I have performed all the usual steps using apt-get to install openvpn and it got me version 2.4.0
Previous installations I have done on Raspbian Wheezy ended up with 2.1.xx.
On 2.4.0 easy-rsa is part of the install but is hidden in /usr/share/easy-rsa, so I copied it to /etc/openvpn/easy-rsa
Now I have edited the vars script and it seemed satisfied after I replaced the double quotes in these lines:
Code: Select all
export EASY_RSA="/etc/openvpn/easy-rsa"
export KEY_CONFIG="$EASY_RSA/whichopensslcnf $EASY_RSA"
Code: Select all
root@rpi3-vpn:/etc/openvpn/easy-rsa# ./build-ca
grep: /etc/openvpn/easy-rsa/whichopensslcnf /etc/openvpn/easy-rsa: No such file or directory
pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong
version of openssl.cnf: /etc/openvpn/easy-rsa/whichopensslcnf /etc/openvpn/easy-rsa
The correct version should have a comment that says: easy-rsa version 2.x
I checked the openssl version:
Code: Select all
root@rpi3-vpn:/etc/openvpn/easy-rsa# openssl version
OpenSSL 1.1.0f 25 May 2017
Code: Select all
-rw-r--r-- 1 root root 7859 Jul 13 2015 openssl-0.9.6.cnf
-rw-r--r-- 1 root root 8416 Jul 13 2015 openssl-0.9.8.cnf
-rw-r--r-- 1 root root 8313 Jul 13 2015 openssl-1.0.0.cnf
Code: Select all
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
In earlier installations I did not touch the KEY_CONFIG line so it looked like this by default:
Code: Select all
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
Code: Select all
root@rpi3-vpn:/etc/openvpn/easy-rsa# source ./vars
**************************************************************
No /etc/openvpn/easy-rsa/openssl.cnf file could be found
Further invocations will fail
**************************************************************
Can someone please advice as to why the openssl is not correctly configured in this case?
And of course tell me what to do to fix it....
Should I just replace the use of whichopensslcnf with this line:
Code: Select all
export KEY_CONFIG="$EASY_RSA/openssl-1.0.0.cnf $EASY_RSA"
Code: Select all
root@rpi3-vpn:/etc/openvpn/easy-rsa# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
root@rpi3-vpn:/etc/openvpn/easy-rsa# ./build-ca
grep: /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa: No such file or directory
pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong
version of openssl.cnf: /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa
The correct version should have a comment that says: easy-rsa version 2.x
Code: Select all
export KEY_CONFIG=$EASY_RSA/openssl-1.0.0.cnf
Why in heavens name does not the whichopensslcnf script work on 2.4.0?