Hi all, I am facing an issue where while including master branch for netjsonconfig , when I try to access device option in openwisp GUI, I get server error but if I try to use TAG-0.8.1 then I can access device option without any server error. Please help me. These two branches have mgmt IP changes in it. I think some bug in master branch because of mgmt IP changes. # openwisp2_django_netjsonconfig_pip: https://github.com/openwisp/django-netjsonconfig/tarball/master OR openwisp2_django_netjsonconfig_pip: https://github.com/openwisp/django-netjsonconfig/tarball/0.8.1
Thanks kind regards Pari On Wed, Aug 29, 2018 at 11:40 PM Federico Capoano < [email protected]> wrote: > Pari, > > you have to update the server configuration with Ansible, then you have to > update the VPN client template manually. > > The VPN server object in OpenWISP is needed only for generating the base > VPN client template, store the server certificate and other internal > automations, but it can't magically update everything yet. That will > require a considerable amount of effort to implement. > > I hope this helps. > > Federico > > On Wed, Aug 29, 2018 at 2:59 PM pari khan <[email protected]> wrote: > >> HI Federico, >> Seems like few more issues around these.. >> >> I was able to get the openVPN installed and run based on ansible role >> variables. The /etc/openvpn/server.conf has variables as per the ansible >> role installed package. I also see a tun0 device with IP subnet as per what >> I configured on ansible role >> >> Now, I configure VPN-SERVER configuration via openwisp2. on saving the >> configuration, I dont see it getting updated in /etc/openvpn/server.conf >> and the tun IF also doesnt get IP subnet updated as per VPN-SERVER >> configuration. >> >> Am i missing something? >> >> kind regards, >> Pari Khan >> >> >> On Wed, Aug 29, 2018 at 4:25 PM pari khan <[email protected]> wrote: >> >>> Hi Federico,, >>> >>> Thanks a lot :) >>> It worked for me. >>> kind regards >>> Pari Khan >>> >>> On Wed, Aug 29, 2018 at 1:46 PM Federico Capoano < >>> [email protected]> wrote: >>> >>>> Copy the public and private key of the CA and the server certificate >>>> from the server, you will find the files in the directory of the server >>>> which ansible created to install OpenVPN. >>>> Then paste these in the openwisp web UI, when you create a new CA or >>>> new certificate select "import existing" and the UI will show you only the >>>> relevant fields. >>>> >>>> Try and let me know :-) >>>> >>>> On Wed, Aug 29, 2018 at 9:52 AM pari khan <[email protected]> wrote: >>>> >>>>> Hi Federico, >>>>> >>>>> Thanks for quick reply. >>>>> I installed openvpn via ansible. As per the instruction in ( >>>>> https://github.com/Stouts/Stouts.openvpn) I added variables for CA >>>>> and certificates in playbook.yml file. >>>>> When I tried importing the CA and certificate how do we ensure the >>>>> import is happening from where the ansible role created CA and >>>>> certificate ? >>>>> When I tried importing CA the country/state etc fields were empty , >>>>> am I missing something. >>>>> Please help. >>>>> kind regards >>>>> pari khan >>>>> >>>>> On Tue, Aug 28, 2018 at 8:05 PM Federico Capoano < >>>>> [email protected]> wrote: >>>>> >>>>>> One more thing: ensure the firmware image contains a pre-existing >>>>>> /etc/config/openvpn file, even an empty one is fine, otherwise when a new >>>>>> configuration is downloaded the OpenVPN process won't be started, you >>>>>> will >>>>>> have to manually launch it but that would invalidate all the work towards >>>>>> automation we are doing. >>>>>> >>>>>> Federico >>>>>> >>>>>> >>>>>> On Tuesday, August 28, 2018 at 1:38:06 PM UTC+2, Federico Capoano >>>>>> wrote: >>>>>>> >>>>>>> Hi Pari and welcome, >>>>>>> >>>>>>> this process is not documented yet (we have a ticket for it >>>>>>> <https://github.com/openwisp/openwisp2-docs/issues/44>), the >>>>>>> process is roughly the following: >>>>>>> >>>>>>> - ensure OpenVPN is included in your OpenWRT firmware image or >>>>>>> install it manually on your devices (the former option is >>>>>>> recommended) >>>>>>> - install OpenVPN on the server, you can use this ansible role >>>>>>> if you like: https://github.com/Stouts/Stouts.openvpn >>>>>>> - import the CA, and the server certificate in OpenWISP >>>>>>> - create a new VPN server, select the CA and server certificate >>>>>>> just imported, copy the configuration parameters generated by ansible >>>>>>> - now create a new template of type "VPN-client" >>>>>>> - ensure the auto-cert option is enabled so OpenWISP will >>>>>>> generate client x509 certificates automatically >>>>>>> - enable "default template" option if you want the VPN to be >>>>>>> enabled on all the devices of that organization >>>>>>> - if you want to use this VPN for all the organizations leave >>>>>>> the "organization" parameter empty >>>>>>> - leave the conf empty, hit "save and continue", now you can >>>>>>> tweak the client VPN conf if you need >>>>>>> >>>>>>> After all these passages, devices which will have the new VPN >>>>>>> template will get the OpenVPN conf and the x509 certificate >>>>>>> automatically >>>>>>> created by OpenWISP. This does not assure the VPN will work >>>>>>> straightaway, >>>>>>> you may need to do some testing and tweaking before getting it right. >>>>>>> >>>>>>> If you need to do some tests on the OpenWRT side, I suggest doing it >>>>>>> on the device directly first and once you have a configuration that >>>>>>> works >>>>>>> you copy it into the OpenWISP web UI. >>>>>>> >>>>>>> To debug, check the logs of both clients and server. >>>>>>> >>>>>>> I hope this helps! >>>>>>> Let me know how it goes and if anything is not clear don't hesitate >>>>>>> to ask. >>>>>>> >>>>>>> Federico >>>>>>> >>>>>>> >>>>>>> On Tuesday, August 28, 2018 at 1:11:42 PM UTC+2, pari khan wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> I am new to openwisp. >>>>>>>> with regards to openwisp I am able to get it up and running.I was >>>>>>>> able to connect few APs to openwisp controller. My concern is I want to >>>>>>>> understand how can we install openvpn server .Is CA and certificates >>>>>>>> related to openvpn server? Can we use the keys installed as part of >>>>>>>> openvpn >>>>>>>> server for CA and certificates options in openwisp, I mean can we >>>>>>>> import or >>>>>>>> we have to create new ? >>>>>>>> >>>>>>>> little confused with these options, if I could get any documents or >>>>>>>> guidance will be thankful. >>>>>>>> >>>>>>>> Kind Regards, >>>>>>>> pari >>>>>>>> >>>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "OpenWISP" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "OpenWISP" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OpenWISP" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
