Unable to reach OpenVPN DNS /Public IP URL

openvpn google-cloud-platform point-to-site-vpn

Solution 1:

I reached out to OpenVPN Support team and they were able to help confirm the rootcause and provided a solution.

There is something wrong with your certificates or the configuration of it. It's basically telling you what's wrong.

"error", "cert bundle validation error: [Errno 2] No such file or directory: u'':

Looks like the value for cs.ca_bundle is empty. The configuration key should either not be present at all (not set to empty) so it falls back to the built-in self-signed certificates, or it should contain a path to a file that contains the CA bundle, or it should contain the CA certificate bundle in-line. But it should not be empty, and it looks like it is empty.

"error", "certificate validation error: [('PEM routines', 'get_name', 'no start line')]: "error", "private key validation error: [('PEM routines', 'get_name', 'no start line')]:

Looks like whatever you put into the cs.cert and cs.priv_key value is not valid, or whatever it is finding there doesn't have the correct start line that a PEM type certificate or private key should have.

It's no wonder that the web interface doesn't work right. It doesn't have what it needs to start up correctly. I suggest you roll Access Server back to self-signed certificates. That should get your web interface working again. And then work on putting the correct and valid certificates in.

I believe this document can help you further: https://openvpn.net/vpn-server-resource ... rtificate/

Particularly these instructions will generate self-signed certificates and configure them for use in Access Server (run commands as root user):

Regenerate self-signed certificates (overwrites existing ones):
cd /usr/local/openvpn_as/scripts/
./certool -d /usr/local/openvpn_as/etc/web-ssl --type ca --unique --cn "OpenVPN Web CA"
./certool -d /usr/local/openvpn_as/etc/web-ssl --type server --remove_csr --sn_off --serial 1 --name server --cn vpn.example.com
./sacli start

Remove web certificates and keys from the configuration (so it falls back to self-signed certs you just created):

cd /usr/local/openvpn_as/scripts/
./sacli --key "cs.cert" ConfigDel
./sacli --key “cs.priv_key” ConfigDel
./sacli --key "cs.ca_bundle" ConfigDel
./sacli --key "cs.ca_key" ConfigDel

./sacli start

Thanks to @Johnan OVPN community See full answer here

Related

What is the safest way to allow a developer to edit 3 Puppet modules?
High CPU usage by Apache/MySQL
How can I assign multiple IPv6 addresses with DHCPv6 to a single interface?
What is the recommended puppet server directory layout?
CloudFlare giving error 522 without HTTPS
Does Amazon MQ support rabbitmq-consistent-hash-exchange
Puppet agent on Windows unless doesn't work how I think?
Is it possible to get puppet to combine recursive and non-recursive changes to a given directory
Cannot connect to bastion host in AWS
Can't connect to my google cloud server via RDP
DMARC for AmazonSES fails. Why?
netsystemsresearch.com on my internal network