I have a bunch of linux routers all meshed together running Ubuntu 8.04.3 with OpenVPN. I added a new Ubuntu Jaunty 9.04 router into the mix today, copied my generated private key via scp to the new box and setup a new connector back to another site. When I the VPN using my firewall script I wrote I was getting the following error:
/usr/sbin/openvpn-vulnkey:22: DeprecationWarning: the md5 module is deprecated; use hashlib instead
In the daemon.log file under /var/log I was getting the following:
Oct 25 19:52:42 bunbline1 ovpn-bunbury-dunsborough: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1545,tun-mtu 1500,proto UDPv4,ifconfig 10.5.15.1 10.5.15.2,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Oct 25 19:52:42 bunbline1 ovpn-bunbury-dunsborough: Local Options hash (VER=V4): 'bd07f87b'
Oct 25 19:52:42 bunbline1 ovpn-bunbury-dunsborough: Expected Remote Options hash (VER=V4): '47793853'
Oct 25 19:52:42 bunbline1 ovpn-bunbury-dunsborough: failed to find GID for group nobody
Oct 25 19:52:42 bunbline1 ovpn-bunbury-dunsborough: Exiting
In previous versions of ubuntu there was a group called nobody, now in ubuntu 9 there is just a group called nogroup with a GID of 65534. In previous versions of ubuntu the group nobody had a GID of 1002 so I recreated it with the same GID.
groupadd -g 1002 nobody
OpenVPN failed again, this time I got the following error in the daemon.log file upon restarting it:
Oct 25 20:04:10 bunbline1 ovpn-bunbury-dunsborough: chroot to '/var/empty' failed: No such file or directory (errno=2)
In previous versions of ubuntu yes you may have guessed their was a directory called /var/empty. Make this directory with
Now when I start the VPN I get the following:
However its no longer saying failed... it is coming up as OK and data is passing through the VPN perfectly fine. However it is not liking the key I generated on ubuntu 8 by the looks of it... however it is accepting it. I got it working but if anyone has more information on this, please do leave a comment.