hi friend i need ur help in setting up open vpn i have two offices in diffrent location n i want to connect them through openvpn. one office will be server and other office will be client. i am using red hat5 in my both offices n i am setting openvpn in them but when i creating a certificate through openssl there is a error message which is as below.

OpenSSL> ca
Using configuration from /etc/pki/tls/openssl.cnf
Error opening CA private key ../../CA/private/cakey.pem
3267:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r')
3267:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key
error in ca

plz help me out buddy
thx

Why don't you use the openvpn easy-rsa tools to generate your openvpn certificates?

See the howto at www.openvpn.org.

Oh- and it isn't urgent to us.

Hello,
I think, what it's actually notified about a file doesn't existed.
If you not create certs and keys, make it to very easy with samples scripts into share/easy-rsa directory.

hi friends,
i have to connect my two offices n i am using redhat 5 n i am going through www.openvpn.org so i downloaded the openvpn-2.0.9.tar.gz and lzo-2.03.tar.gz from www.open.org, i downloaded both tar files in my /root/Desktop now i decompressed them by tar method by which i got them like this

[root@rhca Desktop]# ll
total 1284
drwxrwxrwx 13 1000 users 4096 Jan 21 17:48 lzo-2.03
-rw-r--r-- 1 root root 626042 Jan 18 21:22 lzo-2.03.tar.gz
drwxrwxrwx 16 root root 4096 Jan 21 17:52 openvpn-2.0.9
-rw-r--r-- 1 root root 669076 Jan 18 17:45 openvpn-2.0.9.tar.gz

now i did cd /root/desktop/openvpn-2.0.9 and did this command
./configure && make && make install
there was no problem so now my easy-rsa is in /root/desktop/openvpn/easy-rsa
now when i am in easy-rsa n giving this command then there is error message which is below

[root@rhca easy-rsa]# ./build-ca
you must define KEY_DIR

i also did from openssl n error message is like this

[root@rhca easy-rsa]# openssl
OpenSSL> ./build-ca
openssl:Error: './build-ca' is an invalid command.

the other error message is as below, i know there is some mistake in creating ca.

OpenSSL> ca
Using configuration from /etc/pki/tls/openssl.cnf
Error opening CA private key ../../CA/private/cakey.pem
16843:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r')
16843:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key
error in ca

so guys help out n thx in advance in helping me.

you need to do ./vars before you run ./build-ca
the KEY_DIR variable tells it where to store the keys that it creates i would use ../easy-rsa/keys


also what distro are you using? I don't imagine you want to install/run openVPN from /root/Desktop
so you may want to consider moving it the RPM installs it to /etc/openvpn/

pawan_lal: Please cease sending e-mails directly to users regarding this issue. You have opened a forum topic (several in fact), it is not appropriate to send unsolicted e-mail's requesting support.

pawan_lal: Please cease sending e-mails directly to users regarding this issue. You have opened a forum topic (several in fact), it is not appropriate to send unsolicted e-mail's requesting support.

If you have an urgent problem you should hire a systems consultant. If you want free help then you should be patient and wait until the VOLUNTEERS who respond to questions on this site get around to answering the questions in the order posted.

Ha, this bloke probably is that "systems consultant". Sounds like he's been put in charge of implementing a system that he doesn't understand. I love posts like this because you know that somewhere someone is catching hell for not being able to do something they said they could do.

If your urgent problem is in need of resolution, then you need to calm down and work at the problem with other people who want to help you, not spam everyone in the hopes that someone will do your job for you.

Also, the error you got seems quite self-explanatory to me and I can't understand why you would be in charge of putting an office-to-office VPN into any company if you can't resolve the matter yourself. Especially given the fact that this is a VPN - i.e. you're trying to *securely* connect two networks over an potentially insecure channel.

HOWTO's are to show people with a good idea of how things work in general and a little idea of how they work in practice, and a good grounding in the basic subjects necessary like IP, routing etc. to follow through a simple example. They are not designed to be cut-and-paste fix-alls for everyone.

Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. Your threads have now been merged.

Also as noted previously, content should be kept on the forums so please do not contact members by e-mail with regards to requesting help.