OpenVPN Error: Cannot open dh1024.pem for DH parameters


When building OpenVPN on RHEL/CentOS servers as a RPM you may end up finding that the init script fails to start OpenVPN. When checking /var/log/messages you may find a error that looks simular to this.

Jan 01 01:01:01 localhost openvpn[21621]: Cannot open dh1024.pem for DH parameters: error:0200100D:system library:fopen:Permission denied: error:2006D002:BIO routines:BIO_new_file:system lib


Chances are you probably have SELINUX set to enforcing. Run the following command to see what enforcing level SELINUX is set at.

[root@localhost ~]# getenforce

If the result returned is Enforcing then you need to disable SELINUX. You can do that by running the following command

[root@localhost ~]# setenforce 0

This is only a temp fix, the next reboot will cause SELINUX to go back into a enforcing mode. In order to disable SELINUX permanently you need to change the SELINUX value in /etc/sysconfig/selinux from enforcing to disabled. You can do this by running the following command

[root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux