# OpenVPN config problems

## allwise

Hello!

I just re-installed OpenVPN with emerge world. I use the same config as before but now I get a errormessage I can't get rid of.

Seems like something is missing in my config even though I've used many example configs to try.

Here's my config-file.

```
log-append /var/log/openvpn.log 

port 1194 

proto udp 

dev tun 

ca /etc/openvpn/myhomelan/ca.crt 

cert /etc/openvpn/openvpn.barry.key.crt 

key /etc/openvpn/openvpn.barry.key.key 

dh /etc/openvpn/dh1024.pem 

server 10.8.0.0 255.255.255.0 

### (optional) make local network behind the VPN server accessible for the VPN clients 

push "route 192.168.0.0 255.255.255.0" 

### (optional) make the VPN server a gateway for the internet for the VPN clients 

#push "redirect-gateway" 

### (optional) compression (might make your WRT sluggish or not, depending on the model a$ 

comp-lzo 

keepalive 10 120 

status /tmp/openvpn.status 
```

And here's the error message: 

```
Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/openvpn.conf:5: ca (2.0.7) 

Use --help for more information. 
```

Thanks in advance!   

----------

## user

openvpn blames ca option without crt filename at line 5.

/etc/openvpn/openvpn.conf is your posted config-file?

----------

## allwise

Yes, the one posted is the config being used (and /etc/openvpn/openvpn.conf).

Is there some line needed before those lines?

----------

## di1bert

Stupid question I know, but did you build OpenVPN with ssl support (ssl use flag) ?

Here's a copy of a working OpenVPN config file:

Client side:

```

client

dev tun

proto udp

remote ourserver.com 1194

float

resolv-retry infinite

nobind

persist-key

persist-tun

ca staff/ca.crt

cert staff/user.crt

key staff/user.key

tls-auth staff/ta.key 1

ns-cert-type server

verb 3

tun-mtu 1500

mssfix 1212

```

Server side:

```

dev tun

mode server

port 1194

status /tmp/vpn-staff.status.log

server 192.168.255.0 255.255.255.0

ifconfig-pool-persist /etc/openvpn/staff/ip_pool

client-to-client

float

push "route 192.168.0.0 255.255.255.0"

push "route 10.0.0.0 255.255.255.0"

push "dhcp-option DNS 10.0.0.250"

push "dhcp-option WINS 10.0.0.250"

push "dhcp-option DOMAIN ourdomain.com"

client-config-dir staff/ccd

keepalive 10 30

max-clients 150

verb 3

persist-key

persist-tun

tun-mtu 1500

mssfix 1212

ca         /etc/openvpn/CA/keys/ca.crt

cert       /etc/openvpn/CA/keys/server.crt

key        /etc/openvpn/CA/keys/server.key

crl-verify /etc/openvpn/CA/keys/crl.pem

dh /etc/openvpn/staff/dh2048.pem

tls-auth /etc/openvpn/staff/ta.key 0

```

HTH

-m

----------

## meka

This is what I get running revoke-full:

```
root@whiterabbit /usr/share/openvpn/easy-rsa # source vars

NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/keys

root@whiterabbit /usr/share/openvpn/easy-rsa # ./revoke-full meka

Using configuration from /usr/share/openvpn/easy-rsa/openssl.cnf

error on line 282 of config file '/usr/share/openvpn/easy-rsa/openssl.cnf'

10068:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282

Using configuration from /usr/share/openvpn/easy-rsa/openssl.cnf

error on line 282 of config file '/usr/share/openvpn/easy-rsa/openssl.cnf'

10069:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282

meka.crt: /C=YU/ST=Vojvodina/L=Novi Sad/O=LUGoNS/OU=VPN/CN=meka/emailAddress=meka@xxx.xxx

error 3 at 0 depth lookup:unable to get certificate CRL

root@whiterabbit /usr/share/openvpn/easy-rsa # 
```

What does it tell me, I don't understand?

----------

## meka

The problem disappears if easy-rsa dir is copied to /etc/openvpn and all scripts ran from that location (weird).

----------

