Open ebarault opened 4 years ago
Hello! First thanks for this image which has worked flawlessly until now!. I have the same problem using latest master... Unable to create new client certs or revoke certs. As I have aarch64 architecture that isn't built on docker hub, I'm unable to build a functioning image now... Must be an update of Easyrsa that's causing the problem.
Regenerating all pki certificates (with ovpn_initpki) solved it for me. The problem seems to come from easyrsa update from 3.0.5 to 3.0.6 which broke compatibility with previously generated certificates (see https://github.com/OpenVPN/easy-rsa/issues/259)
Just for information, https://github.com/JenswBE/wolverine/commit/59a6cb6aa226e3c40a3c3a56a841dc83e322d037 change to use the old image kylemanna/openvpn:2.4
fixed this problem for me.
I fell into this issue and found workaround. The good point is that I didn't need to downgrade to version 2.4.
First thing first, you need to log in to the VPN container.
2 workarounds are
cd /etc/openvpn/pki/
mkdir revoked; chmod 700 revoked/
cd revoked/
mkdir certs_by_serial; mkdir private_by_serial; mkdir reqs_by_serial; chmod 700 *
cd /etc/openvpn/pki/ cp -R revoked/ renewed
- Copy the missing openssl-easyrsa.cnf
cp -a /usr/share/easy-rsa/openssl-easyrsa.cnf /etc/openvpn/pki/
You should be able to add/remove client now.
hi @kylemanna,
After your last docker image build (trigger by this unrelated commit on the Readme file) the
easyrsa build-client-full
command does not work anymore:Sticking to kylemanna/openvpn:2.4 did it for us
cc: @krezreb