Hi Federico, Thanks for quick reply. I installed openvpn via ansible. As per the instruction in ( https://github.com/Stouts/Stouts.openvpn) I added variables for CA and certificates in playbook.yml file. When I tried importing the CA and certificate how do we ensure the import is happening from where the ansible role created CA and certificate ? When I tried importing CA the country/state etc fields were empty , am I missing something. Please help. kind regards pari khan
On Tue, Aug 28, 2018 at 8:05 PM Federico Capoano <[email protected]> wrote: > One more thing: ensure the firmware image contains a pre-existing > /etc/config/openvpn file, even an empty one is fine, otherwise when a new > configuration is downloaded the OpenVPN process won't be started, you will > have to manually launch it but that would invalidate all the work towards > automation we are doing. > > Federico > > > On Tuesday, August 28, 2018 at 1:38:06 PM UTC+2, Federico Capoano wrote: >> >> Hi Pari and welcome, >> >> this process is not documented yet (we have a ticket for it >> <https://github.com/openwisp/openwisp2-docs/issues/44>), the process is >> roughly the following: >> >> - ensure OpenVPN is included in your OpenWRT firmware image or >> install it manually on your devices (the former option is recommended) >> - install OpenVPN on the server, you can use this ansible role if you >> like: https://github.com/Stouts/Stouts.openvpn >> - import the CA, and the server certificate in OpenWISP >> - create a new VPN server, select the CA and server certificate just >> imported, copy the configuration parameters generated by ansible >> - now create a new template of type "VPN-client" >> - ensure the auto-cert option is enabled so OpenWISP will generate >> client x509 certificates automatically >> - enable "default template" option if you want the VPN to be >> enabled on all the devices of that organization >> - if you want to use this VPN for all the organizations leave the >> "organization" parameter empty >> - leave the conf empty, hit "save and continue", now you can tweak >> the client VPN conf if you need >> >> After all these passages, devices which will have the new VPN template >> will get the OpenVPN conf and the x509 certificate automatically created by >> OpenWISP. This does not assure the VPN will work straightaway, you may need >> to do some testing and tweaking before getting it right. >> >> If you need to do some tests on the OpenWRT side, I suggest doing it on >> the device directly first and once you have a configuration that works you >> copy it into the OpenWISP web UI. >> >> To debug, check the logs of both clients and server. >> >> I hope this helps! >> Let me know how it goes and if anything is not clear don't hesitate to >> ask. >> >> Federico >> >> >> On Tuesday, August 28, 2018 at 1:11:42 PM UTC+2, pari khan wrote: >>> >>> Hi, >>> I am new to openwisp. >>> with regards to openwisp I am able to get it up and running.I was able >>> to connect few APs to openwisp controller. My concern is I want to >>> understand how can we install openvpn server .Is CA and certificates >>> related to openvpn server? Can we use the keys installed as part of openvpn >>> server for CA and certificates options in openwisp, I mean can we import or >>> we have to create new ? >>> >>> little confused with these options, if I could get any documents or >>> guidance will be thankful. >>> >>> Kind Regards, >>> pari >>> >>> -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
