Error in ovpn_initpki step

[jfabaf]

I get an error following these steps:

$ OVPN_DATA="ovpn-data-example" $ docker volume create --name $OVPN_DATA ovpn-data-example $ docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://mydomain.domain.com Processing PUSH Config: 'block-outside-dns' Processing Route Config: '192.168.254.0/24' Processing PUSH Config: 'dhcp-option DNS 8.8.8.8' Processing PUSH Config: 'dhcp-option DNS 8.8.4.4' Processing PUSH Config: 'comp-lzo no' Successfully generated config Cleaning up before Exit ... $ docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

Easy-RSA error:

The file '/etc/openvpn/vars' was not found. $

And this is the inspect image: $ docker image inspect ab1fbba0c26a [ { "Id": "sha256:ab1fbba0c26a2ec2b7f7b036019f62a8f1b140360f213d0ec3e631632a00eb1e", "RepoTags": [ "kylemanna/openvpn:latest" ], "RepoDigests": [ "kylemanna/openvpn@sha256:df102baf6c5ed6d1ed359b115468cad05f20d91b77c3f60df718dcb3aa87ed11" ], "Parent": "", "Comment": "", "Created": "2020-09-16T22:25:44.497239782Z", "Container": "", "ContainerConfig": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "1194/udp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "OPENVPN=/etc/openvpn", "EASYRSA=/usr/share/easy-rsa", "EASYRSA_PKI=/etc/openvpn/pki", "EASYRSA_VARS_FILE=/etc/openvpn/vars", "EASYRSA_CRL_DAYS=3650" ], "Cmd": [ "/bin/sh", "-c", "#(nop) ADD file:f5e1623fe7d37eb4d5c5cf148be943a7787760fa4f3a4b7cbd972978f8e7eeba in /etc/pam.d/ " ], "Image": "sha256:6bc9355550e503e3072d67f39b1d8edfd8f092a5062b723db20842d61f68868c", "Volumes": { "/etc/openvpn": {} }, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "Kyle Manna kyle@kylemanna.com" } }, "DockerVersion": "19.03.8", "Author": "", "Config": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "1194/udp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "OPENVPN=/etc/openvpn", "EASYRSA=/usr/share/easy-rsa", "EASYRSA_PKI=/etc/openvpn/pki", "EASYRSA_VARS_FILE=/etc/openvpn/vars", "EASYRSA_CRL_DAYS=3650" ], "Cmd": [ "ovpn_run" ], "Image": "sha256:6bc9355550e503e3072d67f39b1d8edfd8f092a5062b723db20842d61f68868c", "Volumes": { "/etc/openvpn": {} }, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "Kyle Manna kyle@kylemanna.com" } }, "Architecture": "amd64", "Os": "linux", "Size": 14989966, "VirtualSize": 14989966, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/3704cbddc722e9c80fee83ed0b2109d0493e3ea71abbfea6f169b50b6a46b7a5/diff:/var/lib/docker/overlay2/181ead4cb5389e34e13000945ec423e8ad0e4281e4e4de4a8b1b0145379ff220/diff:/var/lib/docker/overlay2/5232bb63cb3efad1d4d778565c26a9ea8be64c1e71151339783685f2d7341ef0/diff:/var/lib/docker/overlay2/2735528b63f5514c5e36c015d6309040e4dd7ac6736fab58f4904e1bb71659c6/diff", "MergedDir": "/var/lib/docker/overlay2/160271fd415c90eacce7332eacf0f615266b053c62f949b111c743efc0e56912/merged", "UpperDir": "/var/lib/docker/overlay2/160271fd415c90eacce7332eacf0f615266b053c62f949b111c743efc0e56912/diff", "WorkDir": "/var/lib/docker/overlay2/160271fd415c90eacce7332eacf0f615266b053c62f949b111c743efc0e56912/work" }, "Name": "overlay2" }, "RootFS": { "Type": "layers", "Layers": [ "sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a", "sha256:4153c186e93869c85df24963cd6ce858c94d49a9c2d4e76a7b60dd5337652fca", "sha256:154b2f32f5de3bb4b8d5b011de2d1bec6d05765fc56e02e7872952a6b76437b8", "sha256:cee99277d16b8a789375ad3ecec87ee987af15d82d5df1fb612655dc752e6239", "sha256:876ac36d245ace388d295683f634a98787a5726210e3f408ce776630fd6ddb89" ] }, "Metadata": { "LastTagTime": "0001-01-01T00:00:00Z" } } ]

Thank you in advance.

[Keviinplz]

If you need it urgent, you can do the following:

• If you are not a root user, sudo chown -R ${whoami} ./openvpn-data/
• Go to openvpn-data/conf
• Create a vars file with nano or vim, in this case, im gonna use vim vim vars
• Add default vars, for example, in this page here or here

Then continue! :)

EDIT: I use this vars in vars file following Digital Ocean tutorial page here set_var EASYRSA_ALGO "ec" set_var EASYRSA_DIGEST "sha512"

[joeky888]

For those getting the error The file '/etc/openvpn/vars' was not found.

Add touch /etc/openvpn/vars before ovpn_initpki like this

docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://mydomain.domain.com
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn touch /etc/openvpn/vars
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_initpki

[pcwii]

@joeky888 This worked thank you!

[LuisEnMarroquin]

@joeky888 Yes, that works. Someone should add that to the README.md, same thing happened to me

[jfabaf]

@joeky888 Thanks, It works perfectly. @Keviinplz Transks, your solution works too but it's more complicated.

[joeky888]

601

[madnanadnan]

The error still persists after adding touch or vars file with the variables. If you were to restart the service or stop it and start it again, sometimes you get this error, and at that point you cannot do anything besides reinstall the entire OpenVPN Service just to get past it. This is a SEVERE issue that needs to be addressed. @joeky888 @Keviinplz

[joeky888]

If you were to restart the service or stop it and start it again, sometimes you get this error,

@madnanadnan Do you use docker volumes to keep the var file?

[madnanadnan]

@joeky888 I do indeed. However I also have a vars file in etc/openvpn populated with the variables.

[joeky888]

So if you override the docker command like this

docker run -d --cap-add=NET_ADMIN kylemanna/openvpn sh -c "touch /etc/openvpn/vars && ovpn_run"

Or like this if you are using docker-compose and ipv6

version: '2.1'
services:
  openvpn:
    cap_add:
     - NET_ADMIN
     - SYS_MODULE
    image: kylemanna/openvpn
    container_name: openvpn
    ports:
     - "1194:1194/udp"
    restart: always
    command: ["sh", "-c", "touch /etc/openvpn/vars && ovpn_run"] # <-- Add this line
    volumes:
      - /home/vpn/openvpn:/etc/openvpn
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.default.forwarding=1
      - net.ipv6.conf.all.forwarding=1
    networks:
      network-openvpn:

networks:
  network-openvpn:
    enable_ipv6: true
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.27.1.0/24
        - subnet: fdcb:37eb:3cf0:73c3::/64

Does this help?

[madnanadnan]

@joeky888 I'll check when I run into the problem again, but this is for the initial setup stage? getting past the initial steps isn't the problem, its more so when I go back to add clients to the VPN server, I end up getting no vars error. Will this work for when building new clients?

[joeky888]

but this is for the initial setup stage?

I guess you may need to add this command for both initial setup and starting the server step.

Will this work for when building new clients?

Probably, you can also prepend some commands when building new clients if it doesn't work for you

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn sh -c "touch /etc/openvpn/vars && easyrsa build-client-full CLIENTNAME nopass"

[madnanadnan]

@joeky888 I get the following error

Note: using Easy-RSA configuration from: /etc/openvpn/vars

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)? Expected to find the EASYRSA_PKI at: /etc/openvpn/pki Run easyrsa without commands for usage and command help.

when running: docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn sh -c "touch /etc/openvpn/vars && easyrsa build-client-full CLIENTNAME"

[madnanadnan]

@joeky888 There is a pathing problem. When I add ovpn-data-example instead of $OVPN_DATA at the start of the command it works fine, I guess I didn't set the path properly? maybe export is needed, who knows. But MANY MANY MANY Thanks for the swift replies, I really appreciate it :)