Open lattice0 opened 5 years ago
Same here. I cannot generate client certs anymore
bash-4.4# easyrsa build-client-full xxxxxx nopass
Can't load /etc/openvpn/pki/.rnd into RNG
3069318312:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:88:Filename=/etc/openvpn/pki/.rnd
Generating a RSA private key
.+++++
..+++++
writing new private key to '/etc/openvpn/pki/private/xxxxxx.key.XXXXacfgIp'
-----
Using configuration from /usr/share/easy-rsa/openssl-easyrsa.cnf
Can't load /etc/openvpn/pki/.rnd into RNG
3069359272:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:88:Filename=/etc/openvpn/pki/.rnd
The same :( I enter the same pass 3 times, but at the end I get the same error
The same
Ok, so I'd tried commenting a line in /usr/share/easy-rsa/openssl-easyrsa.cnf
as suggested here https://github.com/OpenVPN/easy-rsa/issues/261#issuecomment-444408090, but then another error appears:
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
unable to load CA private key
3069711528:error:0607606B:digital envelope routines:PKCS5_v2_PBE_keyivgen:unsupported cipher:crypto/evp/p5_crpt2.c:169:
3069711528:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure:crypto/evp/evp_pbe.c:130:
3069711528:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:crypto/pkcs12/p12_decr.c:41:
3069711528:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
3069711528:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
Easy-RSA error:
signing failed (openssl output above may have more detail)
~~It leaves me assuming that packages in alpine linux have broken their dependencies. But strange enough I don't remember rebuilding the image.. (only then it downloads packages) Ok!~~
EDIT: I tried my skills in fixing this by changing the base image to debian and then looking at the dependencies. I have a working Dockerfile if anyone's interested btw. But then I wanted to find the actual reason for the error in the existing configuration. So have been playing with dependencies of Alpine version yesterday, but suddenly the problem has disappeared. I cannot reproduce the error. It works for me now.
Try rebuilding your image (with git clone, cd into it and docker build --no-cache -t kylemanna/openvpn .
)
I was having the same issue, even when rebuilding from master like @amateusz suggested, but then I tried using a stronger password and it worked. Maybe there is some password-entropy requirement that fails with an unhelpful error message. It is most likely an EasyRSA problem rather than a problem with this repo.
tldr: use a stronger password
Edited Dockerfile and replaced
FROM alpine:latest
with
FROM alpine:3.8
And worked. I guess it is unstable docker image file.
I have the same issue. ... e is 65537 (0x010001) Can't load /etc/openvpn/pki/.rnd into RNG 140618083146600:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:98:Filename=ls.rnd ...
Tried several password from complex to simple. No success.
easy-rsa issue https://github.com/OpenVPN/easy-rsa/issues/261 seems related and is fixed now. Is this (one of) the root causes?
I also have the same issue. Stronger password does not seem to help. Any fix or suggestions?
I am also also having the same issue. It worked a month ago, now I can't sign request, though I can generate them. I was just starting to feel like I had easyRSA and openVPN figured out, now it doesn't work. ... Enter pass phrase for /home/dknots/EasyRSA-3.0.4/pki/private/ca.key: unable to load CA private key 139714059077264:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:544: 139714059077264:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:104: 139714059077264:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130: 139714059077264:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132: ...
Doesn't seem like the latest alpine image (3.10.1 as of this post) has fixed this issue. The solution that @deepsidhu1313 suggested is what's working for me too
I also encountered same issue on a headless server, and the problem for me at least, seems to have been that the entropy on my device was rather low (around 700, checked by _ cat /proc/sys/kernel/random/entropyavail), because running haveged generator immediately solved the problem. Is it possible low entropy has something to do with this issue?
I had this issue too. I read for example here that smashing your keyboard while generating dh parameters would speed up this process. This is bad in this case, as characters typed while generating dh params in the same shell are not lost and are instead part of the passphrase inserted afterwards, which makes the passphrase invalid.
So make sure to type the same amount of backspace if you typed on your keyboard while generating dh params
To create entropy you can instead use a different shell on the server.
Maybe the usability could be improved here or mention this in the README/docs.
this issue is a duplicate of #323 and #148
I have the same issue :(((
Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020
Generating a RSA private key
.+++++
...........................................+++++
writing new private key to '/etc/openvpn/pki/easy-rsa-1.MANEBF/tmp.ImFLdD'
-----
Using configuration from /etc/openvpn/pki/easy-rsa-1.MANEBF/tmp.eNAJap
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
User interface error
139850348707144:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:545:while reading strings
unable to load CA private key
139850348707144:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:583:
139850348707144:error:0906A065:PEM routines:PEM_do_header:bad decrypt:crypto/pem/pem_lib.c:461:
Easy-RSA error:
signing failed (openssl output above may have more detail)
Easy-RSA error:
Failed to sign 'user'
I removed the image and downloaded it again, but it's not working. I want to run this image on synology NAS, anyone could help me?
Thanks
I'm pretty sure I'm using the same password I've inputted before. What could be happening?