Moin erst mal,
ich versuche schon seit gut 3 Tagen nach dem HowTO eine VPN Verbindung zu meiner endian herzu stelle. doch leider klappt es mit der Erstellung nicht.
Und so langsam zweifel ich an meine gesunden menschen verstand, und hoffe das ihr mich mal auf den richtigen weg weisen könnt, aber nun mal zu den fakten
habe mir auf meine Windows XP (Original mit allen Updates) die openvpn-2.1_rc15-install.exe installiert, und bin den Howto soweit gefolgt:
openssl.cnf.sample erweitre, um den Eintrag unter [Server ]
die datein erstelt
build-key-server-pkcs12.bat
build-key-client-pkcs12.bat
und in das Verzeichnis gepackt
dann der Anweisung gefolgt
- cmd-Fenster öffnen und ins easy-rsa wechseln
- init-config.bat ausfuehren
- vars.bat in Texteditor anpassen (KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG und KEY_EMAIL)
- vars.bat ausfuehren
- clean-all.bat ausfuehren
- build-ca.bat ausfuehren # alles mit Enter bestaetigen
- build-dh.bat ausfuehren # alles mit Enter bestaetigen
Schon da bekomme ich den Fehler:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
was mich schon sehr wunder tut, da ich ja nicht mit Linux hier arbeite sollte doch der Pfard c:\Programme\openvpn\easy-rsa lauten oder?
Dann habe ich die build-key-server-plcs12.bat ausführe bekomme ich folgenden Fehler;
C:\Programme\OpenVPN\easy-rsa>build-key-server-pkcs12.bat
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
....................++++++
......................++++++
writing new private key to 'keys\.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [SH]:
Locality Name (eg, city) [Kiel]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:endian
Email Address [test@test.de]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test1234
An optional company name []:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Using configuration from openssl.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
stateOrProvinceName :PRINTABLE:'SH'
localityName :PRINTABLE:'Kiel'
organizationName :PRINTABLE:'OpenVPN'
commonName :PRINTABLE:'endian'
emailAddress :IA5STRING:'test@test.de'
Certificate is to be certified until Feb 19 23:07:00 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
C:\Programme\OpenVPN\easy-rsa\keys\*.old konnte nicht gefunden werden
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
No certificate matches private key
C:\Programme\OpenVPN\easy-rsa\keys\*.old konnte nicht gefunden werdenUnd fast das legen in der client
C:\Programme\OpenVPN\easy-rsa>build-key-client-pkcs12.bat
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
......................++++++
...++++++
writing new private key to 'keys\.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [SH]:
Locality Name (eg, city) [Kiel]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:client
Email Address [test@test.de]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Using configuration from openssl.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
stateOrProvinceName :PRINTABLE:'SH'
localityName :PRINTABLE:'Kiel'
organizationName :PRINTABLE:'OpenVPN'
commonName :PRINTABLE:'client'
emailAddress :IA5STRING:'test@test.de'
Certificate is to be certified until Feb 19 23:05:00 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:Das seltsame ist das ich in den ersten versuchen jeweils auch denn Ordern Keys und die Datei index.txt erstellen musste damit ich überhaupt so weit komme.
Das keine Zertifikate erstellt wurden sonder nur .p12 Dateien wundert mich schon.
Lg Murmel