I upgraded Turris 1.0 to new OS 3.10 and have lost OpenVPN connectivity. In /var/log/messages I can see missing /etc/dhparam/dh-default.pem
Before upgrade, the config file was there in OS3.9.6. Seems upgrade removed this config file.
Already discussed in the past via OpenVPN - port closed
Would you be so kind and copy the solution here in English?
Thank you!
OpenVPN server needs certificate in pem file. Some example files are distributed during install and should be located in /etc/dhparam/. In my config I have dh4096.pem and dh2048.pem but default openvpn config search for dh-default.pem.
Possible sollution:
change name of PEM file in cfg file and update line
"option dh '/etc/dhparam/dh-default.pem"
or
Copy one of existing pem files to /etc/dhparam/dh-default.pem
If there is no pem file, you have to generate some by easy-rsa tool. See Wiki at https://openvpn.net/index.php/open-source/documentation/howto.html#config
IMHO no need to copy the file, just a symlink will do, in my case it’s dh2048 (default settting, I didn’t change anything). I have Turris 1.1.