These are truly wild guesses but did you recreate the server cert?  Does your 
server conf file and your client's conf or ovpn file refer to the new certs 
(and dh file for the server)?  I assume you've restarted both.  Have you 
boosted the logging to see if anything surfaces?  Have you run a status command 
(either systemctl or service) to see if that surfaces anything.  Have you 
looked at the certs themselves with openssl to see if you can spot anything?  I 
realize these are basic checks but hopefully they will surface something.
Not knowing enough about Mageia I can't tell whether it's ultimately a Red Hat 
or Debian derivative, at least for Ubuntu (Debian derivative) easy-rsa is a 
separate package.  The certs/keys/etc produced still work with openvpn.  You 
should be aware that the architecture has changed between easy-rsa 2.0 and 3.0, 
if you switch you have a little more reading to do.  Some of the scripts which 
were available with 2.0 no longer exist with 3.0 which should be an indicator 
of version.
    On Wednesday, December 27, 2023 at 09:13:21 PM CST, Richard Couture 
<r...@linuxcabal.org> wrote:  
 
 Greetings

I am upgrading a 6 year old server which has
  openvpn-2.4.4-1.mga6 installed and running very well

The new server with Mageia 9 has installed
  openvpn-2.5.9-1.mga9
which is hasling me by not authenticating users

Hence I am RTFMing and some documentation says that easy-rsa is no 
longer bundled, though I see it in my new installation in 
/usr/share/openvpn/easy-rsa though I find no mention in any of the 
scripts as to whether it is ver 2 or ver 3 or ...

Further i see
-rw-r--r-- 1 root root  7768 Feb 21  2023 openssl-0.9.6.cnf
-rw-r--r-- 1 root root  8325 Feb 21  2023 openssl-0.9.8.cnf
-rw-r--r-- 1 root root  8228 Nov 16 12:34 openssl-1.0.0.cnf
lrwxrwxrwx 1 root root    17 Nov 16 12:30 openssl.cnf ->
                                          openssl-1.0.0.cnf
though I see that I have
  lib64openssl3-3.0.12-1.mga9
  openssl-3.0.12-1.mga9
installed

I have an /etc/pki/tls/openssl.cnf that came with openssl-3.0.12

My question is

Is there some trick to using easy-rsa with openvpn 2.5.9 ?
I DID recreate ALL certs; CA, Client, dh2048 with this easy-rsa and I 
suspect that this might be a problem...

Any advice as to whether or not I can/should use easy-rsa with 2.5 and 
reference to any tricks that might be needed is greatly appreciated

I only have 5 users who will be connecting to IBM SAP via the vpn

Thanks much

Richard

-- 
LinuxCabal Asociación Civil
Ing. Richard Couture
Novell CNE, ECNE, MCNE
HP/Compaq ASE
Cel.: (+52) 333 377-7505
Web: http://www.LinuxCabal.org
E-Mail: r...@linuxcabal.org
Hosted en la nube Cloud Sigma - www.CloudSigma.com

AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo en su 
caso, los archivos adjuntos al mismo, pueden contener información de 
carácter confidencial y/o privilegiada, y se envían a la atención única 
y exclusivamente de la persona y/o entidad a quien va dirigido. La 
copia, revisión, uso, revelación y/o distribución de dicha información 
confidencial sin la autorización por escrito de LinuxCabal está 
prohibida. Si usted no es el destinatario a quien se dirige el presente 
correo, favor de contactar al remitente respondiendo al presente correo 
y eliminar el correo original incluyendo sus archivos, así como 
cualesquiera copia del mismo. Mediante la recepción del presente correo 
usted reconoce y acepta que en caso de incumplimiento de su parte y/o de 
sus representantes a los términos antes mencionados, LinuxCabal tendrá 
derecho a los daños y perjuicios que esto le cause.



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
  
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to