I accidentally deleted my terminal log, but I'm see the same error as Phane. The fix by gpatel-fr worked for me also. see https://forum.ipfire.org/viewtopic.php?f=27&t=23245&p=127199#p127199
Here is my IPFire log: IPFire diagnostics Section: openvpn Date: September 03, 2019 18:50:09 openvpnserver[647]: WARNING: cannot stat file '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 18:50:09 openvpnserver[647]: Options error: --tls-auth fails with '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 18:50:09 openvpnserver[647]: Options error: Please correct these errors. 18:50:09 openvpnserver[647]: Use --help for more information. 18:50:25 openvpnserver[733]: WARNING: cannot stat file '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 18:50:25 openvpnserver[733]: Options error: --tls-auth fails with '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 18:50:25 openvpnserver[733]: Options error: Please correct these errors. 18:50:25 openvpnserver[733]: Use --help for more information. 18:52:06 openvpnserver[1090]: WARNING: cannot stat file '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 18:52:06 openvpnserver[1090]: Options error: --tls-auth fails with '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 18:52:06 openvpnserver[1090]: Options error: Please correct these errors. 18:52:06 openvpnserver[1090]: Use --help for more information. 19:06:30 openvpnserver[2596]: WARNING: cannot stat file '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 19:06:30 openvpnserver[2596]: Options error: --tls-auth fails with '/var/ipfire/ovpn/certs/ta.key': No such file or directory (errno=2) 19:06:30 openvpnserver[2596]: Options error: Please correct these errors. 19:06:30 openvpnserver[2596]: Use --help for more information. 19:14:19 openvpnserver[3948]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 20 2019 19:14:19 openvpnserver[3948]: library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.09 19:14:19 openvpnserver[3949]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19:14:19 openvpnserver[3949]: Diffie-Hellman initialized with 2048 bit key 19:14:19 openvpnserver[3949]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 19:14:19 openvpnserver[3949]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 19:14:19 openvpnserver[3949]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
A fix for this problem has been send --> https://patchwork.ipfire.org/patch/2409/ Best, Erik
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=ae04d0a3110f6d9d9f9ac96312ca7ce130be0ffd https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b21a6319cd89534a7ba45bd327d297d4ee76a90d
Since Eriks' patches made it into the ipfire-2.x repository more than a year ago, I assume this issue has been fixed. In case it has not, please reopen. :-)
will do!
Hi Jon, some questions. - Can you find the ta.key in the "Certificate Authorities and -Keys" listing ? If not, stop the server press the save button without modification and start the server again and take a look if the ta.key is presant. If this fails all --> - Did you tried to use a current actual ovpnmain.cgi e.g. from here --> https://git.ipfire.org/?p=ipfire-2.x.git;a=blob_plain;f=html/cgi-bin/ovpnmain.cgi;hb=refs/heads/core152 and replace it by your current existing one ? Then again, do the same procedure like above explained. I can not reproduce this error here anymore. Best, Erik
Created attachment 814 [details] ta.key Yes. The ta.key was already there. No failure.
Hi Jon, OK you have it on server side now since your logs are pointing out that it is missing on server side this should be now OK. If "no failure" is meant that it is working now am happy with this but if there is still a problem please elaborate/explain the problem a little more. Best, Erik