Page 1 of 1

[SOLVED] OpenVPN 2.1 requires '--script-security 2'

Posted: Sun Sep 18, 2011 5:54 am
by gonesurfing
hi
i am having a permisson problem with a new install on ubuntu 11.04 i have google the error and also tryed a new install but with no luck when i run this command
~$ sudo openvpn /etc/openvpn/server.conf

i get this error

Sun Sep 18 15:07:18 2011 OpenVPN 2.1.3 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Mar 11 2011
Sun Sep 18 15:07:18 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Sep 18 15:07:18 2011 Cannot open easy-rsa/keys/dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file
Sun Sep 18 15:07:18 2011 Exiting

i can view the files in the file manager they do exist and i have pleyed around with the permissions on the files but with no luck
i am now back to a new install with the same error
thanks for any help steve

Re: OpenVPN 2.1 requires '--script-security 2'

Posted: Sun Sep 18, 2011 5:30 pm
by janjust
the 'script-security' warning is misleading - the true cause of the problem is the fact that openvpn cannot read the dh1024.pem file; did you run
./build-dh
? Is the file accessible to the user which is configured to run openvpn?

Re: OpenVPN 2.1 requires '--script-security 2'

Posted: Sat Sep 24, 2011 7:55 pm
by gonesurfing
hi
"did you run ./build-dh"
yes i did
"Is the file accessible to the user which is configured to run openvpn"
the file is accessible as the root which is how i installed openvpn by running "sudo su" before the install
the server config : user nobody : group nobody
however i hav'nt configured a user to run openvpn
thanks for any help

Re: OpenVPN 2.1 requires '--script-security 2'

Posted: Sun Sep 25, 2011 10:02 pm
by janjust
check the entire path to the dh1024.pem file to see if it can be read by user nobody, group nobody .

a quick&dirty debugging trick is to disable 'user nobody' and see if it then runs - if so, then your path/file permissions are wrong. If it won't run with 'user nobody' disabled then you've not specified the right path.

Re: OpenVPN 2.1 requires '--script-security 2'

Posted: Wed Oct 05, 2011 9:11 am
by gonesurfing
Thanks for the debugging tip janjust i simple had the file /path wrong

Re: OpenVPN 2.1 requires '--script-security 2'

Posted: Wed Oct 05, 2011 9:16 pm
by janjust
Excellent! closing topic.