Page MenuHomeVyOS Platform

Generating vpn x509 key pair fails with command not found
Open, Requires assessmentPublicBUG


To reproduce the bug:

vyos@crux-test:~$ generate vpn x509 key-pair test
sudo: /opt/vyatta/sbin//vyatta-gen-x509-keypair: command not found

Tested and issue exists on all release trains.


Difficulty level
Easy (less than an hour)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

The main issue seems to be a lack of execute permissions on the script vyatta-gen-x509-keypair

Fixing that issue however seems to indicate the script has further issues

vyos@crux-test:~$ sudo chmod +x /opt/vyatta/sbin/vyatta-gen-x509-keypair
vyos@crux-test:~$ generate vpn x509 key-pair test
error on line -1 of /etc/key-pair.template
139925418890896:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/etc/key-pair.template','rb')
139925418890896:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:178:
139925418890896:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:195:
Viacheslav added a subscriber: SrividyaA.

Providing an entire path of the file i.e. /opt/vyatta/etc/key-pair.template instead of "@sysconfdir@/key-pair.template", makes the command executable.
IPSec VPN in X509 mode needs ca cert file, also server/client cert has to be signed by the CA for identification.
So, maybe rewriting this script will be helpful.
Any suggestions are welcome.

vyos@R2:~$ generate vpn x509 key-pair example
Generating a RSA private key
writing new private key to '/config/auth/example.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) []:
State Name []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, department) []:
Common Name (eg, Device hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password (optional) []: