Copy the public and private key of the CA and the server certificate from the server, you will find the files in the directory of the server which ansible created to install OpenVPN. Then paste these in the openwisp web UI, when you create a new CA or new certificate select "import existing" and the UI will show you only the relevant fields.
Try and let me know :-) On Wed, Aug 29, 2018 at 9:52 AM pari khan <[email protected]> wrote: > Hi Federico, > > Thanks for quick reply. > I installed openvpn via ansible. As per the instruction in ( > https://github.com/Stouts/Stouts.openvpn) I added variables for CA and > certificates in playbook.yml file. > When I tried importing the CA and certificate how do we ensure the import > is happening from where the ansible role created CA and certificate ? > When I tried importing CA the country/state etc fields were empty , am I > missing something. > Please help. > kind regards > pari khan > > On Tue, Aug 28, 2018 at 8:05 PM Federico Capoano < > [email protected]> wrote: > >> One more thing: ensure the firmware image contains a pre-existing >> /etc/config/openvpn file, even an empty one is fine, otherwise when a new >> configuration is downloaded the OpenVPN process won't be started, you will >> have to manually launch it but that would invalidate all the work towards >> automation we are doing. >> >> Federico >> >> >> On Tuesday, August 28, 2018 at 1:38:06 PM UTC+2, Federico Capoano wrote: >>> >>> Hi Pari and welcome, >>> >>> this process is not documented yet (we have a ticket for it >>> <https://github.com/openwisp/openwisp2-docs/issues/44>), the process is >>> roughly the following: >>> >>> - ensure OpenVPN is included in your OpenWRT firmware image or >>> install it manually on your devices (the former option is recommended) >>> - install OpenVPN on the server, you can use this ansible role if >>> you like: https://github.com/Stouts/Stouts.openvpn >>> - import the CA, and the server certificate in OpenWISP >>> - create a new VPN server, select the CA and server certificate just >>> imported, copy the configuration parameters generated by ansible >>> - now create a new template of type "VPN-client" >>> - ensure the auto-cert option is enabled so OpenWISP will >>> generate client x509 certificates automatically >>> - enable "default template" option if you want the VPN to be >>> enabled on all the devices of that organization >>> - if you want to use this VPN for all the organizations leave the >>> "organization" parameter empty >>> - leave the conf empty, hit "save and continue", now you can >>> tweak the client VPN conf if you need >>> >>> After all these passages, devices which will have the new VPN template >>> will get the OpenVPN conf and the x509 certificate automatically created by >>> OpenWISP. This does not assure the VPN will work straightaway, you may need >>> to do some testing and tweaking before getting it right. >>> >>> If you need to do some tests on the OpenWRT side, I suggest doing it on >>> the device directly first and once you have a configuration that works you >>> copy it into the OpenWISP web UI. >>> >>> To debug, check the logs of both clients and server. >>> >>> I hope this helps! >>> Let me know how it goes and if anything is not clear don't hesitate to >>> ask. >>> >>> Federico >>> >>> >>> On Tuesday, August 28, 2018 at 1:11:42 PM UTC+2, pari khan wrote: >>>> >>>> Hi, >>>> I am new to openwisp. >>>> with regards to openwisp I am able to get it up and running.I was able >>>> to connect few APs to openwisp controller. My concern is I want to >>>> understand how can we install openvpn server .Is CA and certificates >>>> related to openvpn server? Can we use the keys installed as part of openvpn >>>> server for CA and certificates options in openwisp, I mean can we import or >>>> we have to create new ? >>>> >>>> little confused with these options, if I could get any documents or >>>> guidance will be thankful. >>>> >>>> Kind Regards, >>>> pari >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
