HI Federico, Seems like few more issues around these.. I was able to get the openVPN installed and run based on ansible role variables. The /etc/openvpn/server.conf has variables as per the ansible role installed package. I also see a tun0 device with IP subnet as per what I configured on ansible role
Now, I configure VPN-SERVER configuration via openwisp2. on saving the configuration, I dont see it getting updated in /etc/openvpn/server.conf and the tun IF also doesnt get IP subnet updated as per VPN-SERVER configuration. Am i missing something? kind regards, Pari Khan On Wed, Aug 29, 2018 at 4:25 PM pari khan <[email protected]> wrote: > Hi Federico,, > > Thanks a lot :) > It worked for me. > kind regards > Pari Khan > > On Wed, Aug 29, 2018 at 1:46 PM Federico Capoano < > [email protected]> wrote: > >> Copy the public and private key of the CA and the server certificate from >> the server, you will find the files in the directory of the server which >> ansible created to install OpenVPN. >> Then paste these in the openwisp web UI, when you create a new CA or new >> certificate select "import existing" and the UI will show you only the >> relevant fields. >> >> Try and let me know :-) >> >> On Wed, Aug 29, 2018 at 9:52 AM pari khan <[email protected]> wrote: >> >>> Hi Federico, >>> >>> Thanks for quick reply. >>> I installed openvpn via ansible. As per the instruction in ( >>> https://github.com/Stouts/Stouts.openvpn) I added variables for CA and >>> certificates in playbook.yml file. >>> When I tried importing the CA and certificate how do we ensure the >>> import is happening from where the ansible role created CA and certificate ? >>> When I tried importing CA the country/state etc fields were empty , am >>> I missing something. >>> Please help. >>> kind regards >>> pari khan >>> >>> On Tue, Aug 28, 2018 at 8:05 PM Federico Capoano < >>> [email protected]> wrote: >>> >>>> One more thing: ensure the firmware image contains a pre-existing >>>> /etc/config/openvpn file, even an empty one is fine, otherwise when a new >>>> configuration is downloaded the OpenVPN process won't be started, you will >>>> have to manually launch it but that would invalidate all the work towards >>>> automation we are doing. >>>> >>>> Federico >>>> >>>> >>>> On Tuesday, August 28, 2018 at 1:38:06 PM UTC+2, Federico Capoano wrote: >>>>> >>>>> Hi Pari and welcome, >>>>> >>>>> this process is not documented yet (we have a ticket for it >>>>> <https://github.com/openwisp/openwisp2-docs/issues/44>), the process >>>>> is roughly the following: >>>>> >>>>> - ensure OpenVPN is included in your OpenWRT firmware image or >>>>> install it manually on your devices (the former option is recommended) >>>>> - install OpenVPN on the server, you can use this ansible role if >>>>> you like: https://github.com/Stouts/Stouts.openvpn >>>>> - import the CA, and the server certificate in OpenWISP >>>>> - create a new VPN server, select the CA and server certificate >>>>> just imported, copy the configuration parameters generated by ansible >>>>> - now create a new template of type "VPN-client" >>>>> - ensure the auto-cert option is enabled so OpenWISP will >>>>> generate client x509 certificates automatically >>>>> - enable "default template" option if you want the VPN to be >>>>> enabled on all the devices of that organization >>>>> - if you want to use this VPN for all the organizations leave >>>>> the "organization" parameter empty >>>>> - leave the conf empty, hit "save and continue", now you can >>>>> tweak the client VPN conf if you need >>>>> >>>>> After all these passages, devices which will have the new VPN template >>>>> will get the OpenVPN conf and the x509 certificate automatically created >>>>> by >>>>> OpenWISP. This does not assure the VPN will work straightaway, you may >>>>> need >>>>> to do some testing and tweaking before getting it right. >>>>> >>>>> If you need to do some tests on the OpenWRT side, I suggest doing it >>>>> on the device directly first and once you have a configuration that works >>>>> you copy it into the OpenWISP web UI. >>>>> >>>>> To debug, check the logs of both clients and server. >>>>> >>>>> I hope this helps! >>>>> Let me know how it goes and if anything is not clear don't hesitate to >>>>> ask. >>>>> >>>>> Federico >>>>> >>>>> >>>>> On Tuesday, August 28, 2018 at 1:11:42 PM UTC+2, pari khan wrote: >>>>>> >>>>>> Hi, >>>>>> I am new to openwisp. >>>>>> with regards to openwisp I am able to get it up and running.I was >>>>>> able to connect few APs to openwisp controller. My concern is I want to >>>>>> understand how can we install openvpn server .Is CA and certificates >>>>>> related to openvpn server? Can we use the keys installed as part of >>>>>> openvpn >>>>>> server for CA and certificates options in openwisp, I mean can we import >>>>>> or >>>>>> we have to create new ? >>>>>> >>>>>> little confused with these options, if I could get any documents or >>>>>> guidance will be thankful. >>>>>> >>>>>> Kind Regards, >>>>>> pari >>>>>> >>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OpenWISP" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "OpenWISP" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
