I am trying to understand how to use easyrsa 3.2.2 downloaded from github on a freshly built RPi4B running PiOS Lite in order to create an OpenVPN server for private use as described in a parallel thread.
Now I have read the description document here: https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto and tried to use it to set up a very simple system with two clients (myself and my brother in law). But I am struggling to understand the concepts still. I tried the section I feel is most similar to my use: PKI procedure: Producing your complete PKI on the CA machine Now I have done this after creating the vars file from the example with extended lifetimes set: 1) ./easyrsa init-pki (This creates and populates the pki dir) 2) ./easyrsa --nopass build-ca 3) ./easyrsa gen-tls-crypt-key 4) ./easyrsa --nopass build-server-full HakanNew 5) ./easyrsa build-client-full BosseWien (client for myself) 6) ./easyrsa build-client-full HakanWien (client for my brother-in-law) Now what? In the old times I had to copy some crypto files to the /etc/openvpn/keys dir to be used by the server (files listed in the server.conf file). The build-client-full command seems to generate an inline file for each client as well as for the server itself. What do I do with these? Do I put the server's inline file *content* into the server.conf file itself and skip listing the file locations? I.e. no longer a "keys" dir inside /etc/openvpn? I.e. is the idea here that the server.conf file shall be self-contained, not needing any cert/key files found by a file path? And the same for the OVPN client connection files? Do I for instance add my client config items to the top of the inline file and rename it as an ovpn file? Or what is the next step for me to get a server running properly and something to put into the ovpn files? ALSO: ----- A bit down in the document above I found a link to another github script Easy-TLS, which seems to be needed to do something TLS related ("add the finishing touches to your PKI"). But here I am lost, what is it needed for and how do I use it in my simple case? The inline files created above do contain a <tls-crypt> section already.... Grateful for a bit of clarification. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
