Bug #489819 “Serverguide OpenVPN page has incorrect install inst...” : Bugs : ubuntu-docs package : Ubuntu

Connor Imes (ckimes) on 2009-12-15

Changed in ubuntu-docs (Ubuntu):
importance:	Undecided → High
tags:	added: serverguide

Revision history for this message

Darkmike (mikefaille) wrote on 2009-12-22:

#1

To fix this bug, I siggest this step (diff like):

- sudo mkdir /etc/openvpn/easy-rsa/
-sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/
+sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
- edit /etc/openvpn/easy-rsa/vars
+ edit /etc/openvpn/easy-rsa/2.0/vars
-cd /etc/openvpn/easy-rsa/easy-rsa
+cd /etc/openvpn/easy-rsa/2.0
[...]
--Client Certificates--
cd /etc/openvpn/easy-rsa/2.0
Copy the following files to the client:

-/etc/openvpn/easy-rsa/hostname.ovpn
+/etc/openvpn/easy-rsa/2.0/hostname.ovpn
-/etc/openvpn/easy-rsa/ca.crt
+/etc/openvpn/easy-rsa/2.0/ca.crt
-/etc/openvpn/easy-rsa/hostname.crt
+/etc/openvpn/easy-rsa/2.0/hostname.crt
-/etc/openvpn/easy-rsa/hostname.key
+/etc/openvpn/easy-rsa/2.0/hostname.key
-/etc/openvpn/easy-rsa/ta.key
+/etc/openvpn/easy-rsa/2.0/ta.key

Changed in ubuntu-docs (Ubuntu):
status:	New → Confirmed

Revision history for this message

building39 (mlm-v2) wrote on 2010-02-19:

#2

The posted patch seems to take a small step towards correcting this bug.

Client certification instructions as still wrong. After:
cd /etc/openvpn/easy-rsa/2.0
source vars
./pkitool hostname

the hostname files do not exist in the path /etc/openvpn/easy-rsa/2.0/hostname.{crt,key},
but do exist in /etc/openvpn/easy-rsa/2.0/keys. The file hostname.ovpn does not appear to exist anywhere.

the files ca.crt and ta.key now exist in /etc/openvpn, and not in /etc/openvpn/easy-rsa/2.0

It really doesn't look like the author of this documentation actually tested these instructions for accuracy.

Revision history for this message

Adam Sommer (asommer) wrote on 2010-03-24:

#3

Thanks for reporting this bug and helping make Ubuntu better. I've committed a fix to the Lucid branch revision 488. I believe all configuration and command examples should now be accurate.

You will be able to see a draft version of the document here:

http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html

All feedback is greatly appreciated.

Thanks again.

Changed in ubuntu-docs (Ubuntu):
assignee:	nobody → Adam Sommer (asommer)
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-03-29:

#4

Download full text (5.5 KiB)

This bug was fixed in the package ubuntu-docs - 10.04.2

---------------
ubuntu-docs (10.04.2) lucid; urgency=low

  * General:
    - Fixes to scripts/fix-url.sh (including LP: #482862)
    - Fix character encoding in contributors.xml (LP: #448618)
    - Updated version in browser-startpage html files, LP: #526320
    - Refresh pot files
  * Add-applications:
    - Updates for UI changes, Phil Bull
  * Config-desktop:
    - Added topic on changing window buttons from the left, Phil Bull
  * Hardware:
    - Added mention of gsynaptics, Connor Imes, LP: #450567
  * Internet:
    - Refresh list of plugins supplied by ubuntu-restricted-extras, branch
      from Nathan Murray, LP: #504981
    - Updates to reflect that Ekiga no longer installed by default, Connor Imes,
      LP: #508572
    - Grammar fix from Alex Wardle, LP: #517776
    - Order adjustment for shares-admin usage, Alex Wardle, LP: #518119
    - Button name change for shares-admin app, Alex Wardle, LP: #518170
    - Use unlock icon in networking section, Alex Wardle, LP: #518117
    - Updated directions on changing text size and page zooming in firefox,
      Alison Rowland, LP: #512556
    - Fixed guilabel usage in modem section. Alex Wardle, LP: #521243
    - Updated button and tab names in Static Connections section,
      Alex Wardle, LP: #521508
    - Typo fix in adsl section. Alex Wardle, LP: #525349
    - Removed unused and empty basics.xml, LP: #525431
    - Minor wording update to directions for sharing folders via nautilus,
      Connor Imes, LP: #518175
    - Use 'NetworkManager' not 'Network Manager' for consistency, Connor Imes
      LP: #518107
    - Update to troubleshooting mobile devices, Connor Imes, LP: #453459
    - Adjusted description of NetworkManager applet icons, Connor Imes
      LP: #440826
    - Additions to VPN section of connecting guide, Alex Wardle, LP: #452647
    - Expanded on using config files for vpn connections, Connor Imes
    - Command line substitution for Services utility which is not in Karmic or
      Lucid, Connor Imes, LP: #518460
    - Structural and language changes + updates for UI changes, Phil Bull
  * Musicvideophotos:
    - Added section for recording and editing video, Book 'em Dano, LP: #367569
  * Newtoubuntu:
    - Complete rewrite, Matthew East
  * Printing:
    - Simple Scan replaced xsane for scanning documents, Alex Wardle, LP: #546193
  * Serverguide:
    - Rename link to serverguide in advanced-topics.xml, Gilbert
      Mendoza, LP: #505708
    - Use distro-short-codename variable for vmbuilder documentation in
      serverguide rather than static version example, Connor Imes,. LP: #509653
    - Small fixes to security chapter, Connor Imes, LP: #510703
    - Small fixes from Nathan Handler, LP: #507624
    - Configuration change for OpenLDAP, Connor Imes, LP: #511090
    - Refresh of network-config section, Gilbert Mendoza, LP: #506800
    - Update manpage links to use distro-short-codename, Connor Imes
    - Changed OpenLDAP replication to use single Provider/Consumer configuration,
      Adam Sommer
    - Removed grub-password-security section - it does not apply to Grub2,
      Gilbert Mendoza, LP: #384148
    - Refere...

This bug was fixed in the package ubuntu-docs - 10.04.2

---------------
ubuntu-docs (10.04.2) lucid; urgency=low

* General:
    - Fixes to scripts/fix-url.sh (including LP: #482862)
    - Fix character encoding in contributors.xml (LP: #448618)
    - Updated version in browser-startpage html files, LP: #526320
    - Refresh pot files
  * Add-applications:
    - Updates for UI changes, Phil Bull
  * Config-desktop:
    - Added topic on changing window buttons from the left, Phil Bull
  * Hardware:
    - Added mention of gsynaptics, Connor Imes, LP: #450567
  * Internet:
    - Refresh list of plugins supplied by ubuntu-restricted-extras, branch
      from Nathan Murray, LP: #504981
    - Updates to reflect that Ekiga no longer installed by default, Connor Imes,
      LP: #508572
    - Grammar fix from Alex Wardle, LP: #517776
    - Order adjustment for shares-admin usage, Alex Wardle, LP: #518119
    - Button name change for shares-admin app, Alex Wardle, LP: #518170
    - Use unlock icon in networking section, Alex Wardle, LP: #518117
    - Updated directions on changing text size and page zooming in firefox,
      Alison Rowland, LP: #512556
    - Fixed guilabel usage in modem section. Alex Wardle, LP: #521243
    - Updated button and tab names in Static Connections section,
      Alex Wardle, LP: #521508
    - Typo fix in adsl section. Alex Wardle, LP: #525349
    - Removed unused and empty basics.xml, LP: #525431
    - Minor wording update to directions for sharing folders via nautilus,
      Connor Imes, LP: #518175
    - Use 'NetworkManager' not 'Network Manager' for consistency, Connor Imes
      LP: #518107
    - Update to troubleshooting mobile devices, Connor Imes, LP: #453459
    - Adjusted description of NetworkManager applet icons, Connor Imes
      LP: #440826
    - Additions to VPN section of connecting guide, Alex Wardle, LP: #452647
    - Expanded on using config files for vpn connections, Connor Imes
    - Command line substitution for Services utility which is not in Karmic or
      Lucid, Connor Imes, LP: #518460
    - Structural and language changes + updates for UI changes, Phil Bull
  * Musicvideophotos:
    - Added section for recording and editing video, Book 'em Dano, LP: #367569
  * Newtoubuntu:
    - Complete rewrite, Matthew East
  * Printing:
    - Simple Scan replaced xsane for scanning documents, Alex Wardle, LP: #546193
  * Serverguide:
    - Rename link to serverguide in advanced-topics.xml, Gilbert
      Mendoza, LP: #505708
    - Use distro-short-codename variable for vmbuilder documentation in
      serverguide rather than static version example, Connor Imes,. LP: #509653
    - Small fixes to security chapter, Connor Imes, LP: #510703
    - Small fixes from Nathan Handler, LP: #507624
    - Configuration change for OpenLDAP, Connor Imes, LP: #511090
    - Refresh of network-config section, Gilbert Mendoza, LP: #506800
    - Update manpage links to use distro-short-codename, Connor Imes
    - Changed OpenLDAP replication to use single Provider/Consumer configuration,
      Adam Sommer
    - Removed grub-password-security section - it does not apply to Grub2,
      Gilbert Mendoza, LP: #384148
    - Reference Grub2 community doc page for advanced configuration directions,
      Connor Imes, LP: #437446
    - Added necessary configuration options for apt Periodic in automatic-updates
      section, Connor Imes, LP: #532661
    - Added subsections for consumer and provider configuration steps, Adam Sommer
    - Changed TLS Replication section to use Single-Master scheme, Adam Sommer
    - Clarified Postfix TLS/SSL using a CA configuration steps, Adam Sommer,
      LP: #518289
    - Changed Apache2 Subversion configuration to use VirtualHost file instead
      of apache2.conf, Adam Sommer, LP: #515298.
    - Adding Ubuntu Wiki links to each section's Resources subsection, Adam Sommer
    - Added note in mail section about some packages being in multiverse,
      Connor Imes, LP: #509355
    - Use default serverguide index.html file location for accessing serverguide
      in terminal, Connor Imes, LP: #537167#
    - Updated to use Grub2 directions, Connor Imes, LP: #533582
    - Updated MySQL information for mysql-server-5.1, Adam Sommer
    - Replaced screen-profiles with byobu project, Adam Sommer
    - Changed egrep command with kvm-ok script, Adam Sommer
    - Removed references to likewise-open5, Adam Sommer
    - Add reporting-bugs.xml - Steve Beattie
    - Replaced Eucalyptus section with information on UEC, Adam Sommer
    - Updated command and configuration mistakes in vpn.xml, Adam Sommer
      LP: #489819
    - Replaced update-motd section with newer pam_motd, Adam Sommer, LP: #496184
    - Updated LocalSettings.php command for new file path, and recommending upping
      the memory limit based on feedback from Cornelius Brümmer, Adam Sommer
    - Updated Installation section for Lucid, and added row seperator for UEC
      requirement tables, Adam Sommer
    - Changed OpenLDAP TLS/SSL options to use gnutls to create certificate instead
      of OpenSSL, Adam Sommer
  * Switching/Windows:
    - Updated dualboot section to use startupmanager for changing
      boot options (valid for Grub and Grub2), Connor Imes
    - Fixed 'Ubuntu Ubuntu' typo, Alex Wardle, LP: #526083
    - Removed old string from Windows section and copied correct string to
      Switching guide, Connor Imes, LP: #527905
    - Split off directions for exporting favorites in IE8. Broke different
      IE versions down into subsections, Connor Imes, LP: #528808
 -- Matthew East <mdke@ubuntu.com>   Mon, 29 Mar 2010 07:56:15 +0100

Changed in ubuntu-docs (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Tomas Cassidy (tomas-cassidy) wrote on 2010-03-29:

#5

I think there is either a bug in the docs or in one of the scripts/tools used in the guide.

I got up to the section "Enter the following to create the server certificates:". After running the command "./pkitool --initca", it generated the following output with the last line being continuously repeated. I had to hit ^C (CTRL-C) to exit the script and return to the bash prompt (after waiting for ~2 mins for the script to stop scrolling the last line). I repeated the commands "./clean-all", "./build-dh", and "./pkitool --initca" multiple times with the same result (except that the amout of . and + characters printed from the pkitool output changed every time).

$ ./pkitool --initca
Using CA Common Name: TEST_ORG CA
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'ca.key'
-----
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long

Changed in ubuntu-docs (Ubuntu):
status:	Fix Released → Confirmed

Revision history for this message

asifanwar (asif-anwar) wrote on 2010-03-30: Re: [Bug 489819] Re: Serverguide OpenVPN page has incorrect install instructions

#6

Download full text (3.9 KiB)

Muhammad Asif Anwar
Cell No: +92-300-8885072begin_of_the_skype_highlighting +92-300-8885072 end_of_the_skype_highlighting
Ph No: +92-608-362928begin_of_the_skype_highlighting +92-608-362928 end_of_the_skype_highlighting
Pakistan.

________________________________
From: Tomas Cassidy <email address hidden>
To: <email address hidden>
Sent: Tue, March 30, 2010 4:18:33 AM
Subject: [Bug 489819] Re: Serverguide OpenVPN page has incorrect install instructions

I think there is either a bug in the docs or in one of the scripts/tools
used in the guide.

I got up to the section "Enter the following to create the server
certificates:". After running the command "./pkitool --initca", it
generated the following output with the last line being continuously
repeated. I had to hit ^C (CTRL-C) to exit the script and return to the
bash prompt (after waiting for ~2 mins for the script to stop scrolling
the last line). I repeated the commands "./clean-all", "./build-dh",
and "./pkitool --initca" multiple times with the same result (except
that the amout of . and + characters printed from the pkitool output
changed every time).

$ ./pkitool --initca
Using CA Common Name: TEST_ORG CA
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'ca.key'
-----
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long

** Changed in: ubuntu-docs (Ubuntu)
Status: Fix Released => Confirmed

--
Serverguide OpenVPN page has incorrect install instructions
https://bugs.launchpad.net/bugs/489819
You received this bug notification because you are subscribed to ubuntu-
docs in ubuntu.

Status in “ubuntu-docs” package in Ubuntu: Confirmed

Bug description:
Binary package hint: ubuntu-docs

$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 9.10
Release:    9.10
Codename:    karmic

$ apt-cache policy openvpn
openvpn:
  Installed: 2.1~rc19-1ubuntu2
  Candidate: 2.1~rc19-1ubuntu2
  Version table:
*** 2.1~rc19-1ubuntu2 0
        500 http://mirror.optus.net karmic/main Packages
        100 /var/lib/dpkg/status

I tried to install and configure OpenVPN using the instructions provided at https://help.ubuntu.com/9.10/serverguide/C/openvpn.html but they appear to be incorrect.

eg.
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/" and "Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your e...

Muhammad Asif Anwar 
Cell No: +92-300-8885072begin_of_the_skype_highlighting              +92-300-8885072      end_of_the_skype_highlighting
Ph No: +92-608-362928begin_of_the_skype_highlighting              +92-608-362928      end_of_the_skype_highlighting
Pakistan.

________________________________
From: Tomas Cassidy <tomas.cassidy+launchpad@gmail.com>
To: asif.anwar@ymail.com
Sent: Tue, March 30, 2010 4:18:33 AM
Subject: [Bug 489819] Re: Serverguide OpenVPN page has incorrect install instructions

I think there is either a bug in the docs or in one of the scripts/tools
used in the guide.

I got up to the section "Enter the following to create the server
certificates:".  After running the command "./pkitool --initca", it
generated the following output with the last line being continuously
repeated.  I had to hit ^C (CTRL-C) to exit the script and return to the
bash prompt (after waiting for ~2 mins for the script to stop scrolling
the last line).  I repeated the commands "./clean-all", "./build-dh",
and "./pkitool --initca" multiple times with the same result (except
that the amout of . and + characters printed from the pkitool output
changed every time).

$ ./pkitool --initca
Using CA Common Name: TEST_ORG CA
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'ca.key'
-----
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long

** Changed in: ubuntu-docs (Ubuntu)
      Status: Fix Released => Confirmed

-- 
Serverguide OpenVPN page has incorrect install instructions
https://bugs.launchpad.net/bugs/489819
You received this bug notification because you are subscribed to ubuntu-
docs in ubuntu.

Status in “ubuntu-docs” package in Ubuntu: Confirmed

Bug description:
Binary package hint: ubuntu-docs

$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 9.10
Release:    9.10
Codename:    karmic

$ apt-cache policy openvpn
openvpn:
  Installed: 2.1~rc19-1ubuntu2
  Candidate: 2.1~rc19-1ubuntu2
  Version table:
*** 2.1~rc19-1ubuntu2 0
        500 http://mirror.optus.net karmic/main Packages
        100 /var/lib/dpkg/status

I tried to install and configure OpenVPN using the instructions provided at https://help.ubuntu.com/9.10/serverguide/C/openvpn.html but they appear to be incorrect.

eg.
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/" and "Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment: ".
The vars file appears to be copied to /etc/openvpn/2.0/vars using the provided instructions, but the user is told to edit it at /etc/openvpn/easy-rsa/vars.

"cd /etc/openvpn/easy-rsa/easy-rsa" gives "-bash: cd: /etc/openvpn/easy-rsa/easy-rsa: No such file or directory"

"./clean-all" gives "mkdir: cannot create directory `/etc/openvpn/easy-rsa/keys': Permission denied"
This command (and possibly others) appears to require sudo/root privs, but is not marked as such.  Only the final command in the list with that command uses sudo.

There are possibly other errors on this page as I haven't checked any further apart from the listed examples above.  I don't know enough about openvpn to say what the correct commands should be, but they are definitely incorrect in some places.

Revision history for this message

Connor Imes (ckimes) wrote on 2010-03-31:

#7

This was fixed in the Lucid development branch, please don't re-open fixed bugs. You can view the development docs at http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html
Thank you.

Changed in ubuntu-docs (Ubuntu):
status:	Confirmed → Fix Released

Revision history for this message

Gert Kruger (hgkrug1) wrote on 2017-08-25:

#8

I am working with Ubuntu 16.04. Seems Bug #489819 reported by Tomas Cassidy on 2009-11-29 is still an issue?

Revision history for this message

Gert Kruger (hgkrug1) wrote on 2017-08-25:

#9

Solution for Bug #489819 reported by Tomas Cassidy. Use "sudo su"

Revision history for this message

Gunnar Hjalmarsson (gunnarhj) wrote on 2017-08-27:

#10

@Gert: Please note that this bug report was closed long time ago. Please file a new bug report.

https://bugs.launchpad.net/serverguide/+filebug

Ubuntu
ubuntu-docs package

Serverguide OpenVPN page has incorrect install instructions

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntuubuntu-docs package

Serverguide OpenVPN page has incorrect install instructions

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
ubuntu-docs package