Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN service not working with PfSesne 2.4?!

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 7 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bpb21
      last edited by

      Oh - system logs.  I kept getting the same errors over and over.  I'd completely remove an OpenVPN server, all certificates, and try again from scratch.  And I'd keep getting the same message over and over in the system logs.  (The definition of insanity?)

      Dec 3 18:48:09 openvpn 34472 Exiting due to fatal error
      Dec 3 18:48:09 openvpn 34472 Cannot load certificate file /var/etc/openvpn/server1.cert
      Dec 3 18:48:09 openvpn 34472 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
      Dec 3 18:48:09 openvpn 34472 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
      Dec 3 18:48:09 openvpn 34472 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Dec 3 18:48:09 openvpn 34296 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
      Dec 3 18:48:09 openvpn 34296 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 8 2017
      Dec 3 18:21:31 openvpn 48163 Exiting due to fatal error
      Dec 3 18:21:31 openvpn 48163 Cannot load certificate file /var/etc/openvpn/server1.cert
      Dec 3 18:21:31 openvpn 48163 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
      Dec 3 18:21:31 openvpn 48163 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
      Dec 3 18:21:31 openvpn 48163 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Dec 3 18:21:31 openvpn 48127 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
      Dec 3 18:21:31 openvpn 48127 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 8 2017
      Dec 3 18:20:14 openvpn 65340 Exiting due to fatal error
      Dec 3 18:20:14 openvpn 65340 Cannot load certificate file /var/etc/openvpn/server1.cert
      Dec 3 18:20:14 openvpn 65340 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
      Dec 3 18:20:14 openvpn 65340 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
      Dec 3 18:20:14 openvpn 65340 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Dec 3 18:20:14 openvpn 65096 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
      Dec 3 18:20:14 openvpn 65096 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 8 2017
      Dec 3 18:19:38 openvpn 29240 Exiting due to fatal error
      Dec 3 18:19:38 openvpn 29240 Cannot load certificate file /var/etc/openvpn/server1.cert
      Dec 3 18:19:38 openvpn 29240 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
      Dec 3 18:19:38 openvpn 29240 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
      Dec 3 18:19:38 openvpn 29240 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What is in /var/etc/openvpn/server1.cert ?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          septer012
          last edited by

          I have similiar output when I try the wizard, and look at the openvpn log. I have an empty 0 byte /var/etc/openvpn/server1.cert

          Version 2.4.4-RELEASE-p3 (arm64)

          Jun 13 20:07:32 	openvpn 	49559 	Exiting due to fatal error
Jun 13 20:07:32 	openvpn 	49559 	Cannot load certificate file /var/etc/openvpn/server1.cert
Jun 13 20:07:32 	openvpn 	49559 	OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Jun 13 20:07:32 	openvpn 	49559 	OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
Jun 13 20:07:32 	openvpn 	49559 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 13 20:07:32 	openvpn 	49485 	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Jun 13 20:07:32 	openvpn 	49485 	OpenVPN 2.4.6 aarch64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 3 2018
          N 1 Reply Last reply Reply Quote 0
          • N
            netblues @septer012
            last edited by

            @septer012 Any .cert file should be about 1.7kbytes, a text file starting with -----BEGIN CERTIFICATE-----
            So this is certainly the problem.
            Try recreating server certificates and see if it produces correct files.
            Are you doing the whole process via the web gui? is it a self signed certificate?

            1 Reply Last reply Reply Quote 0
            • S
              septer012
              last edited by

              @netblues I am running the openvpn wizard. I am not sure how to generate the certificates manually on the box, but I will take a look around.

              N 1 Reply Last reply Reply Quote 0
              • N
                netblues @septer012
                last edited by

                @septer012 I didn't mean to do it manually.
                Do it via the webif, just check file sizes after every step
                Looks like a bug, but need to find out if the file is ever created or it gets overwritten.

                1 Reply Last reply Reply Quote 0
                • S
                  septer012
                  last edited by

                  @netblues Still haven't quite figured it out yet. The whole process I am running the webgui OpenVPN wizard. I will peruse the logs I guess to see when the keys get generated.

                   	/var/etc/openvpn
 server1.ca
	1.39 KiB
 server1.cert
	0.00 KiB
 server1.conf
	1.06 KiB
 server1.interface
	0.01 KiB
 server1.key
	1.64 KiB
 server1.sock

 server1.tls-auth
	0.62 KiB
                  1 Reply Last reply Reply Quote 0
                  • S
                    septer012
                    last edited by

                    I think I got it to work. I deleted all the Certificate Authorities, and Certificates. Next I configured Services - ACME certificates - Account Key. OpenVPN was able to start up.

                    GertjanG 1 Reply Last reply Reply Quote 1
                    • GertjanG
                      Gertjan @septer012
                      last edited by

                      @septer012 said in OpenVPN service not working with PfSesne 2.4?!:

                      ACME certificates - Account Key

                      What his this to do with OpenVPN ?

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • RicoR
                        Rico LAYER 8 Rebel Alliance
                        last edited by

                        You want to use self signed Certs with OpenVPN, not from any other CA!

                        -Rico

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.