Ubuntu Server Guide

Missing variable in OpenVPN server setup guide

Bug #1504676 reported by Alexander Karatarakis on 2015-10-09

This bug affects 10 people

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu Server Guide	New	Undecided	Unassigned

Bug Description

I am referring to this guide: https://help.ubuntu.com/14.04/serverguide/openvpn.html
I am in the process of following it. There is a missing line in the proposed vars file that will cause ./build-ca to fail.

More specifically, as it is currently described in the guide, you will encounter this error when running ./build-ca:
"error on line 198 of /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
139640386487968:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 198"

The referenced line 198 reads:
"subjectAltName=$ENV::KEY_ALTNAMES"

To solve this the vars file needs an additional variable to be set:
export KEY_ALTNAMES="something"
(more info: http://ubuntuforums.org/showthread.php?t=2218935)

Therefore, the wiki could change the proposed vars file to this:

export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export <email address hidden>"
export KEY_CN=MyVPN
export KEY_NAME=MyVPN
export KEY_OU=MyVPN
export KEY_ALTNAMES="something"

and then ./build-ca will succeed.

Revision history for this message

Doug Smythies (dsmythies) wrote on 2015-10-09:

Thanks for taking the time to file a bug report. In your Ubuntu forums link, I see posts where people complain about this issue with the serverguide, but none of them bothered to file a bug report. How else would we know?

I see from post #11 of the Ubuntu forums link, that some better explanation might be needed for non U.S. users.

Revision history for this message

Michael van Eeden (mieg+ubuntuone) wrote on 2016-04-14:

I had the same problem, and just adding the key KEY_ALTNAMES solved my problem. post #11 is about not needing the Province field, but i think it is better to to just leave this field as it is (afaik most countries have provinces). As it is now openvpn is not working after a clean install, and just adding the key will fix this.

Greetings from The Netherlands (province NH),

Michael

Revision history for this message

JohnRB (rbxtnc) wrote on 2016-11-01:

This still exsist in easy-rsa 2.2.2-2 in 16.04 and 16.10 thanks for the bug report would have drove me crazy if I did not see this!

Revision history for this message

Justa Guy (nginus) wrote on 2017-08-20:

I encountered this issue following the OpenVPN guide in Ubuntu LTS (16.04) Server Guide at this URL: https://help.ubuntu.com/lts/serverguide/openvpn.html.

Thankfully the solution mentioned here solved it & allowed me to continue. Thanks, OP.

Louis VIART (petrucheqa) on 2017-09-24

no longer affects:

ubuntu

Revision history for this message

Fleish (lasnchpad) wrote on 2019-12-17:

This also impacts gen-crl

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.