After update to 2.5 all bats are missing (Windows Server)
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
After update to 2.5 all bats are missing (Windows Server)
Hello,
OS: Windows Server 2016
current Version: Community 2.5
i have a little problem. I updated my server from 2.4 to 2.5 and now all .bats are missing in the "easy-rsa" folder. Also openssl is missing from the server.
I tried to get them back, but I dont know how... also openssl was deleted after update, so the "openssl" cmd is no longer working.
I don't know how to delete/add new vpn users without the bats...
What should I do? Fresh install?
Maybe someone could assist... thanks.
OS: Windows Server 2016
current Version: Community 2.5
i have a little problem. I updated my server from 2.4 to 2.5 and now all .bats are missing in the "easy-rsa" folder. Also openssl is missing from the server.
I tried to get them back, but I dont know how... also openssl was deleted after update, so the "openssl" cmd is no longer working.
I don't know how to delete/add new vpn users without the bats...
What should I do? Fresh install?
Maybe someone could assist... thanks.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: After update to 2.5 all bats are missing (Windows Server)
I think you can install EasyRSA-2 with OpenVPN 2.5
By default OpenVPN 2.5 installs EasyRSA-3.
EasyRSA-3 can upgrade your current PKI to be compatible with EasyRSA-3
give it a shot !
By default OpenVPN 2.5 installs EasyRSA-3.
EasyRSA-3 can upgrade your current PKI to be compatible with EasyRSA-3
give it a shot !
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
Re: After update to 2.5 all bats are missing (Windows Server)
Yes i gave it a shot !
Seems that the new windows Version is really buggy.
I started from scratch to not waste time...
- fresh install
- init-pki , build-ca ...
what to say...
Seems that the new windows Version is really buggy.
I started from scratch to not waste time...
- fresh install
- init-pki , build-ca ...
what to say...
Code: Select all
Generating a RSA private key
......................................................................................+++++
..........+++++
writing new private key to '/temp/easy-rsa-30184.a14428/tmp.a12668'
-----
Can't open C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf for reading, No such file or directory
26984:error:02001002:system library:fopen:No such file or directory:crypto\bio\bss_file.c:69:fopen('C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf','r')
26984:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
Can't open C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf for reading, No such file or directory
29864:error:02001002:system library:fopen:No such file or directory:crypto\bio\bss_file.c:69:fopen('C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf','r')
29864:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
path = /temp/easy-rsa-30184.a14428/tmp.XXXXXX
Last edited by starlight2 on Sun Jan 10, 2021 11:13 pm, edited 2 times in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: After update to 2.5 all bats are missing (Windows Server)
It looks like you have already used this work around:
https://github.com/OpenVPN/easy-rsa/issues/412
Can you paste the entire terminal window where you run easyrsa ?
https://github.com/OpenVPN/easy-rsa/issues/412
Can you paste the entire terminal window where you run easyrsa ?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
Re: After update to 2.5 all bats are missing (Windows Server)
So i copied the openssl-easyrsa.cnf to PKI folder and renamed it,,, but connection does not work. certs seems to be faulty. Without the file there is not even a key created
and yes, i already used the temp fix from you because i got the other error.
with copied file:
without:
and yes, i already used the temp fix from you because i got the other error.
with copied file:
Code: Select all
EasyRSA Shell
# ./easyrsa build-client-full kerstin nopass
Note: using Easy-RSA configuration from: ./vars
Using SSL: openssl OpenSSL 1.1.1i 8 Dec 2020
path = /temp/easy-rsa-15312.a26584/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp5F45.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp5F45.tmp
fd = 3
path = /temp/easy-rsa-15312.a26584/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp6020.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp6020.tmp
fd = 3
path = /temp/easy-rsa-15312.a26584/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp60EB.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp60EB.tmp
fd = 3
Generating a RSA private key
............................+++++
...........................................................................+++++
writing new private key to '/temp/easy-rsa-15312.a26584/tmp.a28200'
-----
path = /temp/easy-rsa-15312.a26584/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp681F.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp681F.tmp
fd = 3
path = /temp/easy-rsa-15312.a26584/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp69F4.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp69F4.tmp
fd = 3
path = /temp/easy-rsa-15312.a26584/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp6ABF.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp6ABF.tmp
fd = 3
Using configuration from /temp/easy-rsa-15312.a26584/tmp.a25284
Enter pass phrase for C:/Program Files/OpenVPN/easy-rsa/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'kerstin'
Certificate is to be certified until Apr 15 23:11:34 2023 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
Code: Select all
EasyRSA Shell
# ./easyrsa build-client-full testuser nopass
Note: using Easy-RSA configuration from: ./vars
Using SSL: openssl OpenSSL 1.1.1i 8 Dec 2020
path = /temp/easy-rsa-19020.a27932/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp6225.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp6225.tmp
fd = 3
path = /temp/easy-rsa-19020.a27932/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp6300.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp6300.tmp
fd = 3
path = /temp/easy-rsa-19020.a27932/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp63CB.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp63CB.tmp
fd = 3
Generating a RSA private key
....................+++++
..........................................+++++
writing new private key to '/temp/easy-rsa-19020.a27932/tmp.a18352'
-----
Can't open C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf for reading, No such file or directory
29044:error:02001002:system library:fopen:No such file or directory:crypto\bio\bss_file.c:69:fopen('C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf','r')
29044:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
Can't open C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf for reading, No such file or directory
29080:error:02001002:system library:fopen:No such file or directory:crypto\bio\bss_file.c:69:fopen('C:/Program Files/OpenVPN/easy-rsa/pki/safessl-easyrsa.cnf','r')
29080:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
path = /temp/easy-rsa-19020.a27932/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp6A91.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp6A91.tmp
fd = 3
path = /temp/easy-rsa-19020.a27932/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp6C57.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp6C57.tmp
fd = 3
path = /temp/easy-rsa-19020.a27932/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp6D31.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp6D31.tmp
fd = 3
Using configuration from /temp/easy-rsa-19020.a27932/tmp.a09048
Enter pass phrase for C:/Program Files/OpenVPN/easy-rsa/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testuser'
Certificate is to be certified until Apr 15 23:14:52 2023 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
EasyRSA Shell
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
Re: After update to 2.5 all bats are missing (Windows Server)
Before you get headache..
problem seems to be one variable..
if i delete the var, the PKI folder is created under c:/pki .. and the easyssl file is created. with the variable the pki folder is created in the easyrsa home, but without the file... not sure why... must the the same problem as temp folder... seems that there is a permission problem by writing files into the easyrsa folder... by init-pki
i dont want to use c:/pki ...
problem seems to be one variable..
Code: Select all
set_var EASYRSA "$PWD"
i dont want to use c:/pki ...
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: After update to 2.5 all bats are missing (Windows Server)
That file is supposed to be there.starlight2 wrote: ↑Sun Jan 10, 2021 11:15 pmSo i copied the openssl-easyrsa.cnf to PKI folder and renamed it
I think this is a bug and I'm looking into it ..
For the time being, can you try copying EasyRSA3 to your Home directory and try from there ?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
Re: After update to 2.5 all bats are missing (Windows Server)
i copied it to desktop... does not work !
... without variable !
for some reason (?) the openssl-easyrsa.cnf is copied to C:/
the original file is under easy-rsa folder... not in pki folder... but renaming it does not work, because the openssl-easyrsa.cnf has all $variables .. and the safessl has the values of the variables... so it seems that there is the problem with the keys..
Code: Select all
EasyRSA Shell
# ./easyrsa init-pki
Note: using Easy-RSA configuration from: ./vars
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: C:/Users/user2/Desktop/easy-rsa/pki
EasyRSA Shell
# exit
C:\Users\user2\Desktop\easy-rsa>dir pki
11.01.2021 01:48 <DIR> .
11.01.2021 01:48 <DIR> ..
11.01.2021 01:48 <DIR> private
11.01.2021 01:48 <DIR> reqs
... without variable !
Code: Select all
EasyRSA Shell
# easyrsa init-pki
Note: using Easy-RSA configuration from: C:/Program Files/OpenVPN/easy-rsa/vars
path = /temp/easy-rsa-22892.a09616/tmp.XXXXXX
lpPathBuffer = C:\Users\user2\AppData\Local\Temp\
szTempName = C:\Users\user2\AppData\Local\Temp\tmp9FDB.tmp
path = C:\Users\user2\AppData\Local\Temp\tmp9FDB.tmp
fd = 3
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /pki
C:\Program Files\OpenVPN\easy-rsa>dir c:\pki
11.01.2021 01:58 <DIR> .
11.01.2021 01:58 <DIR> ..
11.01.2021 01:58 <DIR> private
11.01.2021 01:58 <DIR> reqs
11.01.2021 01:58 4.408 safessl-easyrsa.cnf
for some reason (?) the openssl-easyrsa.cnf is copied to C:/
the original file is under easy-rsa folder... not in pki folder... but renaming it does not work, because the openssl-easyrsa.cnf has all $variables .. and the safessl has the values of the variables... so it seems that there is the problem with the keys..
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
Re: After update to 2.5 all bats are missing (Windows Server)
For people who have the same problem... I fixed this today...
(this is all regarding to the hidden administrator account..)
0) make sure that you dont have pki folder or openssl-easyrsa.cnf file under C:/
1) exclude easyrsa variable from vars
2) run init-pki
3) change vars and inclube easyrsa variable (remove #)
4) run init-pki again
5) copy safessl_easyrsa.cnf from C:/pki to C:\Program Files\OpenVPN\easy-rsa\pki
6) open the copied safessl_easy.cnf with a good text editor (like notepad++)
7) use find & replace to replace ALL
with
8) proceed with build-ca etc.
(this is all regarding to the hidden administrator account..)
0) make sure that you dont have pki folder or openssl-easyrsa.cnf file under C:/
1) exclude easyrsa variable from vars
Code: Select all
#set_var EASYRSA "$PWD"
3) change vars and inclube easyrsa variable (remove #)
4) run init-pki again
5) copy safessl_easyrsa.cnf from C:/pki to C:\Program Files\OpenVPN\easy-rsa\pki
6) open the copied safessl_easy.cnf with a good text editor (like notepad++)
7) use find & replace to replace ALL
Code: Select all
/pki
Code: Select all
/Program Files/OpenVPN/easy-rsa/pki
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: After update to 2.5 all bats are missing (Windows Server)
I have been helping develop EasyRSA-3 for some years now and you are the first and only person to report an issue like this.
What do you mean ?starlight2 wrote: ↑Mon Jan 11, 2021 5:57 pmthis is all regarding to the hidden administrator account
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: After update to 2.5 all bats are missing (Windows Server)
After further testing, the most likely explanation is that you have edited ./vars incorrectly.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
Re: After update to 2.5 all bats are missing (Windows Server)
Maybe... maybe not... Dont know
here are my vars
I tried it on 2 server versions of windows (2016) and 1 windows 10 device ... for server windows i dont need hidden administrator account, for windows 10 i needed it cause there was nothing created under c:\
this is only on windows ... on unix i dont have these problems with the same config
here are my vars
Code: Select all
set_var EASYRSA "$PWD"
set_var EASYRSA_PKI "$EASYRSA/pki"
set_var EASYRSA_DN "cn_only"
set_var EASYRSA_REQ_COUNTRY "xxx"
set_var EASYRSA_REQ_PROVINCE "xxx"
set_var EASYRSA_REQ_CITY "xxx"
set_var EASYRSA_REQ_ORG "xxx"
set_var EASYRSA_REQ_EMAIL "xxx@xxx.com"
set_var EASYRSA_REQ_OU "xxx"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_NS_SUPPORT "no"
set_var EASYRSA_NS_COMMENT "xxx"
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha256"
set_var EASYRSA_TEMP_DIR "/temp"
this is only on windows ... on unix i dont have these problems with the same config
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: After update to 2.5 all bats are missing (Windows Server)
Sorry, if you need help administering Windows then that it out-of-scope here.
Just copy the entire, Installed Easy-RSA3 folder to somewhere that your user has write access.
Go back to defaults (I would re-install from scratch) and try again.
Just copy the entire, Installed Easy-RSA3 folder to somewhere that your user has write access.
Go back to defaults (I would re-install from scratch) and try again.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Jan 08, 2021 3:01 pm
Re: After update to 2.5 all bats are missing (Windows Server)
i dont need help in administering windows. lol.
this is a bug in the easyrsa script cause of the sh emulation.
this is a bug in the easyrsa script cause of the sh emulation.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: After update to 2.5 all bats are missing (Windows Server)
If you believe this is a bug then please report it to EasyRSA on github.
Otherwise, I suggest you do this:
Otherwise, I suggest you do this:
- Uninstall OpenVPN and EasyRSA3
- Move whatever is left in C:\Program Files\OpenVPN to a safe place.
- Install OpenVPN and EasyRSA3
- Copy EasyRSA3 to your user account
- Try again