Hi Federico,, Thanks a lot :) It worked for me. kind regards Pari Khan
On Wed, Aug 29, 2018 at 1:46 PM Federico Capoano <[email protected]> wrote: > Copy the public and private key of the CA and the server certificate from > the server, you will find the files in the directory of the server which > ansible created to install OpenVPN. > Then paste these in the openwisp web UI, when you create a new CA or new > certificate select "import existing" and the UI will show you only the > relevant fields. > > Try and let me know :-) > > On Wed, Aug 29, 2018 at 9:52 AM pari khan <[email protected]> wrote: > >> Hi Federico, >> >> Thanks for quick reply. >> I installed openvpn via ansible. As per the instruction in ( >> https://github.com/Stouts/Stouts.openvpn) I added variables for CA and >> certificates in playbook.yml file. >> When I tried importing the CA and certificate how do we ensure the import >> is happening from where the ansible role created CA and certificate ? >> When I tried importing CA the country/state etc fields were empty , am I >> missing something. >> Please help. >> kind regards >> pari khan >> >> On Tue, Aug 28, 2018 at 8:05 PM Federico Capoano < >> [email protected]> wrote: >> >>> One more thing: ensure the firmware image contains a pre-existing >>> /etc/config/openvpn file, even an empty one is fine, otherwise when a new >>> configuration is downloaded the OpenVPN process won't be started, you will >>> have to manually launch it but that would invalidate all the work towards >>> automation we are doing. >>> >>> Federico >>> >>> >>> On Tuesday, August 28, 2018 at 1:38:06 PM UTC+2, Federico Capoano wrote: >>>> >>>> Hi Pari and welcome, >>>> >>>> this process is not documented yet (we have a ticket for it >>>> <https://github.com/openwisp/openwisp2-docs/issues/44>), the process >>>> is roughly the following: >>>> >>>> - ensure OpenVPN is included in your OpenWRT firmware image or >>>> install it manually on your devices (the former option is recommended) >>>> - install OpenVPN on the server, you can use this ansible role if >>>> you like: https://github.com/Stouts/Stouts.openvpn >>>> - import the CA, and the server certificate in OpenWISP >>>> - create a new VPN server, select the CA and server certificate >>>> just imported, copy the configuration parameters generated by ansible >>>> - now create a new template of type "VPN-client" >>>> - ensure the auto-cert option is enabled so OpenWISP will >>>> generate client x509 certificates automatically >>>> - enable "default template" option if you want the VPN to be >>>> enabled on all the devices of that organization >>>> - if you want to use this VPN for all the organizations leave >>>> the "organization" parameter empty >>>> - leave the conf empty, hit "save and continue", now you can >>>> tweak the client VPN conf if you need >>>> >>>> After all these passages, devices which will have the new VPN template >>>> will get the OpenVPN conf and the x509 certificate automatically created by >>>> OpenWISP. This does not assure the VPN will work straightaway, you may need >>>> to do some testing and tweaking before getting it right. >>>> >>>> If you need to do some tests on the OpenWRT side, I suggest doing it on >>>> the device directly first and once you have a configuration that works you >>>> copy it into the OpenWISP web UI. >>>> >>>> To debug, check the logs of both clients and server. >>>> >>>> I hope this helps! >>>> Let me know how it goes and if anything is not clear don't hesitate to >>>> ask. >>>> >>>> Federico >>>> >>>> >>>> On Tuesday, August 28, 2018 at 1:11:42 PM UTC+2, pari khan wrote: >>>>> >>>>> Hi, >>>>> I am new to openwisp. >>>>> with regards to openwisp I am able to get it up and running.I was able >>>>> to connect few APs to openwisp controller. My concern is I want to >>>>> understand how can we install openvpn server .Is CA and certificates >>>>> related to openvpn server? Can we use the keys installed as part of >>>>> openvpn >>>>> server for CA and certificates options in openwisp, I mean can we import >>>>> or >>>>> we have to create new ? >>>>> >>>>> little confused with these options, if I could get any documents or >>>>> guidance will be thankful. >>>>> >>>>> Kind Regards, >>>>> pari >>>>> >>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "OpenWISP" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
