Errors during script execution

[fabiolanza]

Hi, I had errors during the execution of the script. I made the errors bold in the output below. Can you please let me know what I need to do to run it successfully?

System is Debian.

Thanks

root@dmz:/home/fabio# curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 40222  100 40222    0     0   123k      0 --:--:-- --:--:-- --:--:--  123k
root@dmz:/home/fabio# ls
openvpn-install.sh
root@dmz:/home/fabio# chmod +x openvpn-install.sh
root@dmz:/home/fabio# ./openvpn-install.sh
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: 10.0.0.10

It seems this server is behind NAT. What is its public IPv4 address or hostname?
We need it for the clients to connect to the server.
Public IPv4 address or hostname: my.private.domain

Checking for IPv6 connectivity...

Your host does not appear to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: n

What port do you want OpenVPN to listen to?
   1) Default: 1194
   2) Custom
   3) Random [49152-65535]
Port choice [1-3]: 1

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
   1) UDP
   2) TCP
Protocol [1-2]: 1

What DNS resolvers do you want to use with the VPN?
   1) Current system resolvers (from /etc/resolv.conf)
   2) Self-hosted DNS Resolver (Unbound)
   3) Cloudflare (Anycast: worldwide)
   4) Quad9 (Anycast: worldwide)
   5) Quad9 uncensored (Anycast: worldwide)
   6) FDN (France)
   7) DNS.WATCH (Germany)
   8) OpenDNS (Anycast: worldwide)
   9) Google (Anycast: worldwide)
   10) Yandex Basic (Russia)
   11) AdGuard DNS (Anycast: worldwide)
   12) NextDNS (Anycast: worldwide)
   13) Custom
DNS [1-12]: 3

Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
Enable compression? [y/n]: n

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...
Hit:1 http://deb.debian.org/debian buster InRelease
Get:2 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:3 http://deb.debian.org/debian buster-updates InRelease [49.3 kB]
Fetched 115 kB in 0s (479 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20190110).
ca-certificates set to manually installed.
gnupg is already the newest version (2.2.12-1+deb10u1).
gnupg set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20190110).
curl is already the newest version (7.64.0-4+deb10u1).
iptables is already the newest version (1.8.2-4).
openssl is already the newest version (1.1.1d-0+deb10u3).
openssl set to manually installed.
wget is already the newest version (1.20.1-1.1).
The following additional packages will be installed:
  easy-rsa libccid libglib2.0-0 libglib2.0-data liblzo2-2 libpcsclite1 libpkcs11-helper1 opensc opensc-pkcs11 pcscd shared-mime-info xdg-user-dirs
Suggested packages:
  pcmciautils resolvconf openvpn-systemd-resolved
The following NEW packages will be installed:
  easy-rsa libccid libglib2.0-0 libglib2.0-data liblzo2-2 libpcsclite1 libpkcs11-helper1 opensc opensc-pkcs11 openvpn pcscd shared-mime-info xdg-user-dirs
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,437 kB of archives.
After this operation, 24.2 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 easy-rsa all 3.0.6-1 [37.9 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 libccid amd64 1.4.30-1 [334 kB]
Get:3 http://deb.debian.org/debian buster/main amd64 libglib2.0-0 amd64 2.58.3-2+deb10u2 [1,258 kB]
Get:4 http://deb.debian.org/debian buster/main amd64 libglib2.0-data all 2.58.3-2+deb10u2 [1,110 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 liblzo2-2 amd64 2.10-0.1 [56.1 kB]
Get:6 http://deb.debian.org/debian buster/main amd64 libpcsclite1 amd64 1.8.24-1 [58.5 kB]
Get:7 http://deb.debian.org/debian buster/main amd64 libpkcs11-helper1 amd64 1.25.1-1 [47.6 kB]
Get:8 http://deb.debian.org/debian buster/main amd64 opensc-pkcs11 amd64 0.19.0-1 [826 kB]
Get:9 http://deb.debian.org/debian buster/main amd64 opensc amd64 0.19.0-1 [305 kB]
Get:10 http://deb.debian.org/debian buster/main amd64 openvpn amd64 2.4.7-1 [490 kB]
Get:11 http://deb.debian.org/debian buster/main amd64 pcscd amd64 1.8.24-1 [95.3 kB]
Get:12 http://deb.debian.org/debian buster/main amd64 shared-mime-info amd64 1.10-1 [766 kB]
Get:13 http://deb.debian.org/debian buster/main amd64 xdg-user-dirs amd64 0.17-2 [53.8 kB]
Fetched 5,437 kB in 1s (6,699 kB/s)
Preconfiguring packages ...
Selecting previously unselected package easy-rsa.
(Reading database ... 75929 files and directories currently installed.)
Preparing to unpack .../00-easy-rsa_3.0.6-1_all.deb ...
Unpacking easy-rsa (3.0.6-1) ...
Selecting previously unselected package libccid.
Preparing to unpack .../01-libccid_1.4.30-1_amd64.deb ...
Unpacking libccid (1.4.30-1) ...
Selecting previously unselected package libglib2.0-0:amd64.
Preparing to unpack .../02-libglib2.0-0_2.58.3-2+deb10u2_amd64.deb ...
Unpacking libglib2.0-0:amd64 (2.58.3-2+deb10u2) ...
Selecting previously unselected package libglib2.0-data.
Preparing to unpack .../03-libglib2.0-data_2.58.3-2+deb10u2_all.deb ...
Unpacking libglib2.0-data (2.58.3-2+deb10u2) ...
Selecting previously unselected package liblzo2-2:amd64.
Preparing to unpack .../04-liblzo2-2_2.10-0.1_amd64.deb ...
Unpacking liblzo2-2:amd64 (2.10-0.1) ...
Selecting previously unselected package libpcsclite1:amd64.
Preparing to unpack .../05-libpcsclite1_1.8.24-1_amd64.deb ...
Unpacking libpcsclite1:amd64 (1.8.24-1) ...
Selecting previously unselected package libpkcs11-helper1:amd64.
Preparing to unpack .../06-libpkcs11-helper1_1.25.1-1_amd64.deb ...
Unpacking libpkcs11-helper1:amd64 (1.25.1-1) ...
Selecting previously unselected package opensc-pkcs11:amd64.
Preparing to unpack .../07-opensc-pkcs11_0.19.0-1_amd64.deb ...
Unpacking opensc-pkcs11:amd64 (0.19.0-1) ...
Selecting previously unselected package opensc.
Preparing to unpack .../08-opensc_0.19.0-1_amd64.deb ...
Unpacking opensc (0.19.0-1) ...
Selecting previously unselected package openvpn.
Preparing to unpack .../09-openvpn_2.4.7-1_amd64.deb ...
Unpacking openvpn (2.4.7-1) ...
Selecting previously unselected package pcscd.
Preparing to unpack .../10-pcscd_1.8.24-1_amd64.deb ...
Unpacking pcscd (1.8.24-1) ...
Selecting previously unselected package shared-mime-info.
Preparing to unpack .../11-shared-mime-info_1.10-1_amd64.deb ...
Unpacking shared-mime-info (1.10-1) ...
Selecting previously unselected package xdg-user-dirs.
Preparing to unpack .../12-xdg-user-dirs_0.17-2_amd64.deb ...
Unpacking xdg-user-dirs (0.17-2) ...
Setting up xdg-user-dirs (0.17-2) ...
Setting up libccid (1.4.30-1) ...
Setting up libglib2.0-0:amd64 (2.58.3-2+deb10u2) ...
**No schema files found: doing nothing.**
Setting up liblzo2-2:amd64 (2.10-0.1) ...
Setting up libpkcs11-helper1:amd64 (1.25.1-1) ...
Setting up opensc-pkcs11:amd64 (0.19.0-1) ...
Setting up libglib2.0-data (2.58.3-2+deb10u2) ...
Setting up shared-mime-info (1.10-1) ...
Setting up libpcsclite1:amd64 (1.8.24-1) ...
Setting up easy-rsa (3.0.6-1) ...
Setting up openvpn (2.4.7-1) ...
[ ok ] Restarting virtual private network daemon.:.
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn.service → /lib/systemd/system/openvpn.service.
Setting up opensc (0.19.0-1) ...
Setting up pcscd (1.8.24-1) ...
Created symlink /etc/systemd/system/sockets.target.wants/pcscd.socket → /lib/systemd/system/pcscd.socket.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for mime-support (3.62) ...
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for systemd (241-7~deb10u4) ...
--2020-06-01 08:20:58--  https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-3.0.7.tgz
Resolving github.com (github.com)... 140.82.118.3
Connecting to github.com (github.com)|140.82.118.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/0fa24e00-72ba-11ea-9afe-6e5829eec4a4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200601%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200601T061911Z&X-Amz-Expires=300&X-Amz-Signature=5adaba5c52ee41e814149ccce3cd4125b83dfd5c988df40d61a45456977cfa06&X-Amz-SignedHeaders=host&actor_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.0.7.tgz&response-content-type=application%2Foctet-stream [following]
--2020-06-01 08:20:58--  https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/0fa24e00-72ba-11ea-9afe-6e5829eec4a4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200601%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200601T061911Z&X-Amz-Expires=300&X-Amz-Signature=5adaba5c52ee41e814149ccce3cd4125b83dfd5c988df40d61a45456977cfa06&X-Amz-SignedHeaders=host&actor_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.0.7.tgz&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.217.32.228
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.217.32.228|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 48215 (47K) [application/octet-stream]
Saving to: ‘/root/easy-rsa.tgz’

/root/easy-rsa.tgz                               100%[==========================================================================================================>]  47.08K  --.-KB/s    in 0.1s

2020-06-01 08:20:59 (441 KB/s) - ‘/root/easy-rsa.tgz’ saved [48215/48215]

Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki

Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019
read EC key
writing EC key

Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019
Generating an EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/easy-rsa-9371.T6EwIA/tmp.I20Dj6'
-----
Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-9371.T6EwIA/tmp.qZr9rN
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'server_lTD0V9OkkYChst6e'
Certificate is to be certified until Sep  4 06:20:59 2022 GMT (825 days)

Write out database with 1 new entries
Data Base Updated

Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019
Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-9448.NVhm5o/tmp.Jt3mSc

An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem

**./openvpn-install.sh: line 735: openvpn: command not found
./openvpn-install.sh: line 903: sysctl: command not found**
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn@server.service → /etc/systemd/system/openvpn@.service.
**Job for openvpn@server.service failed because the control process exited with error code.**
See "systemctl status openvpn@server.service" and "journalctl -xe" for details.
Created symlink /etc/systemd/system/multi-user.target.wants/iptables-openvpn.service → /etc/systemd/system/iptables-openvpn.service.

Tell me a name for the client.
Use one word only, no special characters.
Client name: fabio

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
   1) Add a passwordless client
   2) Use a password for the client
Select an option [1-2]: 1

Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019
Generating an EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/easy-rsa-9602.AJyvSU/tmp.jGj7iG'
-----
Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-9602.AJyvSU/tmp.mn1FAt
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'fabio'
Certificate is to be certified until Sep  4 06:21:36 2022 GMT (825 days)

Write out database with 1 new entries
Data Base Updated

Client fabio added.
**cat: /etc/openvpn/tls-crypt.key: No such file or directory**

The configuration file has been written to /home/fabio/fabio.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

[randshell]

See https://github.com/angristan/openvpn-install/issues/593#issuecomment-606007954

[Shootify]

i have the same issue!