Cannot Open Dh1024.pem For Dh Parameters Error
got openvpn working but i'm not sure how to run it in the background. # /etc/init.d/openvpn restart * Stopping virtual private network daemon. [OK] * Starting virtual private network daemon. [OK] when i try to connect from a client it will fail. only when i execute this command will the client connect successfully... # openvpn /etc/openvpn/2.0/keys/server.conf anyone know how i can fix this? do i need to create/modify an init script? SpaceTeddyAugust 22nd, 2008, 09:23 AMthe start/stop script of openvpn of ubuntu will search *.conf files in your /etc/openvpn and start them. Your config file is in /etc/openvpn/2.0/keys/ (why ever you would put a server config in a key directory...) anyway, move the server.conf to /etc/openvpn and the start/stop script will work. hope it helps :) LRTAugust 22nd, 2008, 03:03 PMfirst off, thanks for your reply. when i put server.conf in /etc/openvpn/ and execute /etc/init.d/openvpn restart, it fails. it says "server (FAILED)". * Stopping virtual private network daemon. [ OK ] * Starting virtual private network daemon. * server (FAILED) [ OK ] and ... # openvpn /etc/openvpn/server.conf Fri Aug 22 09:59:43 2008 OpenVPN 2.1_rc7 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jun 11 2008 Fri Aug 22 09:59:43 2008 Cannot open dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file Fri Aug 22 09:59:43 2008 Exiting my keys are in /etc/openvpn/2.0/keys the only way i can get my client to connect is if i put server.conf in /etc/openvpn/2.0/keys/ and execute `openvpn /etc/openvpn/2.0/keys/server.conf` LRTAugust 22nd, 2008, 03:33 PMthe only way i figured out how to fix this is to put server.conf in the same directory as the key files (/etc/openvpn/2.0/keys/). and then modify CONFIG_DIR in the init script (/etc/init.d/openvpn) to CONFIG_DIR=/etc/openvpn/2.0/keys specifying an alternate location for the key files in server.conf like so, ca /etc/openvpn/2.0/keys/ca.crt cert /etc/openvpn/2.0/keys/server.crt key /etc/openvpn/2.0/keys/server.key so that i can put the server.conf file somewhere else produces the "file not found" errors i posted above. SpaceTeddyAugust 22nd, 2008, 11:31 PMit cannot find the dh2048.pem... make sure that the path in your server.conf are correct. I'd say you need
Transfers DNS-Only Servers PluginSMX Servers Account DNS Check PluginSMX WatchMySQL Clean Backups CloudLinux Softaculous Auto Installer Fantastico WHM Sonic RVSkin RVSiteBuilder WHMXtra All Services Web Hosting Cloud Servers Dedicated Servers cPanel Licensing CloudLinux Licensing Colocation Domain Registration SSL Certificates skip to content Welcome to our information library! OpenVPN Error: Cannot open dh1024.pem for DH parameters Table of Contents OpenVPN Error: Cannot open dh1024.pem for DH parameters Problem Solution OpenVPN https://ubuntuforums.org/archive/index.php/t-896671.html Error: Cannot open dh1024.pem for DH parameters Problem When building OpenVPN on RHEL/CentOS servers as a RPM you may end up finding that the init script fails to start OpenVPN. When checking /var/log/messages you may find a error that looks simular to this. Jan 01 01:01:01 localhost openvpn[21621]: Cannot open dh1024.pem https://www.ndchost.com/wiki/openvpn_dh1024_error for DH parameters: error:0200100D:system library:fopen:Permission denied: error:2006D002:BIO routines:BIO_new_file:system lib Solution Chances are you probably have SELINUX set to enforcing. Run the following command to see what enforcing level SELINUX is set at. [root@localhost ~]# getenforce Enforcing If the result returned is Enforcing then you need to disable SELINUX. You can do that by running the following command [root@localhost ~]# setenforce 0 This is only a temp fix, the next reboot will cause SELINUX to go back into a enforcing mode. In order to disable SELINUX permanently you need to change the SELINUX value in /etc/sysconfig/selinux from enforcing to disabled. You can do this by running the following command [root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux Back to top openvpn_dh1024_error.txt ยท Last modified: 2012-09-18 09:37:45 by shaun.reitan Edit Tools Site Tools Recent ChangesMedia ManagerSitemap User Tools Show pagesourceOld revisionsBacklinksLog In Back to top Stay Connected Blog Facebook Twitter LinkedIn Google+ Youtube Servi
Forums Hosting Security and Technology OpenVPN Fails to start If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register http://www.webhostingtalk.com/showthread.php?t=957619 link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. Results 1 to 5 of 5 Thread: OpenVPN Fails to start Tweet Thread Tools Show Printable Version Subscribe to this Thread… Search Thread Advanced Search Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode 06-20-2010,05:13 AM #1 JamesShijie View Profile View Forum Posts View Forum Threads Newbie Join Date Jun 2010 Posts 6 OpenVPN Fails cannot open to start Hey all, I'm in Shanghai, and have gotten really sick of the great firewall of China blocking Facebook, Youtube, Twitter, etc.. so I endeavored to set up OpenVPN on my VPS in England. I got everything set up, built the certs, keys, etc... on the server, and now I get this: [[emailprotected] openvpn]# service openvpn start Starting openvpn: [FAILED] Here is what the logfile says: Jun 20 02:23:24 jamesras openvpn[12133]: Cannot open dh1024.pem for DH cannot open dh1024.pem parameters: error:02001002ystem library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file Jun 20 02:23:24 jamesras openvpn[12133]: Exiting So I can't open dh1024.pem. Maybe my filepath is wrong in the server.conf file? My server.conf file path is /etc/openvpn/server.conf, and it's contents (for the keys, certs, etc..) are: # SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. # # See the "easy-rsa" directory for a series # of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. # # Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca ca.crt cert server.crt key server.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh dh1024.pem For the sake of being comprehensive, I'm running Centos 5.4 on a VPS environment (Xen), and my Kernel Version is 2.6.18-164.11.1.el5xen. Do I have to specify the whole filepath for the keys and certs? Is it some