Cannot pre-load keyfile (ta.key) on Linux [oconf]

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
ImaginaryTango
OpenVpn Newbie
Posts: 4
Joined: Thu Apr 20, 2023 2:30 am

Cannot pre-load keyfile (ta.key) on Linux [oconf]

Post by ImaginaryTango » Thu Apr 20, 2023 2:48 am

I'm surprised I couldn't find any actual hits when researching this.

I have a VPS in the cloud running Debian 11 and I installed OpenVPN on it with apt. I have generated the security files on another system and moved them all into /etc/openvpn. Since I'm just getting started with OpenVPN, I've also put my files in /etc/openvpn/server. I have ca.cert, ta.key, dh.pem, <servername>.cert, and <servername>.key (Of course, the real server name replaces <servername>.) Also in both those directories, I have server.conf. I'm starting OpenVPN as root with the command

Code: Select all

openvpn /etc/openvpn/server.conf
. In server.conf, I have the line tls-auth

Code: Select all

ta.key 0 # This file is secret
I've also replaced that with

Code: Select all

 tls-auth /etc/openvpn/ta.key 0 # This file is secret just to see
if it makes a difference. (It does not.) Also, I found several web pages that say to use openvpn --genkey secret ta.key to generate the file and others that say to use openvpn --genkey tls-auth ta.key to generate the key. I've tried files produced by both of those methods and it hasn't made much of a difference.

Here's what happens whenever I try to run OpenVPN:

Code: Select all

[23-04-20 2:21:57 root@shadowyseas ~] $ openvpn /etc/openvpn/server.conf
2023-04-20 02:22:18 Cannot pre-load keyfile (ta.key)
2023-04-20 02:22:18 Exiting due to fatal error
I've searched for info on this and have found people asking about this on Windows and getting answers that don't apply to a LInux setup. I have not found anything that tells me, for sure, that I need to specify the full path for ta.key or not, or if it's supposed to be in a specific directory or not. I tried increasing the verbosity and that wasn't a help, either. There is nothing clear in the OpenVPN howto which tells me where this file goes in Linux.

At this point, I can't find anything to clearly tell me what directory OpenVPN expects this file to be in, whether the location should be specified in the config file, and I don't even know if the error is due to the file location, an unspecified path, or if there's a problem with the file itself. I can't even find a way to get more debugging information from the log. (It doesn't seem to be keeping a log - nothing in /var/log/openvpn.) All I have is the information displayed on the console when I try to run OpenVPN.
Top
ImaginaryTango
OpenVpn Newbie
Posts: 4
Joined: Thu Apr 20, 2023 2:30 am

Re: Cannot pre-load keyfile (ta.key) on Linux [oconf]

Post by ImaginaryTango » Fri Apr 21, 2023 4:22 am

Solved.

I used the tutorial and it talks about what files are needed, but never specifies where to put them in Linux and that tutorial (the OpenVPN one) and others tend to not mention that you need to specify the full pathname to all the cert, ca, and key files. It's rather frustrating - no default location for them (apparently) for OpenVPN to check before looking elsewhere and I didn't see anything, in several tutorials, that said I had to specify the full pathname of a file in the configuration file.
Top
Post Reply

Return to “Configuration”