Config server fails to start if config hasn't been generated yet

[TheKnarf]

$ CID=$(docker run -d --privileged -p 1194:1194/udp -p 443:443/tcp jpetazzo/openvpn)
$ docker run -t -i -p 8080:8080 --volumes-from $CID jpetazzo/openvpn serveconfig
Please run the OpenVPN container at least once in normal mode,
to generate the client configuration file. Thank you.

[jpetazzo]

The openvpn container probably failed to start. If you still have this problem, please include the logs of the first container (docker logs $CID).

Thank you!

[TheKnarf]

➜  ~  docker run -t -i -p 8080:8080 --volumes-from $CID jpetazzo/openvpn serveconfig
Please run the OpenVPN container at least once in normal mode,
to generate the client configuration file. Thank you.
➜  ~  docker logs $CID
Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
..............+....................................+...............+....+.....+.....................+................................................+.+.+.+..........+.....+...................+.........................+..............+..+.....................................................................+..+......................+............................+.........+....................................+..........+.....................................+...................................................+........+........................................................+.+.....................................+.......................+.......+...............................................................................................................+.......+............................+....................+.+............................+.....................+.............+..................+......................+................+.....+.++*++*++*++*++*++*
Generating RSA private key, 2048 bit long modulus
......................................................................................+++
................+++
e is 65537 (0x10001)
Signature ok
subject=/CN=OpenVPN
Getting Private key
==> http8080.log <==

==> tcp443.log <==

==> udp1194.log <==
Wed Apr  1 02:11:25 2015 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Wed Apr  1 02:11:25 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Apr  1 02:11:25 2015 Diffie-Hellman initialized with 512 bit key
Wed Apr  1 02:11:25 2015 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Apr  1 02:11:25 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Wed Apr  1 02:11:25 2015 ROUTE default_gateway=172.17.42.1

==> tcp443.log <==
Wed Apr  1 02:11:25 2015 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012

==> udp1194.log <==
Wed Apr  1 02:11:25 2015 TUN/TAP device tun1194 opened
Wed Apr  1 02:11:26 2015 TUN/TAP TX queue length set to 100
Wed Apr  1 02:11:26 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr  1 02:11:26 2015 /sbin/ifconfig tun1194 192.168.255.129 pointopoint 192.168.255.130 mtu 1500

==> tcp443.log <==
Wed Apr  1 02:11:26 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Apr  1 02:11:26 2015 Diffie-Hellman initialized with 512 bit key
Wed Apr  1 02:11:26 2015 TLS-Auth MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Apr  1 02:11:26 2015 Socket Buffers: R=[87380->131072] S=[87380->131072]
Wed Apr  1 02:11:26 2015 ROUTE default_gateway=172.17.42.1
Wed Apr  1 02:11:26 2015 TUN/TAP device tun443 opened
Wed Apr  1 02:11:26 2015 TUN/TAP TX queue length set to 100
Wed Apr  1 02:11:26 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr  1 02:11:26 2015 /sbin/ifconfig tun443 192.168.255.1 pointopoint 192.168.255.2 mtu 1500

==> udp1194.log <==
Wed Apr  1 02:11:26 2015 /sbin/route add -net 192.168.255.128 netmask 255.255.255.128 gw 192.168.255.130

==> tcp443.log <==
Wed Apr  1 02:11:26 2015 /sbin/route add -net 192.168.255.0 netmask 255.255.255.128 gw 192.168.255.2

==> udp1194.log <==
Wed Apr  1 02:11:26 2015 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Apr  1 02:11:26 2015 UDPv4 link local (bound): [undef]
Wed Apr  1 02:11:26 2015 UDPv4 link remote: [undef]
Wed Apr  1 02:11:26 2015 MULTI: multi_init called, r=256 v=256
Wed Apr  1 02:11:26 2015 IFCONFIG POOL: base=192.168.255.132 size=30, ipv6=0
Wed Apr  1 02:11:26 2015 Initialization Sequence Completed

==> tcp443.log <==
Wed Apr  1 02:11:26 2015 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Wed Apr  1 02:11:26 2015 Listening for incoming TCP connection on [undef]
Wed Apr  1 02:11:26 2015 TCPv4_SERVER link local (bound): [undef]
Wed Apr  1 02:11:26 2015 TCPv4_SERVER link remote: [undef]
Wed Apr  1 02:11:26 2015 MULTI: multi_init called, r=256 v=256
Wed Apr  1 02:11:26 2015 IFCONFIG POOL: base=192.168.255.4 size=30, ipv6=0
Wed Apr  1 02:11:26 2015 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Apr  1 02:11:26 2015 Initialization Sequence Completed
➜  ~

[jpetazzo]

I ran the same commands and everything worked fine. Are you running the two commands in a very close sequence? (If you have a slow CPU, it can take some time to generate the keys, and when you start the config server, the config hasn't been generated yet.)

[TheKnarf]

Yes that was the problem. Would it be possible to make the second command wait? So instead of giving an error it just waits for the first to gennerate the key?

[jpetazzo]

I pushed a fix; let me know if that helps?

[kaefik]

This problem is exist.
OS: fedora 27

My log:
docker logs $CID
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
............................................................+..........................++++++*
Generating RSA private key, 2048 bit long modulus
...............................+++
....+++
e is 65537 (0x10001)
Signature ok
subject=/CN=OpenVPN
Getting Private key
==> http8080.log <==
==> tcp443.log <==
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014
==> tcp443.log <==
Sat Dec 16 09:46:21 2017 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014
Sat Dec 16 09:46:21 2017 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
==> tcp443.log <==
Sat Dec 16 09:46:21 2017 Diffie-Hellman initialized with 1024 bit key
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 Diffie-Hellman initialized with 1024 bit key
==> tcp443.log <==
Sat Dec 16 09:46:21 2017 TLS-Auth MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Dec 16 09:46:21 2017 Socket Buffers: R=[212992->131072] S=[212992->131072]
==> tcp443.log <==
Sat Dec 16 09:46:21 2017 Socket Buffers: R=[87380->131072] S=[16384->131072]
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 ROUTE default_gateway=172.17.0.1
==> tcp443.log <==
Sat Dec 16 09:46:21 2017 ROUTE default_gateway=172.17.0.1
Sat Dec 16 09:46:21 2017 TUN/TAP device tun443 opened
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 TUN/TAP device tun1194 opened
Sat Dec 16 09:46:21 2017 TUN/TAP TX queue length set to 100
Sat Dec 16 09:46:21 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Dec 16 09:46:21 2017 /sbin/ifconfig tun1194 192.168.255.129 pointopoint 192.168.255.130 mtu 1500
==> tcp443.log <==
Sat Dec 16 09:46:21 2017 TUN/TAP TX queue length set to 100
Sat Dec 16 09:46:21 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Dec 16 09:46:21 2017 /sbin/ifconfig tun443 192.168.255.1 pointopoint 192.168.255.2 mtu 1500
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 /sbin/route add -net 192.168.255.128 netmask 255.255.255.128 gw 192.168.255.130
==> tcp443.log <==
Sat Dec 16 09:46:21 2017 /sbin/route add -net 192.168.255.0 netmask 255.255.255.128 gw 192.168.255.2
Sat Dec 16 09:46:21 2017 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Sat Dec 16 09:46:21 2017 Listening for incoming TCP connection on [undef]
Sat Dec 16 09:46:21 2017 TCPv4_SERVER link local (bound): [undef]
Sat Dec 16 09:46:21 2017 TCPv4_SERVER link remote: [undef]
Sat Dec 16 09:46:21 2017 MULTI: multi_init called, r=256 v=256
Sat Dec 16 09:46:21 2017 IFCONFIG POOL: base=192.168.255.4 size=30, ipv6=0
Sat Dec 16 09:46:21 2017 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sat Dec 16 09:46:21 2017 Initialization Sequence Completed
==> udp1194.log <==
Sat Dec 16 09:46:21 2017 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 16 09:46:21 2017 UDPv4 link local (bound): [undef]
Sat Dec 16 09:46:21 2017 UDPv4 link remote: [undef]
Sat Dec 16 09:46:21 2017 MULTI: multi_init called, r=256 v=256
Sat Dec 16 09:46:21 2017 IFCONFIG POOL: base=192.168.255.132 size=30, ipv6=0
Sat Dec 16 09:46:21 2017 Initialization Sequence Completed