Results 1 to 7 of 7

Thread: OpenVPN broken after patch

  1. #1
    Join Date
    Feb 2008
    Beans
    5

    Thumbs down OpenVPN broken after patch

    Okay, so after today's OpenSSL / OpenVPN vulnerability patch craziness, OpenVPN no longer works (on the client side -- haven't tested server side yet). It asks for the client.key password twice then fails:

    Code:
    ~$ sudo /etc/init.d/openvpn restart
     * Stopping virtual private network daemon.                                  [ OK ]
     * Starting virtual private network daemon.
    Enter pass phrase for /etc/openvpn/client.key:
    Enter pass phrase for /etc/openvpn/client.key:
    ERROR: 1:
    unable to load Private Key
    7445:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:
    7445:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
    
     * client (FAILED)
                                                                                 [ OK ]
    The above results are after entering the password correct for the first time and incorrectly for the second time. If I enter it correctly both times, I don't get the "unable to load client key", but I still get "client (FAILED)".

    Also, if I enter the WRONG password the first time it will fail immediately and will not ask again. My client key is now blacklisted, but I don't think that should affect operations.

    I'm running 8.04 on VMWare with two procs specified with an i386 kernel. Any ideas anyone?

    Thanks
    Last edited by tx413; May 14th, 2008 at 06:59 PM.

  2. #2
    Join Date
    Feb 2008
    Beans
    5

    Re: OpenVPN broken after patch

    I've reverted to openVPN v2.0.9 -- rebuilt from sources using the latest (rc7) openSSL libraries. It works and allows me to get back onto the VPN.

    And I've checked that both the CA and server / client keys are NOT blacklisted. So that's nice, but I still can't run on the latest OpenVPN.

  3. #3
    Join Date
    Feb 2008
    Beans
    5

    Re: OpenVPN broken after patch

    Another update released today - openvpn2.1-rc7-1ubuntu3.2. Still asks for the password twice and then fails to start just like above.

    v2.0.9 still working.

  4. #4
    Join Date
    Apr 2008
    Beans
    24

    Re: OpenVPN broken after patch

    Yep, openvpn is broken here also.

  5. #5
    Join Date
    Jan 2008
    Beans
    21

    Re: OpenVPN broken after patch

    Yep ... same issue for me. I've removed the pass phrase from my key for the time being.

    openssl (rsa|dsa) -in private.key -out privatekey-without-passphrase.key

    After that, openvpn works with the new key.

  6. #6
    Join Date
    Jan 2008
    Beans
    21

    Re: OpenVPN broken after patch

    Nothing new on that one ?

  7. #7
    Join Date
    Jan 2008
    Beans
    21

    Re: OpenVPN broken after patch

    Today's openvpn update fixed the problem.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •