Serverguide OpenVPN page has incorrect install instructions

Bug #489819 reported by Tomas Cassidy on 2009-11-29
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ubuntu-docs (Ubuntu)
High
Adam Sommer

Bug Description

Binary package hint: ubuntu-docs

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 9.10
Release: 9.10
Codename: karmic

$ apt-cache policy openvpn
openvpn:
  Installed: 2.1~rc19-1ubuntu2
  Candidate: 2.1~rc19-1ubuntu2
  Version table:
 *** 2.1~rc19-1ubuntu2 0
        500 http://mirror.optus.net karmic/main Packages
        100 /var/lib/dpkg/status

I tried to install and configure OpenVPN using the instructions provided at https://help.ubuntu.com/9.10/serverguide/C/openvpn.html but they appear to be incorrect.

eg.
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/" and "Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment: ".
The vars file appears to be copied to /etc/openvpn/2.0/vars using the provided instructions, but the user is told to edit it at /etc/openvpn/easy-rsa/vars.

"cd /etc/openvpn/easy-rsa/easy-rsa" gives "-bash: cd: /etc/openvpn/easy-rsa/easy-rsa: No such file or directory"

"./clean-all" gives "mkdir: cannot create directory `/etc/openvpn/easy-rsa/keys': Permission denied"
This command (and possibly others) appears to require sudo/root privs, but is not marked as such. Only the final command in the list with that command uses sudo.

There are possibly other errors on this page as I haven't checked any further apart from the listed examples above. I don't know enough about openvpn to say what the correct commands should be, but they are definitely incorrect in some places.

Related branches

Connor Imes (ckimes) on 2009-12-15
Changed in ubuntu-docs (Ubuntu):
importance: Undecided → High
tags: added: serverguide
Darkmike (mikefaille) wrote :

To fix this bug, I siggest this step (diff like):

- sudo mkdir /etc/openvpn/easy-rsa/
 -sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/
+sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
- edit /etc/openvpn/easy-rsa/vars
+ edit /etc/openvpn/easy-rsa/2.0/vars
-cd /etc/openvpn/easy-rsa/easy-rsa
+cd /etc/openvpn/easy-rsa/2.0
[...]
--Client Certificates--
cd /etc/openvpn/easy-rsa/2.0
Copy the following files to the client:

-/etc/openvpn/easy-rsa/hostname.ovpn
+/etc/openvpn/easy-rsa/2.0/hostname.ovpn
-/etc/openvpn/easy-rsa/ca.crt
+/etc/openvpn/easy-rsa/2.0/ca.crt
-/etc/openvpn/easy-rsa/hostname.crt
+/etc/openvpn/easy-rsa/2.0/hostname.crt
-/etc/openvpn/easy-rsa/hostname.key
+/etc/openvpn/easy-rsa/2.0/hostname.key
-/etc/openvpn/easy-rsa/ta.key
+/etc/openvpn/easy-rsa/2.0/ta.key

Changed in ubuntu-docs (Ubuntu):
status: New → Confirmed
building39 (mlm-v2) wrote :

The posted patch seems to take a small step towards correcting this bug.

Client certification instructions as still wrong. After:
cd /etc/openvpn/easy-rsa/2.0
source vars
./pkitool hostname

the hostname files do not exist in the path /etc/openvpn/easy-rsa/2.0/hostname.{crt,key},
but do exist in /etc/openvpn/easy-rsa/2.0/keys. The file hostname.ovpn does not appear to exist anywhere.

the files ca.crt and ta.key now exist in /etc/openvpn, and not in /etc/openvpn/easy-rsa/2.0

It really doesn't look like the author of this documentation actually tested these instructions for accuracy.

Adam Sommer (asommer) wrote :

Thanks for reporting this bug and helping make Ubuntu better. I've committed a fix to the Lucid branch revision 488. I believe all configuration and command examples should now be accurate.

You will be able to see a draft version of the document here:

  http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html

All feedback is greatly appreciated.

Thanks again.

Changed in ubuntu-docs (Ubuntu):
assignee: nobody → Adam Sommer (asommer)
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (5.5 KiB)

This bug was fixed in the package ubuntu-docs - 10.04.2

---------------
ubuntu-docs (10.04.2) lucid; urgency=low

  * General:
    - Fixes to scripts/fix-url.sh (including LP: #482862)
    - Fix character encoding in contributors.xml (LP: #448618)
    - Updated version in browser-startpage html files, LP: #526320
    - Refresh pot files
  * Add-applications:
    - Updates for UI changes, Phil Bull
  * Config-desktop:
    - Added topic on changing window buttons from the left, Phil Bull
  * Hardware:
    - Added mention of gsynaptics, Connor Imes, LP: #450567
  * Internet:
    - Refresh list of plugins supplied by ubuntu-restricted-extras, branch
      from Nathan Murray, LP: #504981
    - Updates to reflect that Ekiga no longer installed by default, Connor Imes,
      LP: #508572
    - Grammar fix from Alex Wardle, LP: #517776
    - Order adjustment for shares-admin usage, Alex Wardle, LP: #518119
    - Button name change for shares-admin app, Alex Wardle, LP: #518170
    - Use unlock icon in networking section, Alex Wardle, LP: #518117
    - Updated directions on changing text size and page zooming in firefox,
      Alison Rowland, LP: #512556
    - Fixed guilabel usage in modem section. Alex Wardle, LP: #521243
    - Updated button and tab names in Static Connections section,
      Alex Wardle, LP: #521508
    - Typo fix in adsl section. Alex Wardle, LP: #525349
    - Removed unused and empty basics.xml, LP: #525431
    - Minor wording update to directions for sharing folders via nautilus,
      Connor Imes, LP: #518175
    - Use 'NetworkManager' not 'Network Manager' for consistency, Connor Imes
      LP: #518107
    - Update to troubleshooting mobile devices, Connor Imes, LP: #453459
    - Adjusted description of NetworkManager applet icons, Connor Imes
      LP: #440826
    - Additions to VPN section of connecting guide, Alex Wardle, LP: #452647
    - Expanded on using config files for vpn connections, Connor Imes
    - Command line substitution for Services utility which is not in Karmic or
      Lucid, Connor Imes, LP: #518460
    - Structural and language changes + updates for UI changes, Phil Bull
  * Musicvideophotos:
    - Added section for recording and editing video, Book 'em Dano, LP: #367569
  * Newtoubuntu:
    - Complete rewrite, Matthew East
  * Printing:
    - Simple Scan replaced xsane for scanning documents, Alex Wardle, LP: #546193
  * Serverguide:
    - Rename link to serverguide in advanced-topics.xml, Gilbert
      Mendoza, LP: #505708
    - Use distro-short-codename variable for vmbuilder documentation in
      serverguide rather than static version example, Connor Imes,. LP: #509653
    - Small fixes to security chapter, Connor Imes, LP: #510703
    - Small fixes from Nathan Handler, LP: #507624
    - Configuration change for OpenLDAP, Connor Imes, LP: #511090
    - Refresh of network-config section, Gilbert Mendoza, LP: #506800
    - Update manpage links to use distro-short-codename, Connor Imes
    - Changed OpenLDAP replication to use single Provider/Consumer configuration,
      Adam Sommer
    - Removed grub-password-security section - it does not apply to Grub2,
      Gilbert Mendoza, LP: #384148
    - Refere...

Read more...

Changed in ubuntu-docs (Ubuntu):
status: Fix Committed → Fix Released
Tomas Cassidy (tomas-cassidy) wrote :

I think there is either a bug in the docs or in one of the scripts/tools used in the guide.

I got up to the section "Enter the following to create the server certificates:". After running the command "./pkitool --initca", it generated the following output with the last line being continuously repeated. I had to hit ^C (CTRL-C) to exit the script and return to the bash prompt (after waiting for ~2 mins for the script to stop scrolling the last line). I repeated the commands "./clean-all", "./build-dh", and "./pkitool --initca" multiple times with the same result (except that the amout of . and + characters printed from the pkitool output changed every time).

$ ./pkitool --initca
Using CA Common Name: TEST_ORG CA
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'ca.key'
-----
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long

Changed in ubuntu-docs (Ubuntu):
status: Fix Released → Confirmed
Download full text (3.9 KiB)

Muhammad Asif Anwar
Cell No: +92-300-8885072begin_of_the_skype_highlighting              +92-300-8885072      end_of_the_skype_highlighting
Ph No: +92-608-362928begin_of_the_skype_highlighting              +92-608-362928      end_of_the_skype_highlighting
Pakistan.

________________________________
From: Tomas Cassidy <email address hidden>
To: <email address hidden>
Sent: Tue, March 30, 2010 4:18:33 AM
Subject: [Bug 489819] Re: Serverguide OpenVPN page has incorrect install instructions

I think there is either a bug in the docs or in one of the scripts/tools
used in the guide.

I got up to the section "Enter the following to create the server
certificates:".  After running the command "./pkitool --initca", it
generated the following output with the last line being continuously
repeated.  I had to hit ^C (CTRL-C) to exit the script and return to the
bash prompt (after waiting for ~2 mins for the script to stop scrolling
the last line).  I repeated the commands "./clean-all", "./build-dh",
and "./pkitool --initca" multiple times with the same result (except
that the amout of . and + characters printed from the pkitool output
changed every time).

$ ./pkitool --initca
Using CA Common Name: TEST_ORG CA
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'ca.key'
-----
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long
string is too long, it needs to be less than  2 bytes long

** Changed in: ubuntu-docs (Ubuntu)
      Status: Fix Released => Confirmed

--
Serverguide OpenVPN page has incorrect install instructions
https://bugs.launchpad.net/bugs/489819
You received this bug notification because you are subscribed to ubuntu-
docs in ubuntu.

Status in “ubuntu-docs” package in Ubuntu: Confirmed

Bug description:
Binary package hint: ubuntu-docs

$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 9.10
Release:    9.10
Codename:    karmic

$ apt-cache policy openvpn
openvpn:
  Installed: 2.1~rc19-1ubuntu2
  Candidate: 2.1~rc19-1ubuntu2
  Version table:
*** 2.1~rc19-1ubuntu2 0
        500 http://mirror.optus.net karmic/main Packages
        100 /var/lib/dpkg/status

I tried to install and configure OpenVPN using the instructions provided at https://help.ubuntu.com/9.10/serverguide/C/openvpn.html but they appear to be incorrect.

eg.
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/" and "Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your e...

Read more...

Connor Imes (ckimes) wrote :

This was fixed in the Lucid development branch, please don't re-open fixed bugs. You can view the development docs at http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html
Thank you.

Changed in ubuntu-docs (Ubuntu):
status: Confirmed → Fix Released
Gert Kruger (hgkrug1) wrote :

I am working with Ubuntu 16.04. Seems Bug #489819 reported by Tomas Cassidy on 2009-11-29 is still an issue?

Gert Kruger (hgkrug1) wrote :

Solution for Bug #489819 reported by Tomas Cassidy. Use "sudo su"

Gunnar Hjalmarsson (gunnarhj) wrote :

@Gert: Please note that this bug report was closed long time ago. Please file a new bug report.

https://bugs.launchpad.net/serverguide/+filebug

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers