-
-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenVPN issue when missing /etc/openvpn/config/easy-rsa.vars #42
Comments
Hi @reamasesa, It is described in Container Deployment details and would be created automatically if you'll use OpenVPN-AWS for x86 computers (it needs Ansible though but automates OpenVPN and UI setup). |
This was fixed as well for Raspberry-Gareway and openvpn-server Now it lists all the parameters correctly. I'll rebuild openvpn-server container soon and close this issue. |
Thanks, sorry for the late replies, it's been hectic here |
last image: d3vilh/openvpn-server:0.5.3
|
@a-reznic here is nice WA for the same problem (wget the file). I just reinstall it from openvpn-server by cloning it and bringing docker compose up and it seems take the file without any issue: philipp@d3vpi:~/build $ git clone https://github.com/d3vilh/openvpn-server
Cloning into 'openvpn-server'...
remote: Enumerating objects: 240, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (51/51), done.
remote: Total 240 (delta 38), reused 42 (delta 20), pack-reused 168
Receiving objects: 100% (240/240), 62.21 KiB | 169.00 KiB/s, done.
Resolving deltas: 100% (139/139), done.
philipp@d3vpi:~/build $ cd openvpn-server
philipp@d3vpi:~/build/openvpn-server $ docker-compose up -d
openvpn-ui is up-to-date
Creating openvpn ... done
philipp@d3vpi:~/build/openvpn-server $ docker logs openvpn
EasyRSA path: /usr/share/easy-rsa OVPN path: /etc/openvpn
Setting up public key infrastructure...
Notice
------
'init-pki' complete; you may now create a CA or requests.
Your newly created PKI dir is:
* /usr/share/easy-rsa/pki
Using Easy-RSA configuration:
* undefined
Following EASYRSA variables will be used:
EASYRSA_DN "org"
EASYRSA_REQ_COUNTRY "UA"
EASYRSA_REQ_PROVINCE "KY"
EASYRSA_REQ_CITY "Kyiv"
EASYRSA_REQ_ORG "SweetHome"
EASYRSA_REQ_EMAIL "[email protected]"
EASYRSA_REQ_OU "MyOrganizationalUnit"
EASYRSA_REQ_CN "OpenVPNServer"
EASYRSA_KEY_SIZE 2048
EASYRSA_CA_EXPIRE 3650
EASYRSA_CERT_EXPIRE 825
EASYRSA_CERT_RENEW 30
EASYRSA_CRL_DAYS 180
Generating ertificate authority...
Using Easy-RSA 'vars' configuration:
* /usr/share/easy-rsa/pki/vars
Using SSL:
* openssl OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)
.+........+.......+...+..+.+.....+
Notice
------
CA creation complete. Your new CA certificate is at:
* /usr/share/easy-rsa/pki/ca.crt
Creating the Server Certificate...
Using Easy-RSA 'vars' configuration:
* /usr/share/easy-rsa/pki/vars
Using SSL:
* openssl OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)
.......+.....+.............+..............+.....+...+.......+.+++
-----
Notice
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /usr/share/easy-rsa/pki/reqs/server.req
* key: /usr/share/easy-rsa/pki/private/server.key
Sign request...
Using Easy-RSA 'vars' configuration:
* /usr/share/easy-rsa/pki/vars
Using SSL:
* openssl OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)
Using configuration from /usr/share/easy-rsa/pki/openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'UA'
stateOrProvinceName :ASN.1 12:'KY'
localityName :ASN.1 12:'Kyiv'
organizationName :ASN.1 12:'SweetHome'
organizationalUnitName:ASN.1 12:'MyOrganizationalUnit'
commonName :ASN.1 12:'OpenVPNServer'
emailAddress :IA5STRING:'[email protected]'
Certificate is to be certified until Sep 9 16:49:59 2026 GMT (825 days)
Write out database with 1 new entries
Database updated
Notice
------
Certificate created at:
* /usr/share/easy-rsa/pki/issued/server.crt
Generate Diffie-Hellman key...
Using Easy-RSA 'vars' configuration:
* /usr/share/easy-rsa/pki/vars
Using SSL:
* openssl OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)
Generating DH parameters, 2048 bit long safe prime
.......++--...
DH parameters appear to be ok.
Notice
------
DH parameters of size 2048 created at:
* /usr/share/easy-rsa/pki/dh.pem
Generate HMAC signature...
2024-06-06 16:51:19 DEPRECATED OPTION: The option --secret is deprecated.
2024-06-06 16:51:19 WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead.
Create certificate revocation list (CRL)...
Using Easy-RSA 'vars' configuration:
* /usr/share/easy-rsa/pki/vars
Using SSL:
* openssl OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)
Using configuration from /usr/share/easy-rsa/pki/openssl-easyrsa.cnf
Notice
------
An updated CRL has been created:
* /usr/share/easy-rsa/pki/crl.pem
Following EASYRSA variables were set during CA init:
EASYRSA_DN "org"
EASYRSA_REQ_COUNTRY "UA"
EASYRSA_REQ_PROVINCE "KY"
EASYRSA_REQ_CITY "Kyiv"
EASYRSA_REQ_ORG "SweetHome"
EASYRSA_REQ_EMAIL "[email protected]"
EASYRSA_REQ_OU "MyOrganizationalUnit"
EASYRSA_REQ_CN "OpenVPNServer"
EASYRSA_KEY_SIZE 2048
EASYRSA_CA_EXPIRE 3650
EASYRSA_CERT_EXPIRE 825
EASYRSA_CERT_RENEW 30
EASYRSA_CRL_DAYS 180
Configuring networking rules...
IP forwarding configuration now applied:
net.ipv4.ip_forward = 1
Configuring iptables...
NAT for OpenVPN clients
Blocking ICMP for external clients
Blocking internal home subnet to access from external openvpn clients (Internet still available)
No additional firewall rules to apply.
IPT MASQ Chains:
MASQUERADE all -- 10.0.70.0/24 anywhere
MASQUERADE all -- 10.0.71.0/24 anywhere
IPT FWD Chains:
0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 8
0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 0
0 0 DROP 0 -- * * 10.0.71.0/24 192.168.88.0/24
Start openvpn process... During the first container init |
Hi,
When I start a new, clean, containers, with
config
directory as volume, I get this messageopenvpn | cp: can't stat '/etc/openvpn/config/easy-rsa.vars': No such file or directory openvpn exited with code 1
Placing an empty file before starting the containers resolves this
Thanks
The text was updated successfully, but these errors were encountered: