View previous topic :: View next topic |
Author |
Message |
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1606 Location: Fayetteville, NC, USA
|
Posted: Wed Feb 07, 2018 2:02 am Post subject: OpenVPN server info? |
|
|
OK, I am trying to figure out how and what I need to generate to run an OpenVPN server. I keep finding guides for CentOS or Ubuntu but they have all kinds of files missing in Gentoo, such as some "vars" file. How do I properly generate certificates and such for OpenVPN? I have stuck with PPTP for years because it's too damn complicated. Either I have to use a n00b distro with scripts or I can't get any info at all. I know I need certificates but I cannot find info on what type, where to use them, or how to create them unless I have all of these scripts which don't exist as a stock part of OpenVPN. Help? _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
bbgermany Veteran
Joined: 21 Feb 2005 Posts: 1844 Location: Oranienburg/Germany
|
Posted: Wed Feb 07, 2018 6:53 am Post subject: |
|
|
Hi,
have a look here: https://forums.gentoo.org/viewtopic-t-538662.html . Even the default howtos for ubuntu or centos are worth a look, since 99% of the howtos are the same for gentoo.
greets, bb _________________ Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
Back to top |
|
|
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1606 Location: Fayetteville, NC, USA
|
Posted: Wed Feb 07, 2018 4:09 pm Post subject: |
|
|
I'll check that out in a minute, thank you. I have read the guides for Ubuntu and Cent but the issue is step one. I cannot get past it. They all mention this "vars" script which does not exist on any Gentoo system I have access to. Everything in their guides depends on this mystical n00b script so they never cover actually generating CAs and such, they just tell me to edit the stupid script and run it. That doesn't help me.
It's like telling me to push the auto-start button in my 2002 BMW. It doesn't have one. It still uses a key, so the guide on starting the car would be a fail at step one. _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3498
|
Posted: Wed Feb 07, 2018 8:17 pm Post subject: |
|
|
I think that "vars" file is from easy-rsa. It is available in portage too.
Alternatively, you can use openssl to generate CA and certs in slightly more manual way. The difference isn't all that big. There are guides on this all over the internet, often accompanied by commands for creating self-signed certs. |
|
Back to top |
|
|
KintaroBC n00b
Joined: 15 Feb 2014 Posts: 63 Location: Australia
|
Posted: Wed Feb 07, 2018 10:23 pm Post subject: |
|
|
The vars file is for easy-rsa and allow you to create your own certificate authority. This is for verifying clients and the server for authenticity, and for example this prevents man in the middle attacks.
Make sure you are using the same easy-rsa version as the guide. Otherwise it will seem a bit strange, I know easy-rsa 2 has a vars file to edit. You might be using easy-rsa 3 with a guide for 2. |
|
Back to top |
|
|
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1606 Location: Fayetteville, NC, USA
|
Posted: Thu Feb 08, 2018 5:34 am Post subject: |
|
|
I do have easy-rsa installed, but never found the vars file. I have yet to follow the guide posted above because I have been working with another machine today. I am going to try it soon enough though. I will report back once I check it. _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
bbgermany Veteran
Joined: 21 Feb 2005 Posts: 1844 Location: Oranienburg/Germany
|
Posted: Thu Feb 08, 2018 6:09 am Post subject: |
|
|
Hi,
here is the "var-file":
Code: |
$ /usr/share/easy-rsa # ls -la
insgesamt 64
drwxr-xr-x 3 root root 4096 22. Aug 08:53 .
drwxr-xr-x 87 root root 4096 31. Dez 13:02 ..
-rwxr-xr-x 1 root root 34910 22. Aug 08:53 easyrsa
-rw-r--r-- 1 root root 4560 22. Aug 08:53 openssl-1.0.cnf
-rw-r--r-- 1 root root 8126 22. Aug 08:53 vars.example
drwxr-xr-x 2 root root 4096 22. Aug 08:53 x509-types
$ /usr/share/easy-rsa #
|
greets, bb _________________ Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
Back to top |
|
|
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1606 Location: Fayetteville, NC, USA
|
Posted: Fri Feb 09, 2018 4:48 pm Post subject: |
|
|
That was my issue. Every guide I found told me to check /usr/share/openvpn/easy-rsa. I did a find on the root of my drive but cancelled it after a few minutes. It probably would have found it. My bad.
*UPDATE*
Still not there. I see an example file with LOADS of mess in it which I will study, but no vars file and none of those other scripts either, like the "clean-all" script.
Code: |
user@9y84mj1 /usr/share/easy-rsa $ l
total 52
-rwxr-xr-x 1 root root 34910 Feb 6 20:43 easyrsa
-rw-r--r-- 1 root root 4560 Feb 6 20:43 openssl-1.0.cnf
-rw-r--r-- 1 root root 8126 Feb 6 20:43 vars.example
drwxr-xr-x 1 root root 40 Feb 6 20:43 x509-types
user@9y84mj1
|
_________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
bbgermany Veteran
Joined: 21 Feb 2005 Posts: 1844 Location: Oranienburg/Germany
|
Posted: Sat Feb 10, 2018 12:51 pm Post subject: |
|
|
Hi,
since this is easy-rsa-3.x already, there is no clean-all script anymore. Check for the latest howto for easy-rsa instead or have a look here: https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto
greets, bb _________________ Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|