These are truly wild guesses but did you recreate the server cert? Does your server conf file and your client's conf or ovpn file refer to the new certs (and dh file for the server)? I assume you've restarted both. Have you boosted the logging to see if anything surfaces? Have you run a status command (either systemctl or service) to see if that surfaces anything. Have you looked at the certs themselves with openssl to see if you can spot anything? I realize these are basic checks but hopefully they will surface something. Not knowing enough about Mageia I can't tell whether it's ultimately a Red Hat or Debian derivative, at least for Ubuntu (Debian derivative) easy-rsa is a separate package. The certs/keys/etc produced still work with openvpn. You should be aware that the architecture has changed between easy-rsa 2.0 and 3.0, if you switch you have a little more reading to do. Some of the scripts which were available with 2.0 no longer exist with 3.0 which should be an indicator of version. On Wednesday, December 27, 2023 at 09:13:21 PM CST, Richard Couture <r...@linuxcabal.org> wrote: Greetings
I am upgrading a 6 year old server which has openvpn-2.4.4-1.mga6 installed and running very well The new server with Mageia 9 has installed openvpn-2.5.9-1.mga9 which is hasling me by not authenticating users Hence I am RTFMing and some documentation says that easy-rsa is no longer bundled, though I see it in my new installation in /usr/share/openvpn/easy-rsa though I find no mention in any of the scripts as to whether it is ver 2 or ver 3 or ... Further i see -rw-r--r-- 1 root root 7768 Feb 21 2023 openssl-0.9.6.cnf -rw-r--r-- 1 root root 8325 Feb 21 2023 openssl-0.9.8.cnf -rw-r--r-- 1 root root 8228 Nov 16 12:34 openssl-1.0.0.cnf lrwxrwxrwx 1 root root 17 Nov 16 12:30 openssl.cnf -> openssl-1.0.0.cnf though I see that I have lib64openssl3-3.0.12-1.mga9 openssl-3.0.12-1.mga9 installed I have an /etc/pki/tls/openssl.cnf that came with openssl-3.0.12 My question is Is there some trick to using easy-rsa with openvpn 2.5.9 ? I DID recreate ALL certs; CA, Client, dh2048 with this easy-rsa and I suspect that this might be a problem... Any advice as to whether or not I can/should use easy-rsa with 2.5 and reference to any tricks that might be needed is greatly appreciated I only have 5 users who will be connecting to IBM SAP via the vpn Thanks much Richard -- LinuxCabal Asociación Civil Ing. Richard Couture Novell CNE, ECNE, MCNE HP/Compaq ASE Cel.: (+52) 333 377-7505 Web: http://www.LinuxCabal.org E-Mail: r...@linuxcabal.org Hosted en la nube Cloud Sigma - www.CloudSigma.com AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo en su caso, los archivos adjuntos al mismo, pueden contener información de carácter confidencial y/o privilegiada, y se envían a la atención única y exclusivamente de la persona y/o entidad a quien va dirigido. La copia, revisión, uso, revelación y/o distribución de dicha información confidencial sin la autorización por escrito de LinuxCabal está prohibida. Si usted no es el destinatario a quien se dirige el presente correo, favor de contactar al remitente respondiendo al presente correo y eliminar el correo original incluyendo sus archivos, así como cualesquiera copia del mismo. Mediante la recepción del presente correo usted reconoce y acepta que en caso de incumplimiento de su parte y/o de sus representantes a los términos antes mencionados, LinuxCabal tendrá derecho a los daños y perjuicios que esto le cause. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users