Time / Crypto issues on Raspberry PI 4
Hi,
I have time and crypto related issues when deploying your image on my Raspberry PI 4.
When running
sudo docker-compose run --rm openvpn ovpn_initpki
I get the following error (incl. output):
Creating openvpn-prod_openvpn_run ... done
Note: using Easy-RSA configuration from: /etc/openvpn/vars
WARNING!!!
You are about to remove the EASYRSA_PKI at: /etc/openvpn/pki
and initialize a fresh PKI here.
Type the word 'yes' to continue, or any other input to abort.
Confirm removal: yes
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki
1+0 records in
1+0 records out
Note: using Easy-RSA configuration from: /etc/openvpn/vars
Using SSL: openssl OpenSSL 1.1.1j 16 Feb 2021
t
Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:
Generating RSA private key, 2048 bit long modulus (2 primes)
........................+++++
..........................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:test
4153578384:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
Easy-RSA error:
Failed to build the CA
ERROR: 1
Running this command on my windows machine works, hence this issue should be related to the pi (or maybe arm?).
I tried setting up openvpn on windows and porting it, then when connecting, this is the error I get:
openvpn | 2105-11-06 20:07:52 OpenVPN 2.5.0 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn | 2105-11-06 20:07:28 library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
openvpn | 2105-11-06 19:00:56 Diffie-Hellman initialized with 2048 bit key
openvpn | 2105-11-06 18:57:20 OpenSSL: error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
openvpn | 2105-11-06 18:57:20 OpenSSL: error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time
openvpn | 2105-11-06 18:57:20 OpenSSL: error:0909006C:PEM routines:get_name:no start line
openvpn | 2105-11-06 18:57:44 CRL: cannot read CRL from file /etc/openvpn/crl.pem
openvpn | 2105-11-06 18:57:44 CRL: loaded 1 CRLs from file /etc/openvpn/crl.pem
openvpn | 2105-11-06 18:50:32 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
openvpn | 2105-11-06 18:50:32 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn | 2105-11-06 18:50:32 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
openvpn | 2105-11-06 18:50:32 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn | 2105-11-06 19:06:56 ROUTE_GATEWAY 172.19.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:13:00:02
openvpn | 2105-11-06 19:08:48 TUN/TAP device tun0 opened
openvpn | 2105-11-06 19:07:44 /sbin/ip link set dev tun0 up mtu 1500
openvpn | 2105-11-06 19:07:44 /sbin/ip link set dev tun0 up
openvpn | 2105-11-06 19:07:36 /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
openvpn | 2105-11-06 19:03:36 /sbin/ip route add 192.168.254.0/24 via 192.168.255.2
openvpn | 2105-11-06 19:03:36 /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
openvpn | 2105-11-06 19:10:16 Could not determine IPv4/IPv6 protocol. Using AF_INET
openvpn | 2105-11-06 19:08:08 Socket Buffers: R=[212992->212992] S=[212992->212992]
openvpn | 2105-11-06 19:10:16 UDPv4 link local (bound): [AF_INET][undef]:1194
openvpn | 2105-11-06 19:10:16 UDPv4 link remote: [AF_UNSPEC]
openvpn | 2105-11-06 19:11:52 GID set to nogroup
openvpn | 2105-11-06 19:12:08 UID set to nobody
openvpn | 2105-11-06 19:14:16 MULTI: multi_init called, r=256 v=256
openvpn | 2105-11-06 19:13:12 IFCONFIG POOL IPv4: base=192.168.255.4 size=62
openvpn | 2105-11-06 19:13:36 Initialization Sequence Completed
openvpn | 2105-11-06 18:45:12 188.192.213.73:62027 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
openvpn | 2105-11-06 18:45:12 188.192.213.73:62027 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn | 2105-11-06 18:45:12 188.192.213.73:62027 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
openvpn | 2105-11-06 18:45:12 188.192.213.73:62027 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
openvpn | 2105-11-06 19:08:16 188.192.213.73:62027 TLS: Initial packet from [AF_INET]188.192.213.73:62027, sid=67c48a4c 38d5b7bb
openvpn | 2105-11-06 19:06:40 188.192.213.73:62027 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
openvpn | 2105-11-06 19:06:40 188.192.213.73:62027 TLS Error: TLS handshake failed
openvpn | 2105-11-06 19:12:32 188.192.213.73:62027 SIGUSR1[soft,tls-error] received, client-instance restarting
Also I checked the pi's time with 'date --debug' and the time is accurate.
Can I fix this issue on my own?
Edited by Lukas Thiersch