Openvpn 2.3.8 on Windows 7 x64 can't creat client key

[BAN003]

Hi.
I have Openvpn 2.3.8 on Windows 7 x64.
I startet the first configuration following this link : https://community.openvpn.net/openvpn/w ... dows_Guide.
When I reach the point 3.a
(For each client, choose a name to identify that computer, such as "mike-laptop" in this example. (build-key mike-laptop) I have the error : WARNING : can't open config file: /etc/ssl/openssl.cnf

Do I need to install openssl also? isn't included in openvpn?

Best regards.

[Traffic]

It is only a warning and I presume the client keys were successfully built ?

You can resolve the warning by placing a copy of easy-rsa\openssl-1.0.0.cnf
in C:\etc\ssl\openssl-1.0.0.cnf but I do not believe it is required.

Also, you can try a newer version of easy-rsa:
https://github.com/OpenVPN/easy-rsa/releases

[BAN003]

Hi traffic.
Thanks for your help.
I tried to copy openssl-1.0.0.conf in C:\etc\ssl but now I have a different problem

If I want try to install a new easy-rsa, I need a C++ compiler?

Best regards?

[BAN003]

Hi traffic. Thanks for your help.
The client keys are not built.
now I have c:\etc\ssl\openssl.conf file but the problem is not solved.
Now I have this error : [img]the%20client%20keys%20were%20successfully%20built[/img]

Best regards

[Traffic]

If I want try to install a new easy-rsa, I need a C++ compiler?

No .. just download the latest zip file from the link I gave you, read the instructions and start using easy-rsa 3.

[BAN003]

Hi traffic.
Ok easyrsa3.0.0 is working without error
now I want create a connection from this 2 address :
server : 192.168.2.2 (server)
BAN002 : 192.168.1.30 (Client)

following the quick start.html this is the sequence of the istruction :

in my 192.168.2.2 PC (Sever)

./easyrsa init-pki to clear PKI directory or to create a new one if not exist.
./easyrsa build-ca to create thi CA.key files
./easyrsa gen-req EntityName where EntityName will be server for my server. Is this correct?

after that I need to create the client :

./easyrsa gen-req BAN002 to create BAN002
./easyrsa sign-req client BAN002 and sign it

copy ca.crt, BAN002.crt, BAN002.KEY to the client in the same directory of client.ovpn.
Where is ca.crt??? I have only ca.key

This will be the server.ovpn :
port 1194

proto udp

dev tun

ca "C:\\Program Files\\OpenVPN\\EasyRSA-3.0.0-rc2\\pki\\issued\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\EasyRSA-3.0.0-rc2\\pki\\issued\\server.crt"
key "C:\\Program Files\\OpenVPN\\EasyRSA-3.0.0-rc2\\pki\\private\\server.key" # This file should be kept secret

dh dh2048.pem

server 10.4.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

comp-lzo

persist-key
persist-tun

status openvpn-status.log

verb 9

Is it ok?
best regards

[Traffic]

Where is ca.crt??? I have only ca.key

ca "C:\\Program Files\\OpenVPN\\EasyRSA-3.0.0-rc2\\pki\\issued\\ca.crt"

You found it then ..

verb 9

Is it ok?

verb 9 is too much .. verb 4 is sufficient.

Your config looks normal, I would advise you implement --tls-auth .. See The Manual v23x

[BAN003]

Hi traffic
The following configuration is working to connect 2 computer in the same LAN but I can't ping 192.168.1.151 from 192.168.1.2.
If I try to ping 192.168.1.2 from 192.168.1.151 everithing is working good.

IP 192.168.1.151

Code: Select all

dev tap
ifconfig 10.3.0.2 255.255.255.0
secret key.txt
ping 10
comp-lzo
verb 4
mute 10

IP 192.168.1.2

Code: Select all

dev tap
ifconfig 10.3.0.3 255.255.255.0
#Lan Connection.  add # for internet connection
remote 192.168.1.2
#Only for internet connection. add # for lan connection
remote test.ddns.net
secret key.txt
ping 10
comp-lzo
verb 4
mute 10

Where is my mistake?

PS. The configuration in the previous post don't work.

Best Regards

[Traffic]

I can't ping 192.168.1.151 from 192.168.1.2.
If I try to ping 192.168.1.2 from 192.168.1.151 everithing is working good

I presume these are both machines in your Private LAN ?

[BAN003]

Hi traffic.
Yes. The lan is the same.

Inviato dal mio GT-I9301I utilizzando Tapatalk

[Traffic]

Then it is most likely a firewall blocking you.

[Fabrizio]

The problem is solved.
With Windows 7 in a domain it is impossible to create key in the OpenVpn default folder.
it is better to install OpenVPN in a different folder and change the attribute.

Now I need to configure everithing to work, but this is a different problem:)

Thanks to traffic.

This post can be close

[Traffic]

With Windows 7 in a domain it is impossible to create key in the OpenVpn default folder

You require administrator privileges to write to %SystemDrive%\Program Files\*

You also require administrator privileges to run openvpn successfully ..

Also, please post your logs at --verb 4 if you need further help.