Missing variable in OpenVPN server setup guide

Bug #1504676 reported by Alexander Karatarakis
42
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Undecided
Unassigned

Bug Description

I am referring to this guide: https://help.ubuntu.com/14.04/serverguide/openvpn.html
I am in the process of following it. There is a missing line in the proposed vars file that will cause ./build-ca to fail.

More specifically, as it is currently described in the guide, you will encounter this error when running ./build-ca:
"error on line 198 of /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
139640386487968:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 198"

The referenced line 198 reads:
"subjectAltName=$ENV::KEY_ALTNAMES"

To solve this the vars file needs an additional variable to be set:
export KEY_ALTNAMES="something"
(more info: http://ubuntuforums.org/showthread.php?t=2218935)

Therefore, the wiki could change the proposed vars file to this:

export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export <email address hidden>"
export KEY_CN=MyVPN
export KEY_NAME=MyVPN
export KEY_OU=MyVPN
export KEY_ALTNAMES="something"

and then ./build-ca will succeed.

Revision history for this message
Doug Smythies (dsmythies) wrote :

Thanks for taking the time to file a bug report. In your Ubuntu forums link, I see posts where people complain about this issue with the serverguide, but none of them bothered to file a bug report. How else would we know?

I see from post #11 of the Ubuntu forums link, that some better explanation might be needed for non U.S. users.

Revision history for this message
Michael van Eeden (mieg+ubuntuone) wrote :

I had the same problem, and just adding the key KEY_ALTNAMES solved my problem. post #11 is about not needing the Province field, but i think it is better to to just leave this field as it is (afaik most countries have provinces). As it is now openvpn is not working after a clean install, and just adding the key will fix this.

Greetings from The Netherlands (province NH),

Michael

Revision history for this message
JohnRB (rbxtnc) wrote :

This still exsist in easy-rsa 2.2.2-2 in 16.04 and 16.10 thanks for the bug report would have drove me crazy if I did not see this!

Revision history for this message
Justa Guy (nginus) wrote :

I encountered this issue following the OpenVPN guide in Ubuntu LTS (16.04) Server Guide at this URL: https://help.ubuntu.com/lts/serverguide/openvpn.html.

Thankfully the solution mentioned here solved it & allowed me to continue. Thanks, OP.

Louis VIART (petrucheqa)
no longer affects: ubuntu
Revision history for this message
Fleish (lasnchpad) wrote :

This also impacts gen-crl

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers