Alma Linux 8 installation errors

[longweihk]

[root@server ~]# curl -O https://raw.githubusercontent.com/angristan/openvpn-ins tall/master/openvpn-install.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 42167 100 42167 0 0 556k 0 --:--:-- --:--:-- --:--:-- 556k
[root@server ~]# chmod +x openvpn-install.sh
[root@server ~]# ./openvpn-install.sh
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are okay with them .

I need to know the IPv4 address of the network interface you want OpenVPN listen ing to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: 178.118.252.501

Checking for IPv6 connectivity...

Your host appears to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: n

What port do you want OpenVPN to listen to?

1. Default: 1194
2. Custom
3. Random [49152-65535]
   Port choice [1-3]: 12
   Port choice [1-3]: 2
   Custom port [1-65535]: 1258

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.

1. UDP
2. TCP
   Protocol [1-2]: 1

What DNS resolvers do you want to use with the VPN?

1. Current system resolvers (from /etc/resolv.conf)
2. Self-hosted DNS Resolver (Unbound)
3. Cloudflare (Anycast: worldwide)
4. Quad9 (Anycast: worldwide)
5. Quad9 uncensored (Anycast: worldwide)
6. FDN (France)
7. DNS.WATCH (Germany)
8. OpenDNS (Anycast: worldwide)
9. Google (Anycast: worldwide)
10. Yandex Basic (Russia)
11. AdGuard DNS (Anycast: worldwide)
12. NextDNS (Anycast: worldwide)
13. Custom
    DNS [1-12]: 9

Do you want to use compression? It is not recommended since the VORACLE attack m akes use of it.
Enable compression? [y/n]: n

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe (unlike OpenVPN's defaults).
See https://github.com/angristan/openvpn-install#security-and-encryption to lear n more.

Customize encryption settings? [y/n]: y

Choose which cipher you want to use for the data channel:

1. AES-128-GCM (recommended)
2. AES-192-GCM
3. AES-256-GCM
4. AES-128-CBC
5. AES-192-CBC
6. AES-256-CBC
   Cipher [1-6]: 3

Choose what kind of certificate you want to use:

1. ECDSA (recommended)
2. RSA
   Certificate key type [1-2]: 1

Choose which curve you want to use for the certificate's key:

1. prime256v1 (recommended)
2. secp384r1
3. secp521r1
   Curve [1-3]: 1

Choose which cipher you want to use for the control channel:

1. ECDHE-ECDSA-AES-128-GCM-SHA256 (recommended)
2. ECDHE-ECDSA-AES-256-GCM-SHA384
   Control channel cipher [1-2]: 1

Choose what kind of Diffie-Hellman key you want to use:

1. ECDH (recommended)
2. DH
   DH key type [1-2]: 1

Choose which curve you want to use for the ECDH key:

1. prime256v1 (recommended)
2. secp384r1
3. secp521r1
   Curve [1-3]: 1

The digest algorithm authenticates tls-auth packets from the control channel.
Which digest algorithm do you want to use for HMAC?

1. SHA-256 (recommended)
2. SHA-384
3. SHA-512
   Digest algorithm [1-3]: 3

You can add an additional layer of security to the control channel with tls-auth and tls-crypt
tls-auth authenticates the packets, while tls-crypt authenticate and encrypt the m.

1. tls-crypt (recommended)
2. tls-auth
   Control channel additional security mechanism [1-2]: 1

Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...
CentOS Web Panel repo for Linux 8 - x86_64 14 kB/s | 2.9 kB 00:00
AlmaLinux 8 - BaseOS 8.3 kB/s | 3.8 kB 00:00
AlmaLinux 8 - AppStream 9.8 kB/s | 4.3 kB 00:00
AlmaLinux 8 - Extras 8.0 kB/s | 3.3 kB 00:00
AlmaLinux 8 - PowerTools 11 kB/s | 4.2 kB 00:00
AlmaLinux 8 - PowerTools Source 7.1 kB/s | 3.0 kB 00:00
AlmaLinux 8 - PowerTools debuginfo 7.0 kB/s | 3.0 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 1.2 MB/s | 41 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 27 MB/s | 14 MB 00:00
MariaDB 33 B/s | 10 B 00:00
Errors during downloading metadata for repository 'mariadb':

• Status code: 404 for http://mirror.mariadb.org/yum/10.4/centos8-amd64/repoda ta/repomd.xml (IP: 2a01:4f8:1c17:e53d::1)
  Error: Failed to download metadata for repo 'mariadb': Cannot download repomd.xm l: Cannot download repodata/repomd.xml: All mirrors were tried
  MariaDB 23 B/s | 10 B 00:00
  Errors during downloading metadata for repository 'mariadb':
• Status code: 404 for http://mirror.mariadb.org/yum/10.4/centos8-amd64/repoda ta/repomd.xml (IP: 2a01:4f8:1c17:e53d::1)
  Error: Failed to download metadata for repo 'mariadb': Cannot download repomd.xm l: Cannot download repodata/repomd.xml: All mirrors were tried
  --2025-07-27 19:59:42-- https://github.com/OpenVPN/easy-rsa/releases/download/v 3.1.2/EasyRSA-3.1.2.tgz
  Resolving github.com (github.com)... 140.82.121.4
  Connecting to github.com (github.com)|140.82.121.4|:443... connected.
  HTTP request sent, awaiting response... 302 Found
  Location: https://release-assets.githubusercontent.com/github-production-release -asset/4519663/c2688102-7cd5-4fcc-b272-083d48dc4b4d?sp=r&sv=2018-11-09&sr=b&spr= https&se=2025-07-27T18%3A42%3A39Z&rscd=attachment%3B+filename%3DEasyRSA-3.1.2.tg z&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&skt id=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-27T17%3A42%3A08Z&ske=2025-07 -27T18%3A42%3A39Z&sks=b&skv=2018-11-09&sig=dIOqr7K2n%2FrzJ40dhL4CNYyHeKSh6gqgfCZ 1%2B2bEyl8%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tI iwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsI mV4cCI6MTc1MzYzOTQ4MiwibmJmIjoxNzUzNjM5MTgyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjd Glvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.aYqDgmZ05yik9Z0G0vUWyuxTkZUtRUm9VQqsp0jveY g&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.1.2.tgz&resp onse-content-type=application%2Foctet-stream [following]
  --2025-07-27 19:59:42-- https://release-assets.githubusercontent.com/github-pro duction-release-asset/4519663/c2688102-7cd5-4fcc-b272-083d48dc4b4d?sp=r&sv=2018- 11-09&sr=b&spr=https&se=2025-07-27T18%3A42%3A39Z&rscd=attachment%3B+filename%3DE asyRSA-3.1.2.tgz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-a b1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-27T17%3A42%3A 08Z&ske=2025-07-27T18%3A42%3A39Z&sks=b&skv=2018-11-09&sig=dIOqr7K2n%2FrzJ40dhL4C NYyHeKSh6gqgfCZ1%2B2bEyl8%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOi JnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2 V5Ijoia2V5MSIsImV4cCI6MTc1MzYzOTQ4MiwibmJmIjoxNzUzNjM5MTgyLCJwYXRoIjoicmVsZWFzZW Fzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.aYqDgmZ05yik9Z0G0vUWyuxTkZU tRUm9VQqsp0jveYg&response-content-disposition=attachment%3B%20filename%3DEasyRSA -3.1.2.tgz&response-content-type=application%2Foctet-stream
  Resolving release-assets.githubusercontent.com (release-assets.githubusercontent .com)... 185.199.111.133, 185.199.109.133, 185.199.110.133, ...
  Connecting to release-assets.githubusercontent.com (release-assets.githubusercon tent.com)|185.199.111.133|:443... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 68984 (67K) [application/octet-stream]
  Saving to: ‘/root/easy-rsa.tgz’

/root/easy-rsa.tgz 100%[===================>] 67.37K --.-KB/s in 0.003s

2025-07-27 19:59:42 (21.5 MB/s) - ‘/root/easy-rsa.tgz’ saved [68984/68984]

Notice

'init-pki' complete; you may now create a CA or requests.

Your newly created PKI dir is:

• /etc/openvpn/easy-rsa/pki

• Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars

• The preferred location for 'vars' is within the PKI folder.
  To silence this message move your 'vars' file to your PKI
  or declare your 'vars' file with option: --vars=

• Using x509-types directory: /etc/openvpn/easy-rsa/x509-types

• Using SSL: openssl OpenSSL 1.1.1k FIPS 25 Mar 2021

• Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars

• The preferred location for 'vars' is within the PKI folder.
  To silence this message move your 'vars' file to your PKI
  or declare your 'vars' file with option: --vars=

Notice

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/easy-rsa/pki/ca.crt

• Using SSL: openssl OpenSSL 1.1.1k FIPS 25 Mar 2021

• Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars

• The preferred location for 'vars' is within the PKI folder.
  To silence this message move your 'vars' file to your PKI
  or declare your 'vars' file with option: --vars=
  Generating an EC private key
  writing new private key to '/etc/openvpn/easy-rsa/pki/099305df/temp.1d944868'

---

Notice

Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa/pki/reqs/server_xCFzYk4oCWCnz5Cq.req
key: /etc/openvpn/easy-rsa/pki/private/server_xCFzYk4oCWCnz5Cq.key
Using configuration from /etc/openvpn/easy-rsa/pki/099305df/temp.2a24e296
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server_xCFzYk4oCWCnz5Cq'
Certificate is to be certified until Jul 25 17:59:43 2035 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Notice

Certificate created at:

• /etc/openvpn/easy-rsa/pki/issued/server_xCFzYk4oCWCnz5Cq.crt

Notice

Inline file created:

• /etc/openvpn/easy-rsa/pki/inline/server_xCFzYk4oCWCnz5Cq.inline

• Using SSL: openssl OpenSSL 1.1.1k FIPS 25 Mar 2021

• Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars

• The preferred location for 'vars' is within the PKI folder.
  To silence this message move your 'vars' file to your PKI
  or declare your 'vars' file with option: --vars=
  Using configuration from /etc/openvpn/easy-rsa/pki/059431f3/temp.054012c0

Notice

An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem

./openvpn-install.sh: line 786: openvpn: command not found

• Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
  kernel.yama.ptrace_scope = 0
• Applying /usr/lib/sysctl.d/50-coredump.conf ...
  kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e
  kernel.core_pipe_limit = 16
• Applying /usr/lib/sysctl.d/50-default.conf ...
  kernel.sysrq = 16
  kernel.core_uses_pid = 1
  kernel.kptr_restrict = 1
  net.ipv4.conf.all.rp_filter = 1
  net.ipv4.conf.all.accept_source_route = 0
  net.ipv4.conf.all.promote_secondaries = 1
  net.core.default_qdisc = fq_codel
  fs.protected_hardlinks = 1
  fs.protected_symlinks = 1
• Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
  net.core.optmem_max = 81920
• Applying /usr/lib/sysctl.d/50-pid-max.conf ...
  kernel.pid_max = 4194304
• Applying /etc/sysctl.d/99-openvpn.conf ...
  net.ipv4.ip_forward = 1
• Applying /etc/sysctl.d/99-sysctl.conf ...
  kernel.panic = 10
  kernel.watchdog_thresh = 20
  vm.swappiness = 50
• Applying /etc/sysctl.conf ...
  kernel.panic = 10
  kernel.watchdog_thresh = 20
  vm.swappiness = 50
  cp: cannot stat '/usr/lib/systemd/system/openvpn-server@.service': No such file or directory
  sed: can't read /etc/systemd/system/openvpn-server@.service: No such file or dir ectory
  sed: can't read /etc/systemd/system/openvpn-server@.service: No such file or dir ectory
  Failed to enable unit: Unit file openvpn-server@server.service does not exist.
  Failed to restart openvpn-server@server.service: Unit openvpn-server@server.serv ice not found.
  Created symlink /etc/systemd/system/multi-user.target.wants/iptables-openvpn.ser vice → /etc/systemd/system/iptables-openvpn.service.

Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an undersco re or a dash.
Client name: bulo-note20

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)

1. Add a passwordless client
2. Use a password for the client
   Select an option [1-2]: 1

• Using SSL: openssl OpenSSL 1.1.1k FIPS 25 Mar 2021

• Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars

• The preferred location for 'vars' is within the PKI folder.
  To silence this message move your 'vars' file to your PKI
  or declare your 'vars' file with option: --vars=
  Generating an EC private key
  writing new private key to '/etc/openvpn/easy-rsa/pki/09206689/temp.9ef3aba4'

---

Notice

Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa/pki/reqs/bulo-note20.req
key: /etc/openvpn/easy-rsa/pki/private/bulo-note20.key
Using configuration from /etc/openvpn/easy-rsa/pki/09206689/temp.fe8dc6b8
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'bo-note20'
Certificate is to be certified until Jul 25 18:01:02 2035 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Notice

Certificate created at:

• /etc/openvpn/easy-rsa/pki/issued/bo-note20.crt

Notice

Inline file created:

• /etc/openvpn/easy-rsa/pki/inline/bulo-note20.inline
  Client bo-note20 added.
  cat: /etc/openvpn/tls-crypt.key: No such file or directory

The configuration file has been written to /root/bulo-note20.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

[angristan]

The errors are on the mariadb repo, so it's a problem on your side :)