Vyos1.3.5 openvpn ./easyrsa build-client-full Client1 nopass error

/config/auth/easy-rsa$ ./easyrsa build-client-full Client1 nopass
Generating keys for the client is working fine.

After upgrading to version 1.3.5(No configuration changes have been made.), there is an error when generating client keys.
./easyrsa build-client-full Client2 nopass

Note: using Easy-RSA configuration from: ./vars
./easyrsa: line 327: /config/auth/easy-rsa/pki/safessl-easyrsa.cnf: Permission denied

Easy-RSA error:

Failed to update /config/auth/easy-rsa/pki/safessl-easyrsa.cnf

How about install a new vyos 1.3.5 by install it with iso file? Sometimes It need to fresh install it to solve the problem.

add system image /config/vyos-1.3.5-amd64.iso

No update on it. Install a new one from the iso file. Maybe the error will disappear. I met lots of scenarios just like this.

Can I continue using the certificates from before the upgrade
as they are being used on other devices?

You can backup and restore it. Check path /config/auth

Yes, the system configuration can be restored by using a backup script.
But have you tested if OpenVPN is functional?

I prefer to wireguard than OpenVPN. It is faster and easy to configure. I replaced all kinds of VPNs with wireguard. I think openVPN has the same function. to read the certs form file in /config/auth/

I wanted to extend my sincere thanks for your amazing ideas. They’ve opened up new avenues for exploration. Valero Credit Card

chown -R root:vyatta /config/auth/easy-ras/
chmod -R 755 /config/auth/easy-ras/