I wanted to do this quick post for reference down the road. I recently updated OpenVPN to 2.5.2 and had issues with start up and also had issues with warnings related to cracklib.
The first issue was starting. It was failing on the following:
Jun 28 08:33:05 comp openvpn[30689]: tls_auth_file = 'ta.key'
Jun 28 08:33:32 comp openvpn[30692]: Read error on key file ('ta.key')Looking at the ownership/permissions of the ta.key, I saw the following:
-rw------- 1 root root 636 Nov 2 2020 ta.keyI changed that to:
-rw------- 1 openvpn openvpn 636 Nov 2 2016 ta.keyThen the service would start. But I noticed this warning.
Jun 28 08:42:16 comp openvpn[31175]: PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/security/pam_cracklib.so: cannot open shared object file: No such file or directory
Jun 28 08:42:16 comp openvpn[31175]: PAM adding faulty module: /lib/security/pam_cracklib.soAfter some digging I see that pam replaced cracklib with passwdqc, so I make the following change to /etc/pam.d/ovpn
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password required pam_passwdqc.so config=/etc/security/passwdqc.confEverything seems fine now.