X509::parse_pem error

[onyx-and-iris]

Hello. I just tried running DockOVPN on a Debian 12 installation and got the following error:

X509::parse_pem: error in cert::error:0909006C:PEM routines:get_name:no start line

After importing the client config and attempting to connect to the VPN server.

I ran it with docker compose.

I checked the container logs and they showed:

Thu Sep 28 12:10:14 2023 Creating tun/tap device.

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.


Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.

Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
139958193924936:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
139958193924936:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
139966222678856:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
139966222678856:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
140247333944136:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
140247333944136:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
140676264024904:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
140676264024904:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
139785261484872:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
139785261484872:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.

2023-09-28 12:10:14 WARNING: Using --genkey --secret filename is DEPRECATED.  Use --genkey secret filename instead.

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.

cp: can't stat 'pki/dh.pem': No such file or directory
cp: can't stat 'pki/ca.crt': No such file or directory
cp: can't stat 'pki/issued/MyReq.crt': No such file or directory
cp: can't stat 'pki/private/MyReq.key': No such file or directory
cp: can't stat 'pki/crl.pem': No such file or directory
Thu Sep 28 12:10:14 2023 Dockovpn v1.11.2

2023-09-28 12:10:14 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2023-09-28 12:10:14 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
Options error: --ca fails with '/etc/openvpn/ca.crt': No such file or directory (errno=2)
Options error: --cert fails with '/etc/openvpn/MyReq.crt': No such file or directory (errno=2)
2023-09-28 12:10:14 WARNING: cannot stat file '/etc/openvpn/MyReq.key': No such file or directory (errno=2)
Options error: --key fails with '/etc/openvpn/MyReq.key': No such file or directory (errno=2)
Options error: --crl-verify fails with '/etc/openvpn/crl.pem': No such file or directory (errno=2)
Options error: Please correct these errors.

Using docker run -it --rm --cap-add=NET_ADMIN -p 1194:1194/udp -p 80:8080/tcp --name dockovpn alekslitvinenk/openvpn directly works and I'm able to connect to the VPN server.

[alekslitvinenk]

Hi @onyx-and-iris

Thanks a lot for reporting this issue.
Can you please tell us how exactly you run dockovpn using docker-compose? and which version of Dockovpn you use?

[onyx-and-iris]

I used the docker-compose file in the repository with the command:

echo HOST_ADDR=$(curl -s https://api.ipify.org) > .env && docker compose up -d && docker compose exec -d dockovpn wget -O /doc/Dockovpn/client.ovpn localhost:8080

I used the image tagged Latest:

REPOSITORY               TAG       IMAGE ID       CREATED        SIZE
alekslitvinenk/openvpn   latest    e9f1c8bedcfb   6 weeks ago    17.4MB

It creates a directory openvpn_conf/clients/<client-id>/client.ovpn. I'm unable to connect with this client.ovpn file and the logs show the errors above.

[Pentaonia]

Hey all,
the errors for me are kind of similar. I'm using the same approach as @onyx-and-iris.

dockovpn_1  | Fri Oct 20 09:23:12 2023 Creating tun/tap device.
dockovpn_1  | cp: can't stat 'pki/dh.pem': No such file or directory
dockovpn_1  | cp: can't stat 'pki/ca.crt': No such file or directory
dockovpn_1  | cp: can't stat 'pki/issued/MyReq.crt': No such file or directory
dockovpn_1  | cp: can't stat 'pki/private/MyReq.key': No such file or directory
dockovpn_1  | cp: can't stat 'pki/crl.pem': No such file or directory
dockovpn_1  | Fri Oct 20 09:23:12 2023 Dockovpn v1.11.2
dockovpn_1  | 2023-10-20 09:23:12 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
dockovpn_1  | 2023-10-20 09:23:12 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
dockovpn_1  | Options error: --ca fails with '/etc/openvpn/ca.crt': No such file or directory (errno=2)
dockovpn_1  | Options error: --cert fails with '/etc/openvpn/MyReq.crt': No such file or directory (errno=2)
dockovpn_1  | 2023-10-20 09:23:12 WARNING: cannot stat file '/etc/openvpn/MyReq.key': No such file or directory (errno=2)
dockovpn_1  | Options error: --key fails with '/etc/openvpn/MyReq.key': No such file or directory (errno=2)
dockovpn_1  | Options error: --crl-verify fails with '/etc/openvpn/crl.pem': No such file or directory (errno=2)
dockovpn_1  | Options error: Please correct these errors.
dockovpn_1  | Use --help for more information.

All the

[Pentaonia]

Hey all, I just found a workaround:

1. Run the container normally
   docker run -it --rm --cap-add=NET_ADMIN \ -p 1194:1194/udp -p 8585:8080/tcp \ --name dockovpn alekslitvinenk/openvpn
2. Copy the necessary directory:
   sudo docker cp dockovpn:/opt/Dockovpn_data ./openvpn_conf
3. Run your container via docker-compose and use your generated configuration for that.

I know that's not the best solution but I think at the moment a handy workaround.