To reproduce the bug:
vyos@crux-test:~$ generate vpn x509 key-pair test sudo: /opt/vyatta/sbin//vyatta-gen-x509-keypair: command not found
Tested and issue exists on all release trains.
To reproduce the bug:
vyos@crux-test:~$ generate vpn x509 key-pair test sudo: /opt/vyatta/sbin//vyatta-gen-x509-keypair: command not found
Tested and issue exists on all release trains.
The main issue seems to be a lack of execute permissions on the script vyatta-gen-x509-keypair
Fixing that issue however seems to indicate the script has further issues
vyos@crux-test:~$ sudo chmod +x /opt/vyatta/sbin/vyatta-gen-x509-keypair vyos@crux-test:~$ generate vpn x509 key-pair test error on line -1 of /etc/key-pair.template 139925418890896:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/etc/key-pair.template','rb') 139925418890896:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:178: 139925418890896:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:195:
Providing an entire path of the file i.e. /opt/vyatta/etc/key-pair.template instead of "@sysconfdir@/key-pair.template", makes the command executable.
IPSec VPN in X509 mode needs ca cert file, also server/client cert has to be signed by the CA for identification.
So, maybe rewriting this script will be helpful.
Any suggestions are welcome.
vyos@R2:~$ generate vpn x509 key-pair example Generating a RSA private key ...+++++ ...................+++++ writing new private key to '/config/auth/example.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []: State Name []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, department) []: Common Name (eg, Device hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password (optional) []:
It's trying to find the template in /etc/, but it is located in /opt/vyatta/etc
vyos@r1:~$ generate vpn x509 key-pair testone Can't open /etc/key-pair.template for reading, No such file or directory 140089191929024:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/etc/key-pair.template','r') 140089191929024:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: vyos@r1:~$ cat /etc/key-pair.template cat: /etc/key-pair.template: No such file or directory vyos@r1:~$ vyos@r1:~$ sudo find / -name key-pair.template /boot/rw/opt/vyatta/etc/key-pair.template /opt/vyatta/etc/key-pair.template
PR https://github.com/vyos/vyatta-op-vpn/pull/35
vyos@r1:~$ vyos@r1:~$ generate vpn x509 key-pair testone Generating a RSA private key ......................+++++ ............+++++ writing new private key to '/config/auth/testone.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []: