When I try to start openvpn, it fails with /tmp/openvpn.log reading:
Mon Aug 27 15:47:36 2018 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Mon Aug 27 15:47:36 2018 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Aug 27 15:47:36 2018 OpenSSL: error:0D0C40D8:lib(13):func(196):reason(216)
Mon Aug 27 15:47:36 2018 OpenSSL: error:0D08303A:lib(13):func(131):reason(58)
Mon Aug 27 15:47:36 2018 OpenSSL: error:0D08303A:lib(13):func(131):reason(58)
Mon Aug 27 15:47:36 2018 OpenSSL: error:0D08303A:lib(13):func(131):reason(58)
Mon Aug 27 15:47:36 2018 OpenSSL: error:0906700D:lib(9):func(103):reason(13)
Mon Aug 27 15:47:36 2018 OpenSSL: error:140AD009:lib(20):func(173):reason(9)
Mon Aug 27 15:47:36 2018 Cannot load certificate file /etc/openvpn/my-server.crt
The /etc/openvpn folder has the generated certs, and I can read them fine e.g. using cat /etc/openvpn/my-server.crt
Is there a part of the process I'm missing or a hidden permissions issue perhaps?
Small change to server log, unable to start server so no client logs.
Tue Aug 28 20:06:00 2018 us=812080 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Aug 28 20:06:00 2018 us=812684 Diffie-Hellman initialized with 2048 bit key
Tue Aug 28 20:06:00 2018 us=813016 OpenSSL: error:0D0C40D8:lib(13):func(196):reason(216)
Tue Aug 28 20:06:00 2018 us=813076 OpenSSL: error:0D08303A:lib(13):func(131):reason(58)
Tue Aug 28 20:06:00 2018 us=813126 OpenSSL: error:0D08303A:lib(13):func(131):reason(58)
Tue Aug 28 20:06:00 2018 us=813175 OpenSSL: error:0D08303A:lib(13):func(131):reason(58)
Tue Aug 28 20:06:00 2018 us=813226 OpenSSL: error:0906700D:lib(9):func(103):reason(13)
Tue Aug 28 20:06:00 2018 us=813274 OpenSSL: error:140AD009:lib(20):func(173):reason(9)
Tue Aug 28 20:06:00 2018 us=813316 Cannot load certificate file /etc/openvpn/my-server.crt
Tue Aug 28 20:06:00 2018 us=813356 Exiting due to fatal error
Try removing and reinstalling openssl-utils and openvpn-openssl (incl. libustream-openssl), as I had a similar issue months ago on my WRT1900ACS and it ended up being an issue with the openssl package i had compiled.
The OpenVPN Server (Basic) wiki generates certs properly, so this is definitely an issue with your WRT32X/environment.
If the above doesn't work, I'd be curious if the same result is had when using the most recent snapshot image or LEDE 17.01.5
To rule out if it's an error with malformed certs or the reading of the certs, try creating all the certs on a PC and transfer them to the router.
Hi, just to update anyone finding this thread – came back to it after a reset to default settings, and it worked first time. Not sure what I had done in the history of the previous install to cause a problem, but nonetheless resolved now.