# [RISOLTO] Problema con openvpn server: whichopensslcnf

## fbcyborg

Salve, 

sto cercando di generare un nuovo certificato per openvpn, come faccio sempre, ma ho un problema.

I passi che sto facendo sono quelli indicati qui, sezione Windows Client Configuration, ovvero:

```
cd /usr/share/openvpn/easy-rsa/

source ./vars

./build-key <USERNAME> 
```

Solo che quando faccio

```
source ./vars
```

ottengo il seguente messaggio:

```
-bash: /usr/share/openvpn/easy-rsa/whichopensslcnf: No such file or directory

NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/keys

```

Io non ho intenzinoe di fare un ./clean-all, sennò mi cancella tutte le chiavi presenti.

Eppure io non ho cancellato alcun file.

Avete qualche idea?

EDIT: fra l'altro questo credo che sia un problema che si è manifestato dopo un aggiornamento recente di openvpn.

Ho provato a cambiare un parametro in /usr/share/openvpn/easy-rsa/vars, ovvero da

```
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
```

 a

```
export KEY_CONFIG=`$EASY_RSA/openssl.cnf $EASY_RSA`
```

Solo che ora facendo 

```
source ./vars
```

 è peggio di prima!

```
/usr/share/openvpn/easy-rsa/openssl.cnf: line 10: HOME: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 11: RANDFILE: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 12: openssl_conf: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 17: oid_section: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 18: engines: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 37: default_ca: command not found

dir: cannot access =: No such file or directory

dir: cannot access \:\:KEY_DIR: No such file or directory

/usr/share/openvpn/easy-rsa/openssl.cnf: line 43: certs: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 44: crl_dir: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 45: database: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 46: new_certs_dir: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 48: certificate: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 49: serial: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 50: crl: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 51: private_key: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 52: RANDFILE: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 54: x509_extensions: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 60: default_days: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 61: 30: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 62: default_md: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 63: preserve: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 68: policy: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 72: countryName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 73: stateOrProvinceName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 74: organizationName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 75: organizationalUnitName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 76: commonName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 77: emailAddress: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 83: countryName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 84: stateOrProvinceName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 85: localityName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 86: organizationName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 87: organizationalUnitName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 88: commonName: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 89: emailAddress: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 93: default_bits: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 94: default_keyfile: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 95: distinguished_name: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 96: attributes: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 97: x509_extensions: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 111: string_mask: command not found

/usr/share/openvpn/easy-rsa/openssl.cnf: line 116: syntax error near unexpected token `('

/usr/share/openvpn/easy-rsa/openssl.cnf: line 116: `countryName                 = Country Name (2 letter code)'

NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/keys

```

Ma che diavolo hanno combinato al file di configurazione?

----------

## oRDeX

Effettivamente `` indica che il file va eseguito, ma non è il caso in questione...prova a mettere "blabla" al posto di `blabla` lì dove specifichi openssl.cnf

----------

## fbcyborg

Grande! Mi sa che ha funzionato ora

```
# source ./vars

NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/keys
```

Ora sembrerebbe OK!

----------

## fbcyborg

Che pizza.. ancora problemi..

```
# ./build-key nomeutente

grep: /usr/share/openvpn/easy-rsa/openssl.cnf /usr/share/openvpn/easy-rsa: No such file or directory

pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong

version of openssl.cnf: /usr/share/openvpn/easy-rsa/openssl.cnf /usr/share/openvpn/easy-rsa

The correct version should have a comment that says: easy-rsa version 2.x

```

----------

## oRDeX

A giudicare dai commenti

 *Quote:*   

> # This variable should point to
> 
> # the openssl.cnf file included
> 
> # with easy-rsa.
> ...

 

Trasforma la suddetta riga in

 *Quote:*   

> export KEY_CONFIG="$EASY_RSA/openssl.cnf"

 

----------

## fbcyborg

Perfetto! Ha funzionato!

Grazie.. c'era un $EASY_RSA di troppo!

----------

## oRDeX

IMHO è un mezzo BUG unito ad un esempio davvero poco comprensibile.

Oppure...non abbiamo capito nulla nè io nè te   :Laughing:   :Laughing:   :Laughing: 

----------

## fbcyborg

Secondo me invece hanno fatto un casino con la nuova versione.

Un dispatch-conf ha incasinato tutto! il ` al posto di " .. una variabile, dove non dovrebbe essere.. boh!

----------

