Help interpreting OpenVPN Fedora Project wiki

Hi,

I need help interpreting the wiki at https://fedoraproject.org/wiki/OpenVPN?rd=Openvpn. It’s not very beginner friendly. For example:

  1. Edit vars appropriately.
    What is vars, and what is “appropriate”?
  1. ./easyrsa build-ca
    I do this, but terminal asks for ca passphrase. Where does this found? i.e. is it my VPN passphrase, or the ca key? Or something else?

Thanks

1 Like

EasyRSA configuration variables.
Appropriate to your configuration, although it is not mandatory.

In general case, you need to specify a unique passphrase for each private key including the CA private key, however you can avoid it with the nopass flag.

Personally, I use an automated script like this:

sudo dnf install openvpn easy-rsa

export EASYRSA_CMD="/usr/share/easy-rsa/3/easyrsa"
export EASYRSA_PKI="${HOME}/.local/share/openvpn/pki"
export EASYRSA_REQ_CN="ovpnca"
export EASYRSA_BATCH="1"

mkdir -p ${EASYRSA_PKI}
${EASYRSA_CMD} init-pki
${EASYRSA_CMD} gen-dh
${EASYRSA_CMD} build-ca nopass
while read -r OVPN_ID
do
case ${OVPN_ID} in
(*server*) ${EASYRSA_CMD} build-server-full ${OVPN_ID} nopass ;;
(*) ${EASYRSA_CMD} build-client-full ${OVPN_ID} nopass ;;
esac
done << EOF
vgserver
vgrouter
vglaptop
vgmobile
EOF
openvpn --genkey --secret ${EASYRSA_PKI}/tc.pem

I’ll try the script - thanks!

1 Like