Ask Your Question
0

Openvpn private key failure after upgrade to Fedora 29

asked 2018-11-15 09:20:58 -0500

tob gravatar image

updated 2018-11-20 04:50:04 -0500

hhlp gravatar image

I had a openvpn connection configured via NetworkManager which worked fine until I upgraded Fedora to 29. I verified with openssl that the private key and certificate do match and the key password is correct.

Output error from journalctl:

SIGUSR1[soft,private-key-password-failure] received, process restarting

This error is logged in loop until the connection times out.

Kernel 4.18.18-300.fc29.x86_64, packages:

NetworkManager-openvpn-1.8.8-1.fc29.x86_64

NetworkManager-openvpn-gnome-1.8.8-1.fc29.x86_64

openvpn-2.4.6-3.fc29.x86_64

I tried to configure the tunnel with adding a service with:

systemctl enable openvpn@MYVPN.service

And running with:

systemctl start openvpn@MYVPN.service

Also with no success.

I compiled Openvpn from sources with openssl from here: https://github.com/openssl/openssl

This is the error I get after trying to run `systemctl start openvpn@MYVPN.service:

Nov 15 16:10:34 myhost openvpn[5321]: Error: private key password verification failed

Nov 15 16:10:34 myhost openvpn[5321]: Exiting due to fatal error

Since I've run out of ideas I would be glad for any advice on this matter.

Thanks!

edit retag flag offensive close merge delete

Comments

Did you try to delete and recreate the OpenVPN connection within NetworkManager? Depending from which version you upgraded, config file settings for the VPN might have changed.

thomaswood gravatar imagethomaswood ( 2018-11-17 06:59:40 -0500 )edit

I did, also I configured a new conection from scratch - still the error message hasn't changed. I tried to change the key to a wrong one, save settings and point again to the correct key but as expected that didn't work either.

tob gravatar imagetob ( 2018-11-19 02:17:54 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-12-20 04:41:14 -0500

tob gravatar image

I am posting a solution to the problem in case anyone will encounter the same thing.

The private key which was working on Fedora 28 was using different encryption:

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,66F8ED9BC78AEEF5

I have no idea why it worked on 28 and stopped working on 29.

I have decrypted it and encrypted again using:

openssl rsa -in ssl.key.secure -out ssl.key - decrypting

openssl pkcs8 -topk8 -in ssl.key -out pkcs8.key - encrypting again

I havn't changed my certificate or configuration in any other way.

With the updated provate key I was able to use the vpn connection again.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-11-15 09:20:58 -0500

Seen: 154 times

Last updated: Nov 15 '18