search

khavishbhundoo / obfsproxy-openvpn

Bash script to setup openvpn with obfsproxy to defeat censorship
MIT License
111 stars 33 forks source link

Problem with key ? #3

Closed LeVeloute closed 6 years ago

LeVeloute commented 6 years ago

Hi, I follow the tutorial exactly like you. I got this error in OpenVPN : 

Wed Dec 20 09:17:46 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Wed Dec 20 09:17:46 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Dec 20 09:17:46 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Wed Dec 20 09:17:46 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Dec 20 09:17:46 2017 Need hold release from management interface, waiting...
Wed Dec 20 09:17:47 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Dec 20 09:17:47 2017 MANAGEMENT: CMD 'state on'
Wed Dec 20 09:17:47 2017 MANAGEMENT: CMD 'log all on'
Wed Dec 20 09:17:47 2017 MANAGEMENT: CMD 'echo all on'
Wed Dec 20 09:17:47 2017 MANAGEMENT: CMD 'hold off'
Wed Dec 20 09:17:47 2017 MANAGEMENT: CMD 'hold release'
Wed Dec 20 09:17:48 2017 MANAGEMENT: CMD 'username "Auth" "client"'
Wed Dec 20 09:17:48 2017 MANAGEMENT: CMD 'password [...]'
Wed Dec 20 09:17:48 2017 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
Wed Dec 20 09:17:48 2017 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Dec 20 09:17:48 2017 MANAGEMENT: Client disconnected
Wed Dec 20 09:17:48 2017 Cannot load inline certificate file
Wed Dec 20 09:17:48 2017 Exiting due to fatal error

Here is my client-scrambled :


client
dev tun
proto tcp #for obfsproxy, otherwise udp
remote MYVPSIP 21194
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
cipher AES-256-GCM
compress lz4
#Uncomment if you use user/pass authentication
auth-user-pass
block-outside-dns
verb 3
auth SHA512
script-security 2
socks-proxy 127.0.0.1 1050
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
7309351946d52c862d20b92bb9823a2b
f91c0b9e364c342417d89c574d8fd4b2
9c092946c8678e48c6d863206533cf18
ff38b9136c1ad1468de429a6b7fdbe84
2cda9ffb180923a01cf0f9b078676b33
87de54dc48ac5718a65049f8c35277d3
36e84fa49ff1fe15927e605f292ebfe1
d9ba73bed96a862479738e87e0c917d6
117e660e362aaf4663f957f577ac2b4b
bc4ce2d3616be10eae10eded30a0880c
a2e0893a12b0510b2852f53bc2fdc7b4
b7987e458ae88c372983ec242bc7a503
5c861ff54699982bef73421565cae628
cbf71c66bf3064bcdc81ec8fe82897f3
798ac06f91458cc4318277ef969a0c52
dbcbe1cb744d0ec204a81eb216dd6299
-----END OpenVPN Static key V1-----
</tls-crypt>

Do you know how to fix it ? Best regards,

LeVeloute

khavishbhundoo commented 6 years ago

Hello ,

It seems the script is failing to generate the keys when you use user/pass authentication.I have tested the script on a fresh instance from compute engine but i was able to do install successfully.

client dev tun proto tcp #for obfsproxy, otherwise udp remote SERVERIP 21194 resolv-retry infinite nobind persist-key persist-tun cert client.crt key client.key tls-client remote-cert-tls server cipher AES-256-GCM compress lz4

Uncomment if you use user/pass authentication

auth-user-pass block-outside-dns verb 3 auth SHA512 script-security 2 socks-proxy 127.0.0.1 1050

-----BEGIN CERTIFICATE----- MIICJjCCAYigAwIBAgIJAKEtahZCs3LzMAoGCCqGSM49BAMEMBMxETAPBgNVBAMM CENoYW5nZU1lMB4XDTE3MTIyMTE3MDA0MloXDTI3MTIxOTE3MDA0MlowEzERMA8G A1UEAwwIQ2hhbmdlTWUwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGx66PISOkr OzQ1d6PiagEcHv7TeyqZGKVDeQ/9XzRS/o3N/eo1wxBMN1SbOU0yN8NFoHpgJd5d pYovVr6rjpI8/gGr1UHX+Kl9hy/ONiPUyhX34hQDxvAdY07eR07evN3I9sYOS4Am fHB1zD4PwOQsVfSBO+nlmy1ZjY97Rl63CNnqYKOBgTB/MB0GA1UdDgQWBBSyRwZq z9QrE/aEswpdjMf4HWNZ8zBDBgNVHSMEPDA6gBSyRwZqz9QrE/aEswpdjMf4HWNZ 86EXpBUwEzERMA8GA1UEAwwIQ2hhbmdlTWWCCQChLWoWQrNy8zAMBgNVHRMEBTAD AQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDBAOBiwAwgYcCQgCso5gMKfVueuTa bhJvVdijuB17UBU9UY5XzTSfgn8F9MunOZiy3+8CM/LidRzRyh1shh07JFlpWhAw lcWOaaIJJgJBTOTP8IcBMh7i2GxhOXGTCTePEc1zVS4GtEBvmgzdqI69WEspRUYY DdmvjZdzB0ZrRi+Lgp/u2M/eBcRG657l/2w= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICMjCCAZOgAwIBAgIBAjAKBggqhkjOPQQDBDATMREwDwYDVQQDDAhDaGFuZ2VN ZTAeFw0xNzEyMjExNzAwNDJaFw0yNzEyMTkxNzAwNDJaMBMxETAPBgNVBAMMCGto YXZ0ZXN0MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAlVxRQDiVTWnp4nWfpeFs tPDdqCvASfk8Px28Ma/hEu6e/saKSYEPJvGiHdxzduXwOTnRKsXNwLuPfVNr8TC8 P70ABx0F0cnu4oZHdj6PWWCEloMvYvXk6IgA/jGfxC3yMveMY5fSDmkjJZCgHtwE 9Sx/5WgK66r+UJvTdVfpX/mu5ACjgZQwgZEwCQYDVR0TBAIwADAdBgNVHQ4EFgQU PZPy0AY+6CP0d4W6r13rsLncM5AwQwYDVR0jBDwwOoAUskcGas/UKxP2hLMKXYzH +B1jWfOhF6QVMBMxETAPBgNVBAMMCENoYW5nZU1lggkAoS1qFkKzcvMwEwYDVR0l BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMEA4GMADCBiAJC AfgKL2kVZfE7M2drsDgEU3lkCfzN0ApZ661g1H5y0ZP34/dlFtKPt66zHjqxHQtk pOdEQ2nYjfVktwdKY0OYV48xAkIBYqGJ2sQzvvJQ/MxR1BoFotwPeZaKFcinEgTd TX32A5/EXhFQN05sLX/O/H0Nr2y86d7Jsua7QYQxq+354SOZjeY= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAP3g/DGtf3ITp/lzV 044+evlVetD1/RoGBmmXRr34t/WQDwOeFLGI2Z3VqeFMpHVAUYa4hNyOWvONcFAR GPZFzCChgYkDgYYABACVXFFAOJVNaenidZ+l4Wy08N2oK8BJ+Tw/Hbwxr+ES7p7+ xopJgQ8m8aId3HN25fA5OdEqxc3Au499U2vxMLw/vQAHHQXRye7ihkd2Po9ZYISW gy9i9eToiAD+MZ/ELfIy94xjl9IOaSMlkKAe3AT1LH/laArrqv5Qm9N1V+lf+a7k AA== -----END PRIVATE KEY----- -----BEGIN OpenVPN Static key V1----- a807039920072cd183e9e5a821f7f824 6c72b868eff908bedd3b9d5050d8c4e2 6ca789d95190d516500e2e5478f54d39 8e8960e52f50f844de4febdb533ad076 bebd091ca41a241b7957d3697d159f00 c77b8d705f9af6a30c8b517767fb1dc8 90b9f530df9b5e712c04a98bbc42f541 11db72b4d34fcb556028056a438d0d9b 59d074729c56d452f629ced7fccffc98 3a50ba9d952dd852bf39938afe45d794 9c0abef271162c0c6bc37db83c97ae74 cfd886d4de03286ca1e9f6a9694e7936 5dff755d171695a307be4d3a9bdc2871 fa1d744a8473e3d29197e03a80adde24 8719f7712fc93c415f1807fc11d5422a c1590795790ff1850545ecb477501075 -----END OpenVPN Static key V1-----

What files do you have in this directory

$HOME/client-files/$USERNAME/

Replace $USERNAME by the desired username you input during setup

LeVeloute commented 6 years ago

Okay, i will try a fresh install of CENTOS7 and run the script with no user/pass auth.

LeVeloute commented 6 years ago

It's strange.. the keys generation seens to be skipped. No delay between this two prompt : 

Setting Up Keys and Certificates(This might take a while)
Configuring OpenVPN with obfsproxy

In the client folder i have the /scrambled-client.ovpn and ta.key

LeVeloute commented 6 years ago

Line 187 : rsync -av ./EasyRSA-3.0.1/ /etc/openvpn/easy-rsa/

No Yum rsync in the script.. maybe the problem is here ?

khavishbhundoo commented 6 years ago

rsync is installed by default on centos 7 as far as i can tell.

Package rsync-3.0.9-18.el7.x86_64 already installed and latest version

Comment line 184 and 226 and rerun the script on a fresh centos 7 You can use user/pass. Also try using default certificates during the setup , just to try to locate the problem

LeVeloute commented 6 years ago 
[root@vps476906 ~]# rsync
-bash: rsync: command not found

Here what i get about rsync with a fresh install.

So i install rsync ( with yum install rsync ) And just run the script. Now i've got a normal certificate !! Let's try to run it on the client side.

LeVeloute commented 6 years ago

Everything is working now. I think you should add the yum install rsync at the begenning of your script ( just in case ) Thanks a lot for your work and have a good day.