Hi,
I need help interpreting the wiki at OpenVPN - Fedora Project Wiki. It’s not very beginner friendly. For example:
- Edit
varsappropriately.
What is vars, and what is “appropriate”?
./easyrsa build-ca
I do this, but terminal asks for ca passphrase. Where does this found? i.e. is it my VPN passphrase, or the ca key? Or something else?
Thanks
EasyRSA configuration variables.
Appropriate to your configuration, although it is not mandatory.
In general case, you need to specify a unique passphrase for each private key including the CA private key, however you can avoid it with the nopass flag.
Personally, I use an automated script like this:
sudo dnf install openvpn easy-rsa
export EASYRSA_CMD="/usr/share/easy-rsa/3/easyrsa"
export EASYRSA_PKI="${HOME}/.local/share/openvpn/pki"
export EASYRSA_REQ_CN="ovpnca"
export EASYRSA_BATCH="1"
mkdir -p ${EASYRSA_PKI}
${EASYRSA_CMD} init-pki
${EASYRSA_CMD} gen-dh
${EASYRSA_CMD} build-ca nopass
while read -r OVPN_ID
do
case ${OVPN_ID} in
(*server*) ${EASYRSA_CMD} build-server-full ${OVPN_ID} nopass ;;
(*) ${EASYRSA_CMD} build-client-full ${OVPN_ID} nopass ;;
esac
done << EOF
vgserver
vgrouter
vglaptop
vgmobile
EOF
openvpn --genkey --secret ${EASYRSA_PKI}/tc.pem
I’ll try the script - thanks!