Pari, you have to update the server configuration with Ansible, then you have to update the VPN client template manually.
The VPN server object in OpenWISP is needed only for generating the base VPN client template, store the server certificate and other internal automations, but it can't magically update everything yet. That will require a considerable amount of effort to implement. I hope this helps. Federico On Wed, Aug 29, 2018 at 2:59 PM pari khan <[email protected]> wrote: > HI Federico, > Seems like few more issues around these.. > > I was able to get the openVPN installed and run based on ansible role > variables. The /etc/openvpn/server.conf has variables as per the ansible > role installed package. I also see a tun0 device with IP subnet as per what > I configured on ansible role > > Now, I configure VPN-SERVER configuration via openwisp2. on saving the > configuration, I dont see it getting updated in /etc/openvpn/server.conf > and the tun IF also doesnt get IP subnet updated as per VPN-SERVER > configuration. > > Am i missing something? > > kind regards, > Pari Khan > > > On Wed, Aug 29, 2018 at 4:25 PM pari khan <[email protected]> wrote: > >> Hi Federico,, >> >> Thanks a lot :) >> It worked for me. >> kind regards >> Pari Khan >> >> On Wed, Aug 29, 2018 at 1:46 PM Federico Capoano < >> [email protected]> wrote: >> >>> Copy the public and private key of the CA and the server certificate >>> from the server, you will find the files in the directory of the server >>> which ansible created to install OpenVPN. >>> Then paste these in the openwisp web UI, when you create a new CA or new >>> certificate select "import existing" and the UI will show you only the >>> relevant fields. >>> >>> Try and let me know :-) >>> >>> On Wed, Aug 29, 2018 at 9:52 AM pari khan <[email protected]> wrote: >>> >>>> Hi Federico, >>>> >>>> Thanks for quick reply. >>>> I installed openvpn via ansible. As per the instruction in ( >>>> https://github.com/Stouts/Stouts.openvpn) I added variables for CA and >>>> certificates in playbook.yml file. >>>> When I tried importing the CA and certificate how do we ensure the >>>> import is happening from where the ansible role created CA and certificate >>>> ? >>>> When I tried importing CA the country/state etc fields were empty , am >>>> I missing something. >>>> Please help. >>>> kind regards >>>> pari khan >>>> >>>> On Tue, Aug 28, 2018 at 8:05 PM Federico Capoano < >>>> [email protected]> wrote: >>>> >>>>> One more thing: ensure the firmware image contains a pre-existing >>>>> /etc/config/openvpn file, even an empty one is fine, otherwise when a new >>>>> configuration is downloaded the OpenVPN process won't be started, you will >>>>> have to manually launch it but that would invalidate all the work towards >>>>> automation we are doing. >>>>> >>>>> Federico >>>>> >>>>> >>>>> On Tuesday, August 28, 2018 at 1:38:06 PM UTC+2, Federico Capoano >>>>> wrote: >>>>>> >>>>>> Hi Pari and welcome, >>>>>> >>>>>> this process is not documented yet (we have a ticket for it >>>>>> <https://github.com/openwisp/openwisp2-docs/issues/44>), the process >>>>>> is roughly the following: >>>>>> >>>>>> - ensure OpenVPN is included in your OpenWRT firmware image or >>>>>> install it manually on your devices (the former option is recommended) >>>>>> - install OpenVPN on the server, you can use this ansible role if >>>>>> you like: https://github.com/Stouts/Stouts.openvpn >>>>>> - import the CA, and the server certificate in OpenWISP >>>>>> - create a new VPN server, select the CA and server certificate >>>>>> just imported, copy the configuration parameters generated by ansible >>>>>> - now create a new template of type "VPN-client" >>>>>> - ensure the auto-cert option is enabled so OpenWISP will >>>>>> generate client x509 certificates automatically >>>>>> - enable "default template" option if you want the VPN to be >>>>>> enabled on all the devices of that organization >>>>>> - if you want to use this VPN for all the organizations leave >>>>>> the "organization" parameter empty >>>>>> - leave the conf empty, hit "save and continue", now you can >>>>>> tweak the client VPN conf if you need >>>>>> >>>>>> After all these passages, devices which will have the new VPN >>>>>> template will get the OpenVPN conf and the x509 certificate automatically >>>>>> created by OpenWISP. This does not assure the VPN will work straightaway, >>>>>> you may need to do some testing and tweaking before getting it right. >>>>>> >>>>>> If you need to do some tests on the OpenWRT side, I suggest doing it >>>>>> on the device directly first and once you have a configuration that works >>>>>> you copy it into the OpenWISP web UI. >>>>>> >>>>>> To debug, check the logs of both clients and server. >>>>>> >>>>>> I hope this helps! >>>>>> Let me know how it goes and if anything is not clear don't hesitate >>>>>> to ask. >>>>>> >>>>>> Federico >>>>>> >>>>>> >>>>>> On Tuesday, August 28, 2018 at 1:11:42 PM UTC+2, pari khan wrote: >>>>>>> >>>>>>> Hi, >>>>>>> I am new to openwisp. >>>>>>> with regards to openwisp I am able to get it up and running.I was >>>>>>> able to connect few APs to openwisp controller. My concern is I want to >>>>>>> understand how can we install openvpn server .Is CA and certificates >>>>>>> related to openvpn server? Can we use the keys installed as part of >>>>>>> openvpn >>>>>>> server for CA and certificates options in openwisp, I mean can we >>>>>>> import or >>>>>>> we have to create new ? >>>>>>> >>>>>>> little confused with these options, if I could get any documents or >>>>>>> guidance will be thankful. >>>>>>> >>>>>>> Kind Regards, >>>>>>> pari >>>>>>> >>>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "OpenWISP" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OpenWISP" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "OpenWISP" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
