Page MenuHomeVyOS Platform

OpenVPN processes do not have permission to read key files generated with `run generate openvpn key`
Open, Unbreak Now!PublicBUG

Description

run generate openvpn key gives the key file 600 permissions with root:vyattacfg as the owner, but OpenVPN can't read such files.

# run show log openvpn
Sep 12 09:13:40 reki systemd[1]: openvpn@vtun1.service: Failed with result 'exit-code'.
Sep 12 09:13:45 reki openvpn-vtun1[3436]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Sep 12 09:13:45 reki openvpn-vtun1[3436]: Options error: --secret fails with '/config/auth/sentrium.key': Permission denied (errno=13)
Sep 12 09:13:45 reki systemd[1]: openvpn@vtun1.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 09:13:45 reki openvpn-vtun1[3436]: Options error: Please correct these errors.
Sep 12 09:13:45 reki systemd[1]: openvpn@vtun1.service: Failed with result 'exit-code'.
Sep 12 09:13:45 reki openvpn-vtun1[3436]: Use --help for more information.

# ls -alh /config/auth/sentrium.key
-rw------- 1 root vyattacfg 637 Oct 13  2017 /config/auth/sentrium.key

Details

Difficulty level
Easy (less than an hour)
Version
1.3.0-rc6
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

dmbaturin triaged this task as Unbreak Now! priority.Sun, Sep 12, 2:19 AM
dmbaturin created this task.