Vyos1.3.5 openvpn ./easyrsa build-client-full Client1 nopass error

viclv · February 27, 2024, 3:31am

vyos1.3.3
/config/auth/easy-rsa$ ./easyrsa build-client-full Client1 nopass
Generating keys for the client is working fine.

After upgrading to version 1.3.5（No configuration changes have been made.）, there is an error when generating client keys.
./easyrsa build-client-full Client2 nopass

Note: using Easy-RSA configuration from: ./vars
./easyrsa: line 327: /config/auth/easy-rsa/pki/safessl-easyrsa.cnf: Permission denied

Easy-RSA error:

Failed to update /config/auth/easy-rsa/pki/safessl-easyrsa.cnf

echowings · February 27, 2024, 3:34am

How about install a new vyos 1.3.5 by install it with iso file? Sometimes It need to fresh install it to solve the problem.

viclv · February 27, 2024, 3:38am

add system image /config/vyos-1.3.5-amd64.iso
reboot

echowings · February 27, 2024, 4:47am

No update on it. Install a new one from the iso file. Maybe the error will disappear. I met lots of scenarios just like this.

viclv · March 4, 2024, 2:44am

Can I continue using the certificates from before the upgrade
as they are being used on other devices?

echowings · March 4, 2024, 3:11am

You can backup and restore it. Check path /config/auth

viclv · March 4, 2024, 3:26am

Yes, the system configuration can be restored by using a backup script.
But have you tested if OpenVPN is functional?

echowings · March 4, 2024, 3:41am

I prefer to wireguard than OpenVPN. It is faster and easy to configure. I replaced all kinds of VPNs with wireguard. I think openVPN has the same function. to read the certs form file in /config/auth/

Karen_24 · March 4, 2024, 6:55am

I wanted to extend my sincere thanks for your amazing ideas. They’ve opened up new avenues for exploration. Valero Credit Card

echowings · March 5, 2024, 5:48am

chown -R root:vyatta /config/auth/easy-ras/
chmod -R 755 /config/auth/easy-ras/