Recently I started work on a project to convert an old set top box (STB) into a home server, one of my requirements was the ability use it as an OpenVPN server, acting as a conduit to my home network.
The particular STB I have has an IBM PowerPC, which is very common amongst STB's. It also allows me to use PowerPC binaries on my unit and avoid the definite headaches of compiling on a low power and library light system.
/var/bin > uname -a
Linux imagine 2.6.9 #1 Tue Mar 10 10:17:56 CEST 2011 ppc unknown
The Problem
After setting up OpenVPN as I normally would, I started to get a repeated, very general, error message.
/var/bin > ./openvpn.sh start
Starting virtual private network daemon: config(FAILED).
This indicated that perhaps the configuration was a problem, but after redoing my configuration I found there to be no issues and no resolution to my problem.
The Resolution
Fortunately the resolution is very simple. This OpenVPN PPC binary doesn't seem to like the headers in OpenSSL generated certificates, the same certificates that work perfectly if I run them on a x86 Linux or Windows machine. So I simply removed the headers.
Example:
/var/etc/openvpn > cat certificate.cer
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
..truncated..
-----BEGIN CERTIFICATE-----
..truncated..
-----END CERTIFICATE-----
Simply becomes
/var/etc/openvpn > cat certificate.cer
-----BEGIN CERTIFICATE-----
..truncated..
-----END CERTIFICATE-----
So just remove everything above the BEGIN CERTIFICATE line in your certificate, and of course ensure your key is unencrypted. Don't forget to CHOWN and CHMOD 700 your OpenVPN key directories appropriately also.
No comments:
Post a Comment