OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: rrspyder on February 20, 2016, 11:14:30 pm

Title: [SOLVED] Can't start OpenVPN
Post by: rrspyder on February 20, 2016, 11:14:30 pm

I am experiencing the following error and can't start the OpenVPN service. I have tried completely removing my internal CA Cert, recreating it, and re-creating the OpenVPN server using the wizard. It still results in this error.

Does anyone have any idea what I might be doing wrong? Appreciate the help.

Feb 20 17:12:37    openvpn[11960]: Exiting due to fatal error
Feb 20 17:12:37    openvpn[11960]: Cannot load certificate file /var/etc/openvpn/server1.cert: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Feb 20 17:12:37    openvpn[11960]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 20 17:12:37    openvpn[11674]: library versions: OpenSSL 1.0.2e 3 Dec 2015, LZO 2.09
Feb 20 17:12:37    openvpn[11674]: OpenVPN 2.3.10 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jan 19 2016
Feb 20 17:12:26    

Title: Re: Can't start OpenVPN
Post by: franco on February 22, 2016, 07:31:17 am

Hi rrspyder,

First of all: please upgrade, you're running a vulnerable version of OpenSSL. :)

Secondly, the wizard had a bug that prevented creating a proper certificate[1]. The fix is to upgrade to the latest 16.1 and go through the wizard again. Sorry about that.


Cheers,
Franco

[1] https://github.com/opnsense/core/commit/5dba1153edef425b6b9a1db1e31b872aa0adfe50