Great question! I did think about including this!
On one of the machines hibby@raspberrypi:/etc/openvpn $ ls -l total 28 -rw-r--r-- 1 root root 1290 Sep 13 00:35 amprnet-vpn-ca.crt drwxr-xr-x 2 root root 4096 May 14 2021 client -rw-r--r-- 1 root root 212 Sep 15 00:07 client.conf -rw-r--r-- 1 root root 4014 Sep 14 23:55 client.crt -rw-r--r-- 1 root root 916 Sep 15 00:18 client.key
cheers Dh
On 17 Sep 2023, at 18:36, Apostolos Kefalas sv1ljj@raag.org wrote:
Do not shoot but... client.key file permissions?
On Sun, 2023-09-17 at 18:16 +0100, Dave Hibberd via 44net wrote:
Hi there, thanks for coming back - I’ve not missed that step, and this is what causes my confusion.
I’ve extracted the private key, put it in client.key as the instructions said.
I’ve done this across 3 different machines, one running just openvpn which my extract is from, one I am using openvpn network manager & gnome 3 and another running tunnelblik. On all 3 setups, it complains the key is missing when checking the logs and that password verification has failed, yet when checking in tqsl, it tells me the certificate is not password protected.
It sounds like all is for naught anyway if the server cert is expired,
Thanks anyway
DH
On 17 Sep 2023, at 17:51, Apostolos Kefalas sv1ljj@raag.org wrote:
Hello Dave,
OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Cannot load private key file /etc/openvpn/client.key Error: private key password verification failed
It seems to me that you have missed a step:
The private key needs to be extracted from the YOURCALL file.
This is in the file .tqsl/keys/MM0RFN and needs to be in /etc/openvpn/client.key
Be carefull to copy only the key and nothing else from this file. Also do not copy "<PRIVATE_KEY:916>" from the first line just the "-----BEGIN PRIVATE KEY--- --"
Unfortunately if you manage to setup correctly openvpn on your machine, still you are not going to have fun with AMPR, as the server certificate has expired. I have sent an e-mail on this list but it seems OH7LZB is not reachable from here.
I hope this helps
73 Apostolos, SV1LJJ
44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org