These are truly wild guesses but did you recreate the server cert? Does your
server conf file and your client's conf or ovpn file refer to the new certs
(and dh file for the server)? I assume you've restarted both. Have you
boosted the logging to see if anything surfaces? Have you run a status command
(either systemctl or service) to see if that surfaces anything. Have you
looked at the certs themselves with openssl to see if you can spot anything? I
realize these are basic checks but hopefully they will surface something.
Not knowing enough about Mageia I can't tell whether it's ultimately a Red Hat
or Debian derivative, at least for Ubuntu (Debian derivative) easy-rsa is a
separate package. The certs/keys/etc produced still work with openvpn. You
should be aware that the architecture has changed between easy-rsa 2.0 and 3.0,
if you switch you have a little more reading to do. Some of the scripts which
were available with 2.0 no longer exist with 3.0 which should be an indicator
of version.
On Wednesday, December 27, 2023 at 09:13:21 PM CST, Richard Couture
<r...@linuxcabal.org> wrote:
Greetings
I am upgrading a 6 year old server which has
openvpn-2.4.4-1.mga6 installed and running very well
The new server with Mageia 9 has installed
openvpn-2.5.9-1.mga9
which is hasling me by not authenticating users
Hence I am RTFMing and some documentation says that easy-rsa is no
longer bundled, though I see it in my new installation in
/usr/share/openvpn/easy-rsa though I find no mention in any of the
scripts as to whether it is ver 2 or ver 3 or ...
Further i see
-rw-r--r-- 1 root root 7768 Feb 21 2023 openssl-0.9.6.cnf
-rw-r--r-- 1 root root 8325 Feb 21 2023 openssl-0.9.8.cnf
-rw-r--r-- 1 root root 8228 Nov 16 12:34 openssl-1.0.0.cnf
lrwxrwxrwx 1 root root 17 Nov 16 12:30 openssl.cnf ->
openssl-1.0.0.cnf
though I see that I have
lib64openssl3-3.0.12-1.mga9
openssl-3.0.12-1.mga9
installed
I have an /etc/pki/tls/openssl.cnf that came with openssl-3.0.12
My question is
Is there some trick to using easy-rsa with openvpn 2.5.9 ?
I DID recreate ALL certs; CA, Client, dh2048 with this easy-rsa and I
suspect that this might be a problem...
Any advice as to whether or not I can/should use easy-rsa with 2.5 and
reference to any tricks that might be needed is greatly appreciated
I only have 5 users who will be connecting to IBM SAP via the vpn
Thanks much
Richard
--
LinuxCabal Asociación Civil
Ing. Richard Couture
Novell CNE, ECNE, MCNE
HP/Compaq ASE
Cel.: (+52) 333 377-7505
Web: http://www.LinuxCabal.org
E-Mail: r...@linuxcabal.org
Hosted en la nube Cloud Sigma - www.CloudSigma.com
AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo en su
caso, los archivos adjuntos al mismo, pueden contener información de
carácter confidencial y/o privilegiada, y se envían a la atención única
y exclusivamente de la persona y/o entidad a quien va dirigido. La
copia, revisión, uso, revelación y/o distribución de dicha información
confidencial sin la autorización por escrito de LinuxCabal está
prohibida. Si usted no es el destinatario a quien se dirige el presente
correo, favor de contactar al remitente respondiendo al presente correo
y eliminar el correo original incluyendo sus archivos, así como
cualesquiera copia del mismo. Mediante la recepción del presente correo
usted reconoce y acepta que en caso de incumplimiento de su parte y/o de
sus representantes a los términos antes mencionados, LinuxCabal tendrá
derecho a los daños y perjuicios que esto le cause.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
