Page 1 of 1
RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Thu Dec 24, 2015 2:56 am
by pteeson
I am working through installing openVPN server on my RPi2 and am stuck.
There are several good tutorials and I've been following the steps in this one:
<
http://www.bbc.com/news/technology-33548728>. The others have the same steps.
Apparently they are all now out of date wrt easy-rsa.
After doing the usual sudo apt-get update && sudo apt-get upgrade
I moved on to sudo apt-get install openvpn. This appeared to work.
The next step is to generate keys using Easy-RSA.
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
No such file or directory.
I did some digging and openVPN says that it's no longer part of the main project.
It's now a sub-project. I found it here: <
https://github.com/OpenVPN/easy-rsa>
I have no idea how to add it to whatever data base apt-get uses.
Yes I looked at the Debian Package Management docs and got lost.
Please point me at a simple example of how to add easy-rsa to the apt db.
TIA
respect...
Peter
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Fri Dec 25, 2015 5:03 am
by lmarmisa
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Thu Dec 31, 2015 4:50 pm
by rrichiez
Hey have you gotten openvpn to work? if so please give me heads up on what script or page, op system you used to get it worked . I think I have tried every one out there with no luck... please help
rrichiez
thanks before hand
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Thu Dec 31, 2015 7:55 pm
by DougieLawson
There's no separate easy-rsa package. You'll find it in /usr/share/easy-rsa after installing the openvpn package.
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Fri Jan 01, 2016 1:51 am
by davidcoton
Dougie: Read the OP. I don't know if that is right or not, but if it is, your answer is not helpful.
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Fri Jan 01, 2016 2:28 am
by DougieLawson
You have to read the docs, make a directory (
mkdir -p /etc/openvpn/easy-rsa) and copy the easy-rsa scripts (
cp -R /usr/share/easy-rsa /etc/openvpn/easy-rsa). They then work just fine. The hard part of getting easy-rsa to run is defining all the junk in ../easy-rsa/vars file.
Code: Select all
export KEY_COUNTRY="GB"
export KEY_PROVINCE="Hampshire"
export KEY_CITY="Basingstoke"
export KEY_ORG="Example-Organisation"
export KEY_EMAIL="example@example.co.uk"
export KEY_CN="Example-Canonical-Name"
export KEY_NAME="Example"
export KEY_OU="Example-Domain"
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Fri Jan 01, 2016 10:05 pm
by pteeson
I took a spare SD card and formatted it and installed Raspbian from the NOOBS 1.5 zip.
After which I did the usual sudo apt-ge update && sudo apt-ge upgrade
and then sudo apt-gt install openvpn
From the tail of the log for sudo apt-get install openvpn
[ ok ] Restarting virtual private network daemon.:.
Setting up easy-rsa (2.2.2-1) ...
Setting up opensc (0.14.0-2) ...
Processing triggers for libc-bin (2.19-18+deb8u1) ...
Processing triggers for systemd (215-17+deb8u2) ...
pi@raspberrypi:~ $ sudo -s
root@raspberrypi:/home/pi# cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
cp: cannot stat ‘/usr/share/doc/openvpn/examples/easy-rsa/2.0’: No such file or directory
root@raspberrypi:/home/pi# ls /usr/share/doc/openvpn/examples/
sample-config-files sample-keys sample-scripts
!!!! So as I stated in the OP the instructions in the tutorials are not up to date.!!!!
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA SOLVE
Posted: Fri Jan 01, 2016 10:11 pm
by pteeson
However this command does work as per Lawson's helpful post.
root@raspberrypi:/home/pi# cp -R /usr/share/easy-rsa /etc/openvpn/easy-rsa
So thanks to all who replied and hopefully this will document where the dirs now live.
Re: RPi2 + Raspbian + openVPN SOLVED serve + missing Easy-RS
Posted: Fri Jan 01, 2016 10:15 pm
by pteeson
rrichiez wrote:Hey have you gotten openvpn to work? if so please give me heads up on what script or page, op system you used to get it worked . I think I have tried every one out there with no luck... please help
rrichiez
thanks before hand
I installed Raspian from the NOOBS zip file as per the instructions.
And followed the instructions in this tutorial
<
http://www.bbc.com/news/technology-33548728>
However note the amendment in the previous post to this.....
I've stopped for today but will post when I get it working.
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Fri Jan 01, 2016 10:23 pm
by DougieLawson
You have to remember that tutorial on the BBC was produced by a journalist based on stuff someone technical had told her in the green room or in a pre-production meeting. It's no surprise that it has an error in it. Also it was probably done before Jessie went generally available so things may have moved.
Re: RPi2 + Raspbian + openVPN SOLVED serve + missing Easy-RS
Posted: Fri Jan 01, 2016 10:38 pm
by pteeson
Plausible. But there are at least 2 other tutorials that state the same thing.
This is one of the eternal problems with documentation - it is almost always post-factum and done as a volunteer effort.
Actually the relevant tutorials themselves, as far as I have read them, are pretty good.
I note there is a Debian OpenVPN Wiki here <
https://wiki.debian.org/OpenVPN>.
I'll take a look and see if there is something that would be relevant for Raspbian.
Re: RPi2 + Raspbian + openVPN serve + missing Easy-RSA
Posted: Sun Jan 03, 2016 3:30 am
by malicious
There is no need to copy the easy-rsa directory and files manually anymore. In /usr/share/doc/easy-rsa, there is a file README.Debian(Debian is the distribution Raspbian is based on) explaining the new way to start using easy-rsa. Rather than copy by hand, you call the script /usr/bin/make-cadir. For example, if one wants a working copy of easy-rsa in /etc/openvpn/, the commands would be:
make-cadir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
You should be able to proceed with creating a certificate authority and whatnot from there.