OpenVPN Exiting due to fatal error

Hello all.
I have been trying to make a OpenVPN server on my Linksys WRT 3200ACM router running OpenWRT 19.7.
I have been following this gouid for the moste of the parts (exept for 2 file locations)

Now then i run

/etc/init.d/openvpn start
/etc/init.d/openvpn enable

and check the log i get this output

Fri Apr 23 13:01:00 2021 OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr 23 13:01:00 2021 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Fri Apr 23 13:01:00 2021 OpenSSL: error:0909006C:PEM routines:get_name:no start line
Fri Apr 23 13:01:00 2021 Cannot load DH parameters from /etc/config/openvpn-config/pki/private/ca.key
Fri Apr 23 13:01:00 2021 Exiting due to fatal error

Do someone her know what i did wrong in my configuration?

Why not use the local guide?

1 Like

I'm new to the use of OpenWRT and this guide was made on the same hardware and software that i use.

The wiki how-tos are tested on OpenWrt 19.07 and there's nothing hardware specific.
Also, using the automated instruction should be easier to follow for newbies:

1 Like

With a quick look at the 6 comments I can see 4 users complaining it doesn't work, 2 bots posting some BS, and the author nowhere to be found to comment.
Revert any changes (or reset to defaults) and follow the guide we have here.


I see i dident check prober up on my sources.

I will try delete the files generated and uninstall the files installed and try fresh from the links you provided me and se how it goes.

Thanks for the info.

That may be a way to do it.

But do to my IT education do i like to learn how to do it manually.

But if all fails this could merry we'll be the solution.

I have now followed the local guide as you linked and now does the OpenVPN server look to be up and runnin.

my nex problem is now...
How do i even connect to it?

It looks like there in the progress of setting the server setup got made a generic device certificate.
do i just have to load that up on my phone for starting the connection or are there another add-in i have to install to mannage users and devices?

Right now i only have a android phone and a laptop that i want to connect to the VPN.

Copy the client profile *.ovpn from the router to the client and import it in the client app.

i looked at the files on the router.
I do not seems to finde any .ovpn files in the folders there have to do whit the VPN.

All i can find is .crt files and that one wont the officiel OpenVPN app not accept.

Did you use the automatic script or did you issue the commands manually?

I used the manual command.

Here is the list of the commands that i used.
and in that order.

export EASYRSA_BATCH="1"

easyrsa build-client-full client2
easyrsa gen-crl

OVPN_CRL="$(cat ${OVPN_PKI}/crl.pem)"
sed -i -e "
\$a <crl-verify>\n${OVPN_CRL//$'\n'/\\n}\n</crl-verify>
" /etc/openvpn/server.conf
/etc/init.d/openvpn restart
find / -xdev -iname "*.ovpn"

The result.

root@JJEstate:~# find / -xdev -iname "*.ovpn"

client2 is not listed

I can see many more commands used in the guide. Are you sure you followed the correct one?

Repeat the first and last sections of the server how-to to regenerate client profiles.

1 Like

I followed that for the server and startup.

then i used multi-client from this one to add another client do to i have 2 clients that i want to connect

Thats what i have done.
if i do all the steps in the first guide to the server part does it look like i delete some of the work already done..

the other one use after should add another certification set to the setup.
and i have made the new .crt file. but theres no .ovpn file for client2

I have now started over.
I got my certificate to the connection and imported it in to the OpenVPN app on my phone and it looks to be working.

New client for openvpn server - #4 by vgaetera

1 Like