Page 1 of 1

[Solved] server fails to start: Error: private key password verification failed

Posted: Sun Jan 26, 2020 1:16 am
by LFNfan1
Hi I have just set up openvpn on Ubuntu 18.04 server.
I am using a server private key with a password, and on other systems get

Code: Select all

lfnfan@ubuntu:/etc/openvpn$ sudo service openvpn start
lfnfan@ubuntu:/etc/openvpn$ 
Broadcast message:

Password entry required for 'Enter Private Key Password:' (PID 1234).
Please enter password with the systemd-tty-ask-password-agent tool!
I then type

Code: Select all

sudo systemd-tty-ask-password-agent
and enter the ovpn server private key password at the prompt.
then the service starts.

I don't know why, but this time on this system it's not giving me the prompt, and I can't seem to pre-emptively enter the password using

Code: Select all

sudo systemd-tty-ask-password-agent
as the 'enter password' prompt doesn't appear.

Code: Select all

lfnfan@ubuntu:/etc/openvpn$ uname -a
Linux odroid 4.9.210-66 #1 SMP PREEMPT Thu Jan 16 09:14:42 -03 2020 aarch64 aarch64 aarch64 GNU/Linux

Any guidance much appreciated.
Paul

Re: server fails to start: Error: private key password verification failed

Posted: Sun Jan 26, 2020 9:59 am
by TiTex
I'm not sure if this is relevant , but the openvpn service is templated in Ubuntu 18.04 and probably in older versions as well
This service files are added when you install openvpn from ubuntu packages
/lib/systemd/system/openvpn-client@.service
/lib/systemd/system/openvpn-server@.service
/lib/systemd/system/openvpn.service
/lib/systemd/system/openvpn@.service
where openvpn.service is just a stub service , it doesn't actually execute openvpn binary.
so instead , you have to copy your config+files in /etc/openvpn/ and then enable it by running

Code: Select all

systemctl enable openvpn@your-config-filename
or copy your config file /etc/openvpn/server and enable it by running

Code: Select all

systemctl enable openvpn-server@your-config-filename

[Solved] Re: server fails to start: Error: private key password verification failed

Posted: Sun Jan 26, 2020 2:39 pm
by LFNfan1
Hi TiTex

Well, I figured it out (by reading the HowTo again....)
I had to add

Code: Select all

askpass
to my server.conf file. That seems to have done the trick, in that the 'please provide password' prompt has now re-appeared, and after providing the private key password, I have my vpn up and running.
Many thanks!
Paul