Ubuntu
ubuntu-docs package

Serverguide OpenVPN page has incorrect install instructions

Bug #489819 reported by Tomas Cassidy on 2009-11-29

This bug affects 4 people

Affects

Status

Importance

Assigned to

Milestone

ubuntu-docs (Ubuntu)

Fix Released

High

Adam Sommer

You need to log in to change this bug's status.

Affecting:	ubuntu-docs (Ubuntu)
Filed here by:	Tomas Cassidy
When:	2009-11-29
Confirmed:	2009-12-22
Assigned:	2010-03-24
Started work:	2010-03-31
Completed:	2010-03-31

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	High

Assigned to

	Me
	Adam Sommer (asommer)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

Binary package hint: ubuntu-docs

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 9.10
Release: 9.10
Codename: karmic

$ apt-cache policy openvpn
openvpn:
  Installed: 2.1~rc19-1ubuntu2
  Candidate: 2.1~rc19-1ubuntu2
  Version table:
*** 2.1~rc19-1ubuntu2 0
        500 http://mirror.optus.net karmic/main Packages
        100 /var/lib/dpkg/status

I tried to install and configure OpenVPN using the instructions provided at https://help.ubuntu.com/9.10/serverguide/C/openvpn.html but they appear to be incorrect.

eg.
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/" and "Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment: ".
The vars file appears to be copied to /etc/openvpn/2.0/vars using the provided instructions, but the user is told to edit it at /etc/openvpn/easy-rsa/vars.

"cd /etc/openvpn/easy-rsa/easy-rsa" gives "-bash: cd: /etc/openvpn/easy-rsa/easy-rsa: No such file or directory"

"./clean-all" gives "mkdir: cannot create directory `/etc/openvpn/easy-rsa/keys': Permission denied"
This command (and possibly others) appears to require sudo/root privs, but is not marked as such. Only the final command in the list with that command uses sudo.

There are possibly other errors on this page as I haven't checked any further apart from the listed examples above. I don't know enough about openvpn to say what the correct commands should be, but they are definitely incorrect in some places.

Tags: Edit Tag help

Related branches

lp:ubuntu/lucid/ubuntu-docs

Connor Imes (ckimes) on 2009-12-15

Changed in ubuntu-docs (Ubuntu):
importance:	Undecided → High
tags:	added: serverguide

Darkmike (mikefaille) wrote on 2009-12-22:

To fix this bug, I siggest this step (diff like):

- sudo mkdir /etc/openvpn/easy-rsa/
-sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/
+sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
- edit /etc/openvpn/easy-rsa/vars
+ edit /etc/openvpn/easy-rsa/2.0/vars
-cd /etc/openvpn/easy-rsa/easy-rsa
+cd /etc/openvpn/easy-rsa/2.0
[...]
--Client Certificates--
cd /etc/openvpn/easy-rsa/2.0
Copy the following files to the client:

-/etc/openvpn/easy-rsa/hostname.ovpn
+/etc/openvpn/easy-rsa/2.0/hostname.ovpn
-/etc/openvpn/easy-rsa/ca.crt
+/etc/openvpn/easy-rsa/2.0/ca.crt
-/etc/openvpn/easy-rsa/hostname.crt
+/etc/openvpn/easy-rsa/2.0/hostname.crt
-/etc/openvpn/easy-rsa/hostname.key
+/etc/openvpn/easy-rsa/2.0/hostname.key
-/etc/openvpn/easy-rsa/ta.key
+/etc/openvpn/easy-rsa/2.0/ta.key

Changed in ubuntu-docs (Ubuntu):
status:	New → Confirmed

building39 (mlm-v2) wrote on 2010-02-19:

The posted patch seems to take a small step towards correcting this bug.

Client certification instructions as still wrong. After:
cd /etc/openvpn/easy-rsa/2.0
source vars
./pkitool hostname

the hostname files do not exist in the path /etc/openvpn/easy-rsa/2.0/hostname.{crt,key},
but do exist in /etc/openvpn/easy-rsa/2.0/keys. The file hostname.ovpn does not appear to exist anywhere.

the files ca.crt and ta.key now exist in /etc/openvpn, and not in /etc/openvpn/easy-rsa/2.0

It really doesn't look like the author of this documentation actually tested these instructions for accuracy.

Adam Sommer (asommer) wrote on 2010-03-24:

Thanks for reporting this bug and helping make Ubuntu better. I've committed a fix to the Lucid branch revision 488. I believe all configuration and command examples should now be accurate.

You will be able to see a draft version of the document here:

http://doc.ubuntu.com/ubuntu/serverguide/C/openvpn.html

All feedback is greatly appreciated.

Thanks again.

Changed in ubuntu-docs (Ubuntu):
assignee:	nobody → Adam Sommer (asommer)
status:	Confirmed → Fix Committed

Launchpad Janitor (janitor) wrote on 2010-03-29:

Download full text (5.5 KiB)

This bug was fixed in the package ubuntu-docs - 10.04.2

---------------
ubuntu-docs (10.04.2) lucid; urgency=low

  * General:
    - Fixes to scripts/fix-url.sh (including LP: #482862)
    - Fix character encoding in contributors.xml (LP: #448618)
    - Updated version in browser-startpage html files, LP: #526320
    - Refresh pot files
  * Add-applications:
    - Updates for UI changes, Phil Bull
  * Config-desktop:
    - Added topic on changing window buttons from the left, Phil Bull
  * Hardware:
    - Added mention of gsynaptics, Connor Imes, LP: #450567
  * Internet:
    - Refresh list of plugins supplied by ubuntu-restricted-extras, branch
      from Nathan Murray, LP: #504981
    - Updates to reflect that Ekiga no longer installed by default, Connor Imes,
      LP: #508572
    - Grammar fix from Alex Wardle, LP: #517776
    - Order adjustment for shares-admin usage, Alex Wardle, LP: #518119
    - Button name change for shares-admin app, Alex Wardle, LP: #518170
    - Use unlock icon in networking section, Alex Wardle, LP: #518117
    - Updated directions on changing text size and page zooming in firefox,
      Alison Rowland, LP: #512556
    - Fixed guilabel usage in modem section. Alex Wardle, LP: #521243
    - Updated button and tab names in Static Connections section,
      Alex Wardle, LP: #521508
    - Typo fix in adsl section. Alex Wardle, LP: #525349
    - Removed unused and empty basics.xml, LP: #525431
    - Minor wording update to directions for sharing folders via nautilus,
      Connor Imes, LP: #518175
    - Use 'NetworkManager' not 'Network Manager' for consistency, Connor Imes
      LP: #518107
    - Update to troubleshooting mobile devices, Connor Imes, LP: #453459
    - Adjusted description of NetworkManager applet icons, Connor Imes
      LP: #440826
    - Additions to VPN section of connecting guide, Alex Wardle, LP: #452647
    - Expanded on using config files for vpn connections, Connor Imes
    - Command line substitution for Services utility which is not in Karmic or
      Lucid, Connor Imes, LP: #518460
    - Structural and language changes + updates for UI changes, Phil Bull
  * Musicvideophotos:
    - Added section for recording and editing video, Book 'em Dano, LP: #367569
  * Newtoubuntu:
    - Complete rewrite, Matthew East
  * Printing:
    - Simple Scan replaced xsane for scanning documents, Alex Wardle, LP: #546193
  * Serverguide:
    - Rename link to serverguide in advanced-topics.xml, Gilbert
      Mendoza, LP: #505708
    - Use distro-short-codename variable for vmbuilder documentation in
      serverguide rather than static version example, Connor Imes,. LP: #509653
    - Small fixes to security chapter, Connor Imes, LP: #510703
    - Small fixes from Nathan Handler, LP: #507624
    - Configuration change for OpenLDAP, Connor Imes, LP: #511090
    - Refresh of network-config section, Gilbert Mendoza, LP: #506800
    - Update manpage links to use distro-short-codename, Connor Imes
    - Changed OpenLDAP replication to use single Provider/Consumer configuration,
      Adam Sommer
    - Removed grub-password-security section - it does not apply to Grub2,
      Gilbert Mendoza, LP: #384148
    - Refere...

Changed in ubuntu-docs (Ubuntu):
status:	Fix Committed → Fix Released

Tomas Cassidy (tomas-cassidy) wrote on 2010-03-29:

I think there is either a bug in the docs or in one of the scripts/tools used in the guide.

I got up to the section "Enter the following to create the server certificates:". After running the command "./pkitool --initca", it generated the following output with the last line being continuously repeated. I had to hit ^C (CTRL-C) to exit the script and return to the bash prompt (after waiting for ~2 mins for the script to stop scrolling the last line). I repeated the commands "./clean-all", "./build-dh", and "./pkitool --initca" multiple times with the same result (except that the amout of . and + characters printed from the pkitool output changed every time).

$ ./pkitool --initca
Using CA Common Name: TEST_ORG CA
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'ca.key'
-----
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long
string is too long, it needs to be less than 2 bytes long

Changed in ubuntu-docs (Ubuntu):
status:	Fix Released → Confirmed

asifanwar (asif-anwar) wrote on 2010-03-30: Re: [Bug 489819] Re: Serverguide OpenVPN page has incorrect install instructions

Download full text (3.9 KiB)

Muhammad Asif Anwar
Cell No: +92-300-8885072begin_of_the_skype_highlighting +92-300-8885072 end_of_the_skype_highlighting
Ph No: +92-608-362928begin_of_the_skype_highlighting +92-608-362928 end_of_the_skype_highlighting
Pakistan.

________________________________
From: Tomas Cassidy <email address hidden>
To: <email address hidden>
Sent: Tue, March 30, 2010 4:18:33 AM
Subject: [Bug 489819] Re: Serverguide OpenVPN page has incorrect install instructions

I think there is either a bug in the docs or in one of the scripts/tools
used in the guide.

I got up to the section "Enter the following to create the server
certificates:". After running the command "./pkitool --initca", it
generated the following output with the last line being continuously
repeated. I had to hit ^C (CTRL-C) to exit the script and return to the
bash prompt (after waiting for ~2 mins for the script to stop scrolling
the last line). I repeated the commands "./clean-all", "./build-dh",
and "./pkitool --initca" multiple times with the same result (except
that the amout of . and + characters printed from the pkitool output
changed every time).

** Changed in: ubuntu-docs (Ubuntu)
Status: Fix Released => Confirmed

--
Serverguide OpenVPN page has incorrect install instructions
https://bugs.launchpad.net/bugs/489819
You received this bug notification because you are subscribed to ubuntu-
docs in ubuntu.

Status in “ubuntu-docs” package in Ubuntu: Confirmed

Bug description:
Binary package hint: ubuntu-docs

$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 9.10
Release:    9.10
Codename:    karmic

$ apt-cache policy openvpn
openvpn:
Installed: 2.1~rc19-1ubuntu2
Candidate: 2.1~rc19-1ubuntu2
Version table:
*** 2.1~rc19-1ubuntu2 0
500 http://mirror.optus.net karmic/main Packages
100 /var/lib/dpkg/status

I tried to install and configure OpenVPN using the instructions provided at https://help.ubuntu.com/9.10/serverguide/C/openvpn.html but they appear to be incorrect.

eg.
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/" and "Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your e...

Other bug subscribers

Changed in ubuntu-docs (Ubuntu):
status:	Confirmed → Fix Released

Ubuntuubuntu-docs package

Serverguide OpenVPN page has incorrect install instructions

Bug Description

Related branches

Other bug subscribers

Ubuntu
ubuntu-docs package