OpenVPN troubleshooting: "cannot load DH parameters...&

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
csundar
DD-WRT Novice


Joined: 20 Jan 2007
Posts: 15

PostPosted: Thu Feb 08, 2007 2:27    Post subject: OpenVPN troubleshooting: "cannot load DH parameters...& Reply with quote
I have a wrt54gl v1.1 with v23 SP2 VPN (9/15/06). Created certificates and followed the instructions from the wiki (http://www.dd-wrt.com/wiki/index.php/OpenVPN) and have the following startup:

Code:
cd /tmp
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

echo "
# Tunnel options
mode server       # Set OpenVPN major mode
proto udp         # Setup the protocol (server)
port 1194         # TCP/UDP port number
dev tap0          # TUN/TAP virtual network device
keepalive 15 60   # Simplify the expression of --ping
daemon            # Become a daemon after all initialization
verb 3            # Set output verbosity to n
comp-lzo          # Use fast LZO compression

# OpenVPN server mode options
client-to-client  # tells OpenVPN to internally route client-to-client traffic
duplicate-cn      # Allow multiple clients with the same common name

# TLS Mode Options
tls-server        # Enable TLS and assume server role during TLS handshake
ca ca.crt         # Certificate authority (CA) file
dh dh1024.pem     # File containing Diffie Hellman parameters
cert server.crt   # Local peer's signed certificate
key server.key    # Local peer's private key
" > openvpn.conf

echo "
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
" > ca.crt
echo "
-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----
" > server.key
chmod 600 server.key
echo "
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
" > server.crt
echo "
-----BEGIN DH PARAMETERS-----

-----END DH PARAMETERS-----
" > dh1024.pem

sleep 5
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config openvpn.conf


and iptables:

Code:
/usr/sbin/iptables -I INPUT -p udp --dport 1194 -j ACCEPT


I opened the ca.crt, server.key, server.crt, and dh1024.pem files in notepad and copied the text into the commands field (firefox 2.0.0.1) before saving it. after rebooting the router the log file shows the following errors for OpenVPN:

Quote:
Jan 1 00:00:23 DD-WRT daemon.notice openvpn[229]: OpenVPN 2.0.7 mipsel-unknown-linux [SSL] [LZO] [EPOLL] built on Sep 15 2006
Jan 1 00:00:23 DD-WRT daemon.err openvpn[229]: Cannot load DH parameters from dh1024.pem: error:0906D066:lib(9):func(109):reason(102)
Jan 1 00:00:23 DD-WRT daemon.notice openvpn[229]: Exiting


I've seen the other posts around about this issue, but the solution which all have used was the issue of the line breaks. I checked that and there was no change to the system. any advice appreciated.

thanks

_________________
WRT54GL v1.1
DD-WRT v23 SP2 VPN + 1GB SD Card
Sponsor
csundar
DD-WRT Novice


Joined: 20 Jan 2007
Posts: 15

PostPosted: Fri Feb 09, 2007 3:59    Post subject: Reply with quote
so after some trial and error I discovered what the problem what which I was having:

I had extra spaces around all of the keys.
ie:
Code:
-----BEGIN CERTIFICATE-----

XXXXX....
....XXXX

-----END CERTIFICATE-----


instead of:

Code:
-----BEGIN CERTIFICATE-----
XXXXX....
....XXXX
-----END CERTIFICATE-----

_________________
WRT54GL v1.1
DD-WRT v23 SP2 VPN + 1GB SD Card
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum