All was fine until yesterday, now the ESXi based VMs cannot connect to the OpenVPN server. The error is:
Code: Select all
Tue May 12 23:54:16 2020 us=583350 library versions: OpenSSL 1.1.1c FIPS 28 May 2019, LZO 2.08
Tue May 12 23:54:16 2020 us=583495 PKCS#11: pkcs11_initialize - entered
Tue May 12 23:54:16 2020 us=583611 PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
Tue May 12 23:54:16 2020 us=583854 PO_INIT maxevents=4 flags=0x00000002
Tue May 12 23:54:16 2020 us=586535 OpenSSL: error:1418708B:SSL routines:ssl_do_config:unknown command
Tue May 12 23:54:16 2020 us=586615 OpenSSL: error:0909006C:PEM routines:get_name:no start line
Tue May 12 23:54:16 2020 us=586663 Error reading extra certificate
Tue May 12 23:54:16 2020 us=586714 Exiting due to fatal error
Code: Select all
48577 openat(AT_FDCWD, "bastion2.crt", O_RDONLY) = 3
48577 fstat(3, {st_mode=S_IFREG|0640, st_size=1655, ...}) = 0
48577 read(3, "-----BEGIN CERTIFICATE-----\nMIIE"..., 4096) = 1655
48577 read(3, "", 4096) = 0
48577 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1693, ...}) = 0
48577 write(1, "Tue May 12 23:54:16 2020 us=5865"..., 102) = 102
48577 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1693, ...}) = 0
48577 write(1, "Tue May 12 23:54:16 2020 us=5866"..., 95) = 95
48577 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1693, ...}) = 0
48577 write(1, "Tue May 12 23:54:16 2020 us=5866"..., 67) = 67
48577 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1693, ...}) = 0
48577 write(1, "Tue May 12 23:54:16 2020 us=5867"..., 62) = 62
48577 exit_group(1) = ?
48577 +++ exited with 1 +++
- Reissuing the certs
Reinstalling OpenVPN
Reinstalling OpenSSL
Running OS updates
Tried the same cert/key combo in the two environments, only breaks in ESXi VMs
Built a fresh RHEL VM in ESXi from scratch, new cert/key, new conf -- same error