# OpenVPN server in ezjail - errors



## euphrus (Jun 20, 2016)

First - thank you for reading. I appreciate all the help I can get - FreeBSD is awesome!!!

Current problem:

I'm attempting to start openvpn with `openvpn /usr/local/etc/openvpn/openvpn.conf`
Then, I receive the following error:

```
Mon Jun 20 21:27:29 2016 OpenVPN 2.3.11 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jun  5 2016
Mon Jun 20 21:27:29 2016 library versions: OpenSSL 1.0.1s-freebsd  1 Mar 2016, LZO 2.09
Mon Jun 20 21:27:29 2016 Could not retrieve default gateway from route socket:: No such process (errno=3)
Mon Jun 20 21:27:29 2016 Diffie-Hellman initialized with 2048 bit key
Mon Jun 20 21:27:29 2016 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
Mon Jun 20 21:27:29 2016 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Mon Jun 20 21:27:29 2016 Cannot load certificate file /usr/local/etc/openvpn/certs/server.crt
Mon Jun 20 21:27:29 2016 Exiting due to fatal error
```

host file - /etc/devfs.rules

```
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path zfs unhide

[devfsrules_unhide_tun=5]
add path tun0 unhide

[devfsrules_jail_vpn_example_com=6]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path zfs unhide
add include $devfsrules_unhide_tun
```

host file - /usr/local/etc/ezjail/vpn_example_com

```
export jail_vpn_example_com_hostname="vpn.example.com"
export jail_vpn_example_com_ip="em0|192.168.1.4/32,lo1|127.168.1.4/32"
export jail_vpn_example_com_rootdir="/usr/jails/vpn.example.com"
export jail_vpn_example_com_exec_start="/bin/sh /etc/rc"
export jail_vpn_example_com_exec_stop=""
export jail_vpn_example_com_mount_enable="YES"
export jail_vpn_example_com_devfs_enable="YES"
export jail_vpn_example_com_devfs_ruleset="devfsrules_jail_vpn.example.com"
export jail_vpn_example_com_procfs_enable="YES"
export jail_vpn_example_com_fdescfs_enable="YES"
export jail_vpn_example_com_image=""
export jail_vpn_example_com_imagetype=""
export jail_vpn_example_com_attachparams=""
export jail_vpn_example_com_attachblocking=""
export jail_vpn_example_com_forceblocking=""
export jail_vpn_example_com_zfs_datasets=""
export jail_vpn_example_com_cpuset=""
export jail_vpn_example_com_fib="0"
export jail_vpn_example_com_parentzfs=""
export jail_vpn_example_com_parameters=""
export jail_vpn_example_com_post_start_script=""
export jail_vpn_example_com_retention_policy=""
export jail_vpn_example_com_exec_prestart0="ifconfig tun0 10.8.0.1 10.8.0.2 netmask 255.255.255.0"
export jail_vpn_example_com_exec_prestart1="route add -net 10.8.0.0/24 10.8.0.2"
```

host file - /etc/rc.conf

```
hostname="warden.example.com"

sshd_enable="YES"
dumpdev="AUTO"
zfs_enable="YES"
ezjail_enable="YES"
gateway_enable="YES"

ifconfig_em0="inet 192.168.1.100 netmask 255.255.255.0"
ifconfig_em0_ipv6="inet6 accept_rtadv"
defaultrouter="192.168.1.1"

cloned_interfaces="lo1 tun0"
```

I've been reading these:
thread 22143
thread 35436


----------

