Problems with OpenVPN after upgrading packages

cbkk · May 14, 2020, 6:00pm

Hello

I am quite new to openwrt, so please excuse my ignorance.

Each 5 seconds I've got strange errors in syslog, this happened after performing upgrade with opkg (I think this is due to latest OpenSSL package upgrade):

Thu May 14 19:38:34 2020 daemon.warn openvpn(my_server)[3625]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Thu May 14 19:38:34 2020 daemon.notice openvpn(my_server)[3625]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu May 14 19:38:34 2020 daemon.notice openvpn(my_server)[3625]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu May 14 19:38:34 2020 daemon.err openvpn(my_server)[3625]: Insufficient key material or header text not found in file '/etc/easy-rsa/pki/private/server.key' (0/128/256 bytes found/min/max)
Thu May 14 19:38:34 2020 daemon.notice openvpn(my_server)[3625]: Exiting due to fatal error
Thu May 14 19:38:39 2020 daemon.warn openvpn(my_server)[3626]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Thu May 14 19:38:39 2020 daemon.notice openvpn(my_server)[3626]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu May 14 19:38:39 2020 daemon.notice openvpn(my_server)[3626]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu May 14 19:38:39 2020 daemon.err openvpn(my_server)[3626]: Insufficient key material or header text not found in file '/etc/easy-rsa/pki/private/server.key' (0/128/256 bytes found/min/max)
Thu May 14 19:38:39 2020 daemon.notice openvpn(my_server)[3626]: Exiting due to fatal error
Thu May 14 19:38:44 2020 daemon.warn openvpn(my_server)[3627]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Thu May 14 19:38:44 2020 daemon.notice openvpn(my_server)[3627]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu May 14 19:38:44 2020 daemon.notice openvpn(my_server)[3627]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu May 14 19:38:44 2020 daemon.err openvpn(my_server)[3627]: Insufficient key material or header text not found in file '/etc/easy-rsa/pki/private/server.key' (0/128/256 bytes found/min/max)
Thu May 14 19:38:44 2020 daemon.notice openvpn(my_server)[3627]: Exiting due to fatal error

actually /etc/easy-rsa/pki/private/server.key is 1708 bytes long

And it looks like:

-----BEGIN PRIVATE KEY-----
<SOME RANDOM BYTES>
-----END PRIVATE KEY-----

Although OpenVpn client connects and is working properly, luci (at VPN->OpenVPN) says that my OpenVPN instance (my_server) is enabled but not started...

Should I do something about it ? How can I handle that ?

Thanks!

psherman · May 14, 2020, 6:04pm

Upgrading packages (via the CLI opkg upgrade command or the LuCI Upgrade... button can result in major problems. It is generally highly discouraged, unless you know what you are doing or if there is specific instruction to do so.

cbkk · May 14, 2020, 6:30pm

Oh my... Should've read that BEFORE... thanks for the information, I've been doing opkg upgrades like daily and thought it was the right way...

cbkk · May 28, 2020, 12:55pm

Well it looks like the problem persists even after performing reset and upgrading to version 19.07.3... via sysupgrade from web interface.

Problem remains the same: each 5 seconds OpenVPN is complaining about the key.

Thu May 28 14:52:06 2020 daemon.warn openvpn(my_server)[24494]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Thu May 28 14:52:06 2020 daemon.notice openvpn(my_server)[24494]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu May 28 14:52:06 2020 daemon.notice openvpn(my_server)[24494]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu May 28 14:52:06 2020 daemon.err openvpn(my_server)[24494]: Insufficient key material or header text not found in file '/etc/easy-rsa/pki/private/server.key' (0/128/256 bytes found/min/max)
Thu May 28 14:52:06 2020 daemon.notice openvpn(my_server)[24494]: Exiting due to fatal error
Thu May 28 14:52:11 2020 daemon.warn openvpn(my_server)[24495]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Thu May 28 14:52:11 2020 daemon.notice openvpn(my_server)[24495]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu May 28 14:52:11 2020 daemon.notice openvpn(my_server)[24495]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu May 28 14:52:11 2020 daemon.err openvpn(my_server)[24495]: Insufficient key material or header text not found in file '/etc/easy-rsa/pki/private/server.key' (0/128/256 bytes found/min/max)
Thu May 28 14:52:11 2020 daemon.notice openvpn(my_server)[24495]: Exiting due to fatal error

thekiefs · July 27, 2020, 12:51pm

Same error here. Not sure what to do. This happens even after I've deleted the openvpn server in LuCI.

vgaetera · July 27, 2020, 1:03pm

It could be either corrupted file, or some some change in crypto-algorithms.
You can try to restore it from the backup, or re-generate with EasyRSA.