I’ve had openVPN setup and working some time ago. Now I need it. However, it has silently broken since I tested it back then.
/var/log/messages contains this bit of text, explaining that six attempts to start were made, but all failed due to lack of a certificate.
2017-06-22T20:02:22+02:00 notice openvpn(server_turris)[5711]: OpenVPN 2.4.2 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2017-06-22T20:02:22+02:00 notice openvpn(server_turris)[5711]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
2017-06-22T20:02:22+02:00 notice openvpn(server_turris)[5711]: Diffie-Hellman initialized with 2048 bit key
2017-06-22T20:02:22+02:00 err openvpn(server_turris)[5711]: OpenSSL: error:02001002:lib(2):func(1):reason(2)
2017-06-22T20:02:22+02:00 err openvpn(server_turris)[5711]: OpenSSL: error:2006D080:lib(32):func(109):reason(128)
2017-06-22T20:02:22+02:00 err openvpn(server_turris)[5711]: OpenSSL: error:140AD002:lib(20):func(173):reason(2)
2017-06-22T20:02:22+02:00 err openvpn(server_turris)[5711]: Cannot load certificate file /etc/ssl/ca/openvpn/01.crt
2017-06-22T20:02:22+02:00 notice openvpn(server_turris)[5711]: Exiting due to fatal error
2017-06-22T20:02:22+02:00 info procd[]: Instance openvpn::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Stock Turris OS v3.6.5, no hanky-panky or clever mods apart from an internal SSD holding a LXC Debian container with a prestashop/HomeAssistant install.
Foris tells me “No certificate authority”. Clicking “Generate CA” gives nothing but a small ‘wait’-animation and eventually timeout.
I’ve tried removing openvpn, reboot, reinstalling it and reboot to see if that helped. No cigar.
Reading about openvpn setup, I’m told initial CA generation is done using a helper tool named easy-rsa. No such tool available on turris, apparently.
Question: How do I get that certificate named 01.crt made?