正在请求 OpenVPN 私钥密码

正在请求 OpenVPN 私钥密码

自从我上次系统更新以来,现有的 OpenVPN 连接停止工作,因为它开始请求“私钥密码”(请注意,这不是“用户密码”,正如应该的那样)。

如果我测试连接或配置,OpenVPN 会随时询问我:

Enter Private Key Password: (press TAB for no echo) 

嗯,我没有钥匙密码,多年来从未需要过它。我确实有我的用户密码并且配置正确(并且已经工作多年)。

  • OpenVPN 或 OpenSSL 中是否有任何变化可能导致行为改变?

  • 我怎样才能进一步诊断,也许,从我的客户端解决这个问题(我将无法接触服务器)?


我正在使用 OpenSUSE Tumbleweed 20230409


相关包:

S | Name                  | Type    | Version    | Arch   | Repository
--+-----------------------+---------+------------+--------+----------------------
i | libopenssl1_1         | package | 1.1.1t-3.1 | x86_64 | Main Repository (OSS)
i | libopenssl3           | package | 3.0.8-2.4  | x86_64 | Main Repository (OSS)
i | libopenssl3-x86-64-v3 | package | 3.0.8-2.4  | x86_64 | Main Repository (OSS)
i | openssl               | package | 3.0.8-1.2  | noarch | Main Repository (OSS)
i | openssl-1_1           | package | 1.1.1t-3.1 | x86_64 | Main Repository (OSS)
i | openssl-3             | package | 3.0.8-2.4  | x86_64 | Main Repository (OSS)
i | openvpn               | package | 2.5.9-1.2  | x86_64 | Main Repository (OSS)

配置非常简单:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-128-GCM
auth SHA1
tls-client
client
resolv-retry infinite
remote remote.server.com 1194 udp
lport 0
verify-x509-name "remote.server.com" name
auth-user-pass
pkcs12 '/etc/openvpn/my-server-vpn-UDP4-1194-remote.server.com.p12'
tls-auth '/etc/openvpn/my-server-vpn-UDP4-1194-remote.server.com-tls.key' 1
remote-cert-tls server
comp-lzo adaptive
auth-nocache
reneg-sec 36000
keepalive 10 60
auth-user-pass '/etc/openvpn/user-auth'
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
script-security 2
up /etc/openvpn/client.up
up-restart
down /etc/openvpn/client.down
down-pre

完整输出:

localhost:/etc/openvpn # openvpn --verb 6 --config /etc/openvpn/my_server_vpn.conf 
2023-04-14 14:48:06 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2023-04-14 14:48:06 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-04-14 14:48:06 us=623497 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-04-14 14:48:06 us=629459 Current Parameter Settings:
2023-04-14 14:48:06 us=629501   config = '/etc/openvpn/my_server_vpn.conf'
2023-04-14 14:48:06 us=629517   mode = 0
2023-04-14 14:48:06 us=629531   persist_config = DISABLED
2023-04-14 14:48:06 us=629543   persist_mode = 1
2023-04-14 14:48:06 us=629557   show_ciphers = DISABLED
2023-04-14 14:48:06 us=629570   show_digests = DISABLED
2023-04-14 14:48:06 us=629584   show_engines = DISABLED
2023-04-14 14:48:06 us=629596   genkey = DISABLED
2023-04-14 14:48:06 us=629609   genkey_filename = '[UNDEF]'
2023-04-14 14:48:06 us=629623   key_pass_file = '[UNDEF]'
2023-04-14 14:48:06 us=629636   show_tls_ciphers = DISABLED
2023-04-14 14:48:06 us=629652   connect_retry_max = 0
2023-04-14 14:48:06 us=629668 Connection profiles [0]:
2023-04-14 14:48:06 us=629683   proto = udp
2023-04-14 14:48:06 us=629697   local = '[UNDEF]'
2023-04-14 14:48:06 us=629711   local_port = '0'
2023-04-14 14:48:06 us=629725   remote = 'remote.server.com'
2023-04-14 14:48:06 us=629738   remote_port = '1194'
2023-04-14 14:48:06 us=629752   remote_float = DISABLED
2023-04-14 14:48:06 us=629765   bind_defined = DISABLED
2023-04-14 14:48:06 us=629779   bind_local = ENABLED
2023-04-14 14:48:06 us=629792   bind_ipv6_only = DISABLED
2023-04-14 14:48:06 us=629806   connect_retry_seconds = 5
2023-04-14 14:48:06 us=629820   connect_timeout = 120
2023-04-14 14:48:06 us=629834   socks_proxy_server = '[UNDEF]'
2023-04-14 14:48:06 us=629847   socks_proxy_port = '[UNDEF]'
2023-04-14 14:48:06 us=629861   tun_mtu = 1500
2023-04-14 14:48:06 us=629874   tun_mtu_defined = ENABLED
2023-04-14 14:48:06 us=629888   link_mtu = 1500
2023-04-14 14:48:06 us=629901   link_mtu_defined = DISABLED
2023-04-14 14:48:06 us=629915   tun_mtu_extra = 0
2023-04-14 14:48:06 us=629929   tun_mtu_extra_defined = DISABLED
2023-04-14 14:48:06 us=629943   mtu_discover_type = -1
2023-04-14 14:48:06 us=629956   fragment = 0
2023-04-14 14:48:06 us=629970   mssfix = 1450
2023-04-14 14:48:06 us=629984   explicit_exit_notification = 0
2023-04-14 14:48:06 us=629997   tls_auth_file = '[INLINE]'
2023-04-14 14:48:06 us=630011   key_direction = 1
2023-04-14 14:48:06 us=630024   tls_crypt_file = '[UNDEF]'
2023-04-14 14:48:06 us=630038   tls_crypt_v2_file = '[UNDEF]'
2023-04-14 14:48:06 us=630052 Connection profiles END
2023-04-14 14:48:06 us=630065   remote_random = DISABLED
2023-04-14 14:48:06 us=630079   ipchange = '[UNDEF]'
2023-04-14 14:48:06 us=630092   dev = 'tun'
2023-04-14 14:48:06 us=630106   dev_type = '[UNDEF]'
2023-04-14 14:48:06 us=630119   dev_node = '[UNDEF]'
2023-04-14 14:48:06 us=630133   lladdr = '[UNDEF]'
2023-04-14 14:48:06 us=630147   topology = 1
2023-04-14 14:48:06 us=630160   ifconfig_local = '[UNDEF]'
2023-04-14 14:48:06 us=630174   ifconfig_remote_netmask = '[UNDEF]'
2023-04-14 14:48:06 us=630188   ifconfig_noexec = DISABLED
2023-04-14 14:48:06 us=630201   ifconfig_nowarn = DISABLED
2023-04-14 14:48:06 us=630214   ifconfig_ipv6_local = '[UNDEF]'
2023-04-14 14:48:06 us=630228   ifconfig_ipv6_netbits = 0
2023-04-14 14:48:06 us=630241   ifconfig_ipv6_remote = '[UNDEF]'
2023-04-14 14:48:06 us=630255   shaper = 0
2023-04-14 14:48:06 us=630269   mtu_test = 0
2023-04-14 14:48:06 us=630282   mlock = DISABLED
2023-04-14 14:48:06 us=630296   keepalive_ping = 10
2023-04-14 14:48:06 us=630309   keepalive_timeout = 60
2023-04-14 14:48:06 us=630323   inactivity_timeout = 0
2023-04-14 14:48:06 us=630336   inactivity_minimum_bytes = 0
2023-04-14 14:48:06 us=630350   ping_send_timeout = 10
2023-04-14 14:48:06 us=630363   ping_rec_timeout = 60
2023-04-14 14:48:06 us=630377   ping_rec_timeout_action = 2
2023-04-14 14:48:06 us=630390   ping_timer_remote = DISABLED
2023-04-14 14:48:06 us=630404   remap_sigusr1 = 0
2023-04-14 14:48:06 us=630417   persist_tun = ENABLED
2023-04-14 14:48:06 us=630431   persist_local_ip = DISABLED
2023-04-14 14:48:06 us=630444   persist_remote_ip = DISABLED
2023-04-14 14:48:06 us=630458   persist_key = ENABLED
2023-04-14 14:48:06 us=630471   passtos = DISABLED
2023-04-14 14:48:06 us=630484   resolve_retry_seconds = 1000000000
2023-04-14 14:48:06 us=630498   resolve_in_advance = DISABLED
2023-04-14 14:48:06 us=630511   username = '[UNDEF]'
2023-04-14 14:48:06 us=630525   groupname = '[UNDEF]'
2023-04-14 14:48:06 us=630538   chroot_dir = '[UNDEF]'
2023-04-14 14:48:06 us=630552   cd_dir = '[UNDEF]'
2023-04-14 14:48:06 us=630565   writepid = '[UNDEF]'
2023-04-14 14:48:06 us=630578   up_script = '/etc/openvpn/client.up'
2023-04-14 14:48:06 us=630592   down_script = '/etc/openvpn/client.down'
2023-04-14 14:48:06 us=630606   down_pre = ENABLED
2023-04-14 14:48:06 us=630620   up_restart = ENABLED
2023-04-14 14:48:06 us=630633   up_delay = DISABLED
2023-04-14 14:48:06 us=630646   daemon = DISABLED
2023-04-14 14:48:06 us=630660   inetd = 0
2023-04-14 14:48:06 us=630673   log = DISABLED
2023-04-14 14:48:06 us=630687   suppress_timestamps = DISABLED
2023-04-14 14:48:06 us=630700   machine_readable_output = DISABLED
2023-04-14 14:48:06 us=630714   nice = 0
2023-04-14 14:48:06 us=630734   verbosity = 6
2023-04-14 14:48:06 us=630748   mute = 0
2023-04-14 14:48:06 us=630762   gremlin = 0
2023-04-14 14:48:06 us=630776   status_file = '[UNDEF]'
2023-04-14 14:48:06 us=630790   status_file_version = 1
2023-04-14 14:48:06 us=630814   status_file_update_freq = 60
2023-04-14 14:48:06 us=630839   occ = ENABLED
2023-04-14 14:48:06 us=630860   rcvbuf = 0
2023-04-14 14:48:06 us=630880   sndbuf = 0
2023-04-14 14:48:06 us=630899   mark = 0
2023-04-14 14:48:06 us=630918   sockflags = 0
2023-04-14 14:48:06 us=630937   fast_io = DISABLED
2023-04-14 14:48:06 us=630957   comp.alg = 2
2023-04-14 14:48:06 us=630980   comp.flags = 1
2023-04-14 14:48:06 us=631002   route_script = '[UNDEF]'
2023-04-14 14:48:06 us=631022   route_default_gateway = '[UNDEF]'
2023-04-14 14:48:06 us=631043   route_default_metric = 0
2023-04-14 14:48:06 us=631066   route_noexec = DISABLED
2023-04-14 14:48:06 us=631089   route_delay = 0
2023-04-14 14:48:06 us=631115   route_delay_window = 30
2023-04-14 14:48:06 us=631142   route_delay_defined = DISABLED
2023-04-14 14:48:06 us=631169   route_nopull = DISABLED
2023-04-14 14:48:06 us=631194   route_gateway_via_dhcp = DISABLED
2023-04-14 14:48:06 us=631220   allow_pull_fqdn = DISABLED
2023-04-14 14:48:06 us=631241   management_addr = '[UNDEF]'
2023-04-14 14:48:06 us=631263   management_port = '[UNDEF]'
2023-04-14 14:48:06 us=631284   management_user_pass = '[UNDEF]'
2023-04-14 14:48:06 us=631305   management_log_history_cache = 250
2023-04-14 14:48:06 us=631331   management_echo_buffer_size = 100
2023-04-14 14:48:06 us=631357   management_write_peer_info_file = '[UNDEF]'
2023-04-14 14:48:06 us=631385   management_client_user = '[UNDEF]'
2023-04-14 14:48:06 us=631411   management_client_group = '[UNDEF]'
2023-04-14 14:48:06 us=631437   management_flags = 0
2023-04-14 14:48:06 us=631466   shared_secret_file = '[UNDEF]'
2023-04-14 14:48:06 us=631490   key_direction = 1
2023-04-14 14:48:06 us=631515   ciphername = 'AES-256-CBC'
2023-04-14 14:48:06 us=631538   ncp_enabled = ENABLED
2023-04-14 14:48:06 us=631563   ncp_ciphers = 'AES-128-GCM:AES-256-CBC'
2023-04-14 14:48:06 us=631591   authname = 'SHA1'
2023-04-14 14:48:06 us=631620   prng_hash = 'SHA1'
2023-04-14 14:48:06 us=631643   prng_nonce_secret_len = 16
2023-04-14 14:48:06 us=631668   keysize = 0
2023-04-14 14:48:06 us=631695   engine = DISABLED
2023-04-14 14:48:06 us=631721   replay = ENABLED
2023-04-14 14:48:06 us=631747   mute_replay_warnings = DISABLED
2023-04-14 14:48:06 us=631773   replay_window = 64
2023-04-14 14:48:06 us=631800   replay_time = 15
2023-04-14 14:48:06 us=631825   packet_id_file = '[UNDEF]'
2023-04-14 14:48:06 us=631851   test_crypto = DISABLED
2023-04-14 14:48:06 us=631878   tls_server = DISABLED
2023-04-14 14:48:06 us=631900   tls_client = ENABLED
2023-04-14 14:48:06 us=631924   ca_file = '[UNDEF]'
2023-04-14 14:48:06 us=631947   ca_path = '[UNDEF]'
2023-04-14 14:48:06 us=631971   dh_file = '[UNDEF]'
2023-04-14 14:48:06 us=631995   cert_file = '[UNDEF]'
2023-04-14 14:48:06 us=632022   extra_certs_file = '[UNDEF]'
2023-04-14 14:48:06 us=632052   priv_key_file = '[UNDEF]'
2023-04-14 14:48:06 us=632076   pkcs12_file = '/etc/openvpn/my-server-vpn-UDP4-1194-remote.server.com.p12'
2023-04-14 14:48:06 us=632133   cipher_list = '[UNDEF]'
2023-04-14 14:48:06 us=632163   cipher_list_tls13 = '[UNDEF]'
2023-04-14 14:48:06 us=632191   tls_cert_profile = '[UNDEF]'
2023-04-14 14:48:06 us=632214   tls_verify = '[UNDEF]'
2023-04-14 14:48:06 us=632238   tls_export_cert = '[UNDEF]'
2023-04-14 14:48:06 us=632261   verify_x509_type = 2
2023-04-14 14:48:06 us=632286   verify_x509_name = 'remote.server.com'
2023-04-14 14:48:06 us=632312   crl_file = '[UNDEF]'
2023-04-14 14:48:06 us=632338   ns_cert_type = 0
2023-04-14 14:48:06 us=632365   remote_cert_ku[i] = 65535
2023-04-14 14:48:06 us=632393   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632420   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632447   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632474   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632511   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632531   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632550   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632571   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632588   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632606   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632628   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632649   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632661   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632671   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632681   remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632692   remote_cert_eku = 'TLS Web Server Authentication'
2023-04-14 14:48:06 us=632702   ssl_flags = 0
2023-04-14 14:48:06 us=632713   tls_timeout = 2
2023-04-14 14:48:06 us=632724   renegotiate_bytes = -1
2023-04-14 14:48:06 us=632734   renegotiate_packets = 0
2023-04-14 14:48:06 us=632745   renegotiate_seconds = 36000
2023-04-14 14:48:06 us=632755   handshake_window = 60
2023-04-14 14:48:06 us=632765   transition_window = 3600
2023-04-14 14:48:06 us=632775   single_session = DISABLED
2023-04-14 14:48:06 us=632786   push_peer_info = DISABLED
2023-04-14 14:48:06 us=632796   tls_exit = DISABLED
2023-04-14 14:48:06 us=632807   tls_crypt_v2_metadata = '[UNDEF]'
2023-04-14 14:48:06 us=632817   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632828   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632838   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632848   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632859   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632870   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632880   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632890   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632900   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632911   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632921   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632932   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632943   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632953   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632963   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632974   pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632985   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=632995   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633006   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633017   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633036   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633053   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633074   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633090   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633101   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633111   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633122   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633132   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633142   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633153   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633163   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633173   pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633184   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633194   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633204   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633215   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633225   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633238   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633259   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633280   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633294   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633305   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633315   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633325   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633335   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633346   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633356   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633366   pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633376   pkcs11_pin_cache_period = -1
2023-04-14 14:48:06 us=633385   pkcs11_id = '[UNDEF]'
2023-04-14 14:48:06 us=633400   pkcs11_id_management = DISABLED
2023-04-14 14:48:06 us=633423   server_network = 0.0.0.0
2023-04-14 14:48:06 us=633445   server_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633468   server_network_ipv6 = ::
2023-04-14 14:48:06 us=633479   server_netbits_ipv6 = 0
2023-04-14 14:48:06 us=633490   server_bridge_ip = 0.0.0.0
2023-04-14 14:48:06 us=633501   server_bridge_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633512   server_bridge_pool_start = 0.0.0.0
2023-04-14 14:48:06 us=633523   server_bridge_pool_end = 0.0.0.0
2023-04-14 14:48:06 us=633534   ifconfig_pool_defined = DISABLED
2023-04-14 14:48:06 us=633545   ifconfig_pool_start = 0.0.0.0
2023-04-14 14:48:06 us=633560   ifconfig_pool_end = 0.0.0.0
2023-04-14 14:48:06 us=633582   ifconfig_pool_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633604   ifconfig_pool_persist_filename = '[UNDEF]'
2023-04-14 14:48:06 us=633626   ifconfig_pool_persist_refresh_freq = 600
2023-04-14 14:48:06 us=633642   ifconfig_ipv6_pool_defined = DISABLED
2023-04-14 14:48:06 us=633658   ifconfig_ipv6_pool_base = ::
2023-04-14 14:48:06 us=633674   ifconfig_ipv6_pool_netbits = 0
2023-04-14 14:48:06 us=633690   n_bcast_buf = 256
2023-04-14 14:48:06 us=633707   tcp_queue_limit = 64
2023-04-14 14:48:06 us=633722   real_hash_size = 256
2023-04-14 14:48:06 us=633742   virtual_hash_size = 256
2023-04-14 14:48:06 us=633761   client_connect_script = '[UNDEF]'
2023-04-14 14:48:06 us=633780   learn_address_script = '[UNDEF]'
2023-04-14 14:48:06 us=633800   client_disconnect_script = '[UNDEF]'
2023-04-14 14:48:06 us=633819   client_config_dir = '[UNDEF]'
2023-04-14 14:48:06 us=633838   ccd_exclusive = DISABLED
2023-04-14 14:48:06 us=633856   tmp_dir = '/tmp'
2023-04-14 14:48:06 us=633879   push_ifconfig_defined = DISABLED
2023-04-14 14:48:06 us=633927   push_ifconfig_local = 0.0.0.0
2023-04-14 14:48:06 us=633948   push_ifconfig_remote_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633969   push_ifconfig_ipv6_defined = DISABLED
2023-04-14 14:48:06 us=633991   push_ifconfig_ipv6_local = ::/0
2023-04-14 14:48:06 us=634011   push_ifconfig_ipv6_remote = ::
2023-04-14 14:48:06 us=634034   enable_c2c = DISABLED
2023-04-14 14:48:06 us=634051   duplicate_cn = DISABLED
2023-04-14 14:48:06 us=634067   cf_max = 0
2023-04-14 14:48:06 us=634085   cf_per = 0
2023-04-14 14:48:06 us=634102   max_clients = 1024
2023-04-14 14:48:06 us=634120   max_routes_per_client = 256
2023-04-14 14:48:06 us=634137   auth_user_pass_verify_script = '[UNDEF]'
2023-04-14 14:48:06 us=634161   auth_user_pass_verify_script_via_file = DISABLED
2023-04-14 14:48:06 us=634180   auth_token_generate = DISABLED
2023-04-14 14:48:06 us=634197   auth_token_lifetime = 0
2023-04-14 14:48:06 us=634215   auth_token_secret_file = '[UNDEF]'
2023-04-14 14:48:06 us=634233   port_share_host = '[UNDEF]'
2023-04-14 14:48:06 us=634257   port_share_port = '[UNDEF]'
2023-04-14 14:48:06 us=634280   vlan_tagging = DISABLED
2023-04-14 14:48:06 us=634299   vlan_accept = all
2023-04-14 14:48:06 us=634320   vlan_pvid = 1
2023-04-14 14:48:06 us=634341   client = ENABLED
2023-04-14 14:48:06 us=634364   pull = ENABLED
2023-04-14 14:48:06 us=634383   auth_user_pass_file = '/etc/openvpn/user-auth'
2023-04-14 14:48:06 us=634406 OpenVPN 2.5.9 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 14 2023
2023-04-14 14:48:06 us=634450 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-04-14 14:48:06 us=634748 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Enter Private Key Password: (press TAB for no echo) 
Failed to query password: Timer expired
2023-04-14 14:49:36 us=737917 ERROR: Failed retrieving username or password
2023-04-14 14:49:36 us=738065 Exiting due to fatal error

谢谢大家。

答案1

好吧,答案已经在这里很长时间了,我不够聪明,无法理解它:

https://www.reddit.com/r/sysadmin/comments/z9miwu/suddenly_openvpn_client_asks_about_private_key/ https://bbs.archlinux.org/viewtopic.php?id=280970

sudoedit /etc/ssl/openssl.cnf

然后适应这些变化:

[provider_sect]
default = default_sect
legacy = legacy_sect     # Add this.

# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect

# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl.  As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
# activate = 1    # Enable this.
activate = 1

[legacy_sect]     # Add these.
activate = 1

重新启动并完成。

相关内容