR'

Recommended temporary directory setting:
    Windows - C:/Windows/Temp (Use '/' NOT '\')

EasyRSA Shell
#

[JackAprilia]

I have changed C:/Program Files/OpenVPN/easyRSA into C:/Program Files/OpenVPN/easy-RSA (added the "-") and moved openssl.exe from the OpenVPN/easy-RSA directory where easyRSA had put it to the OpenVPN/bin directory. Changed this in Vars and did another easyRSA init and build-ca.

The easyTLS init error remains the same. Some parts of the script seem to have difficulties in handling the space between "program" and "files" in the directory name.

[TinCanTech]

It all works for me ..

If you figure out what the problem is on your end then please let me know :+1:

[JackAprilia]

Got it working now

Changed the directory names so easyTLS can read what it expects, such as "easy-RSA". Do not use "easyRSA" in the directory pathname. Put openssl.exe where easyTLS expects it.

My mistake was trying to change this in the script. Apologies for the work I have caused you and thanks for your help.

[TinCanTech]

The impression I have from this is that you started to try to solve the problem by editing the script. That is not a very good way to start because then you have private code which I'm not able to check.

If you think you can improve the script from your experience with it then please submit a pull request, I am open to development and improvements.

Don't worry about taking up my time, even if we haven't found a bug it was good to double check things with another person. :beers: It's not like I'm snowed under by user problems ;-)