Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password for private key is empty #372

Closed
LKay opened this issue Oct 8, 2017 · 12 comments
Closed

Password for private key is empty #372

LKay opened this issue Oct 8, 2017 · 12 comments

Comments

@LKay
Copy link

@LKay LKay commented Oct 8, 2017

Console output of pivpn debug

::: Generating Debug Output
:::                                     :::
::              PiVPN Debug              ::
:::                                     :::
::      Latest Commit                    ::
:::                                     :::
commit 454b755116d8cad6b67b56ac15a7235ceac02b5a
Merge: b3ebdb8 f385a3e
Author: redfast00 <redfast00@users.noreply.github.com>
Date:   Sat Aug 12 14:15:34 2017 +0200

    Merge pull request #333 from jhealy86/patch-1

    fix markdown link syntax
:::                                     :::
::      Recursive list of files in       ::
::      /etc/openvpn/easy-rsa/pki        ::
:::                                     :::
/etc/openvpn/easy-rsa/pki/:
ca.crt
crl.pem
Default.txt
dh2048.pem
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
private
serial
serial.old
ta.key

/etc/openvpn/easy-rsa/pki/issued:
server.crt

/etc/openvpn/easy-rsa/pki/private:
ca.key
server.key
:::                                     :::
::      Output of /etc/pivpn/*           ::
:::                                     :::
:: START /etc/pivpn/DET_PLATFORM ::
Raspbian
:: END /etc/pivpn/DET_PLATFORM ::
:: START /etc/pivpn/INSTALL_PORT ::
1194
:: END /etc/pivpn/INSTALL_PORT ::
:: START /etc/pivpn/INSTALL_PROTO ::
udp
:: END /etc/pivpn/INSTALL_PROTO ::
:: START /etc/pivpn/INSTALL_USER ::
pi
:: END /etc/pivpn/INSTALL_USER ::
:: START /etc/pivpn/NO_UFW ::
1
:: END /etc/pivpn/NO_UFW ::
:: START /etc/pivpn/pivpnINTERFACE ::
eth0
:: END /etc/pivpn/pivpnINTERFACE ::
:: START /etc/pivpn/REVOKE_STATUS ::
1
:: END /etc/pivpn/REVOKE_STATUS ::
:::                                     :::
:: /etc/openvpn/easy-rsa/pki/Default.txt ::
:::                                     :::
client
dev tun
proto udp
remote vpn.local 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
:::                                     :::
::      Debug Output Complete            ::
:::                                     :::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.txt
:::

Issue

Creating new user with both pivpn add or pivpn add nopass succeeds but if I create a profile with password the generated .ovpn file when imported to OpenVPN client doest not connect and returns error saying: Core exception: connection error: PEM_PASSWORD_FAILED: PolarSSL error parsing config private key : PK - Private key password can't be empty.

It however works and connects fine when profile is generated without password. Looks like the password entered for pivpn add is ignored and private key for profile is created with empty password.

@4s3ti

This comment has been minimized.

Copy link
Member

@4s3ti 4s3ti commented Oct 8, 2017

That's Odd!! even yesterday installed PiVPN on a couple of times on a VPS and it worked perfectly! =S

don't even know what to think of this! =S can be the case of some special character you are entering the cause of the issue? try with a simple password like 12345 just for testing purposes ...

@LKay

This comment has been minimized.

Copy link
Author

@LKay LKay commented Oct 8, 2017

I tried even simple passwords like 12345678 or testtest and none have worked. I also tried to change private key encryption as described here or here and nothing works. I can only connect to the server if profile is created using pivpn add nopass which does not require any password (poor security).

@4s3ti

This comment has been minimized.

Copy link
Member

@4s3ti 4s3ti commented Oct 8, 2017

that's gotta be a local issue on your side....

Just tested 5++ new pivpn installs today and none gave me that kind of issue!

Wondering how can we track such thing!

@killermosi

This comment has been minimized.

Copy link

@killermosi killermosi commented Oct 9, 2017

No issues here, too, I have installed PiVPN on a fresh Stretch install and the keys generated just fine.

Is it possible to attach one of the faulty .ovpn files? (just be sure to edit out any sensitive info, like the server name and half or more of the certificate/keys where present)

@4s3ti

This comment has been minimized.

Copy link
Member

@4s3ti 4s3ti commented Oct 30, 2017

Closing issue, assuming issue resolved.

@LKay any further questions post here .. I will reopen if needed!

@4s3ti 4s3ti closed this Oct 30, 2017
@gorbehnare

This comment has been minimized.

Copy link

@gorbehnare gorbehnare commented Oct 27, 2018

Hello

I am experiencing exact same issue. This is a brand new Raspberry Pi3 with new installation of PiVPN (this is my first time setting this up).

Anyone found any solutions or know how or why this happens?

Best regards

@gorbehnare

This comment has been minimized.

Copy link

@gorbehnare gorbehnare commented Oct 27, 2018

Here are the client error:
CLIENT_EXCEPTION : connect error: PEM_PASSWORD_FAIL: mbed TLS: error parsing config private key : PK - Private key password can't be empty [FATAL-ERR] FATAL:CLIENT_EXCEPTION: connect error: PEM_PASSWORD_FAIL: mbed TLS: error parsing config private key : PK - Private key password can't be empty

@gorbehnare

This comment has been minimized.

Copy link

@gorbehnare gorbehnare commented Oct 27, 2018

After wasting almost an entire day I found the solution/work around in case anyone is stuck with this. The issue is not with the PiVPN, but with the OpenVPN client. Since this is my first time ever using OpenVPN I downloaded "OpenVPN Connect" as client, and this client does not ask for password when connecting.
Downloaded and installed full OpenVPN client (including OpenVPN GUI) and it must be "Run as Administrator" and it asks for password and connects without any issues.

@SamRavenWall

This comment has been minimized.

Copy link

@SamRavenWall SamRavenWall commented Nov 8, 2018

Thanks @gorbehnare ! I also downloaded open VPN connect instead of the openVPN client.

@b-scherer

This comment has been minimized.

Copy link

@b-scherer b-scherer commented Apr 28, 2019

Thank you @gorbehnare same issue here!

@J-Robinson042519

This comment has been minimized.

Copy link

@J-Robinson042519 J-Robinson042519 commented Nov 29, 2019

had the same issue. updated to openvpn connect ver 3.1.0 (890) and it worked.

@rmanalan

This comment has been minimized.

Copy link

@rmanalan rmanalan commented Jan 15, 2020

Same issue. I downloaded TunnelBlick for macos and it worked great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
You can’t perform that action at this time.