To install a VPN on my server, or at least attempt it.
I followed the instructions, copy and pasted all commands onto a command line.
At number 4 in the instructions, there is no information as to what “vars” or where the “vars” file/directory is (it is not in /etc/openvpn). Obviously that gave me a notice about not having any var file in either number 7 or 8 (my bad, didn’t record which one).
So I continued on…
Got to number 11, cp -ai keys/$( hostname | cut -d. -f1 ).{crt,key} keys/ca.crt keys/dh*.pem /etc/openvpn/keys/ no keys were found.
Continuing on… (yes, I know the install is already dead…)
Number 13, there is no /etc/openvpn/server.conf
Stop… way too many errors…
Suggestions or can someone (who knows way way more than I) fix the instructions?
I intend to funnel my major PC through the VPN (same internal net), and then add my MAC, which is used locally and when I travel, and my iPhone. – Is it worth my while?
Go back to the beginning.
Work step by step
When an error occurs STOP there and fix the error before continuing.
Most errors will get even worse later should one continue because something needed in the later steps was not properly completed. There really is a reason for the steps being done in the listed sequence.
If you then report the exact detailed error you see and the details of what you were doing when that error was seen we probably can help.
We cannot assist without details and blindly continuing after the first is almost certain to encounter later errors. In most cases it is not a problem with the instructions but an error introduced by the user or some software package.
Granted, that is a possibility, maybe even a strong possibility, but it is not always certain.
Having played with multiple flavors of UNIX since I bought for the company where I worked an Altos 8000 running Xenix, circa1981, I have seen many cases that things worked and not.
[Edit vars appropriately]. in the context of that wiki seems to mean edit the variables as needed to make them applicable to your system. Those variables would be found within the files copied in during step 2. (Especially since step 3 has one cd to the newly created directory.)
Yes it might be made a little more clear, but really is self-explanatory.
But, at that step, after looking in the contents of /etc/openvpn, the only “conf”
file found was in /etc/openvpn/easy-rsa, called openssl-easyrsa.cnf .
Some config items were enabled, others not. There didn’t see to be any option where I, as a novice in VPN saw that it must be changed, i.e., enter domain name.
There was no “readme”, “install” or other help type file present. The man file, from what I saw wasn’t much help (I could be wrong).
99.9% programs will work out of the “box” without jiggering with conf files, may not be “best practice”, but as a conf file, you can always go back and reconfigure and then restart the service.
So, I’m back to more specifics on number 4, since the error message I spoke about did say no “VAR” file.
At number 11, cp -ai keys/$( hostname | cut -d. -f1 ).{crt,key} keys/ca.crt keys/dh*.pem /etc/openvpn/keys/
I got this error, whether I sat in /etc/openvpn or /etc/openvpn/easy-rsa and executed the cmd:
cp: cannot stat 'keys/mcq.crt': No such file or directory
cp: cannot stat 'keys/mcq.key': No such file or directory
cp: cannot stat 'keys/ca.crt': No such file or directory
cp: cannot stat 'keys/dh*.pem': No such file or directory
Steps 3 thru 10 are
3. cd /etc/openvpn/easy-rsa
4. Edit vars appropriately.
5. ./easyrsa clean-all
6. Before continuing, make sure the system time is correct. Preferably, set up NTP .
7. ./easyrsa build-ca
8. ./easyrsa build-server-full $( hostname | cut -d. -f1 )
9. ./easyrsa gen-dh
10. mkdir /etc/openvpn/keys
Did every step complete properly? Apparently not if the directory /etc/openvpn/easy-rsa/keys/ was not created and those files needed in step 11 were not generated in step 9
Were you using sudo for each command or had you done sudo su - before starting?
your regular user could not write to anything under the /etc directory so you had to perform every step with root privileges.
Right or wrong that vars.example file looks like it may be at least a start of what is intended when step 4 tells you to edit ‘vars’. It appears to be mostly self documented. If so then it should be placed in /etc/openvpn/easy-rsa and not in the pki subdirectory. I expect ‘vars’ has to be in place before steps 7, 8, & 9 can function properly…
Every command given in those steps after step 3 appears to be done with the user in the /etc/openvpn/easy-rsa directory. Note that instructions do not tell you to cd to another location.
Not sure since I cannot repeat that.
Try removing openvpn again then reinstall just that package.
I get this for removing that package,
# dnf remove openvpn
Dependencies resolved.
====================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================
Removing:
openvpn x86_64 2.5.9-1.fc37 @updates 1.8 M
Removing dependent packages:
NetworkManager-openvpn-gnome x86_64 1:1.8.18-2.fc37 @fedora 370 k
Removing unused dependencies:
NetworkManager-openvpn x86_64 1:1.8.18-2.fc37 @fedora 1.2 M
pkcs11-helper x86_64 1.29.0-2.fc37 @fedora 160 k
Transaction Summary
====================================================================================================================================
Remove 4 Packages
Freed space: 3.5 M
Is this ok [y/N]:
Operation aborted.
However, in the /etc/openvpn/easy-rsa directory after performing step 3 I see a file openssl-easyrsa.cnf file that seems to contain the variables indicated to be edited by step 4.
I am working through those to see what is reasonable. The basic file is generic and must be edited to be applicable to your system.
The file is also self documented so should be easy to edit.
[root@mcq etc]# dnf remove openvpn
Dependencies resolved.
=============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================================================================================
Removing:
openvpn x86_64 2.6.3-1.fc38 @updates 1.7 M
Removing unused dependencies:
pkcs11-helper x86_64 1.29.0-3.fc38 @fedora 161 k
Transaction Summary
=============================================================================================================================================================================================================================================
Remove 2 Packages
Freed space: 1.9 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: openvpn-2.6.3-1.fc38.x86_64 1/2
Glob pattern passed to enable, but globs are not supported for this.
Invalid unit name "openvpn-client@*.service" escaped as "openvpn-client@\x2a.service".
Glob pattern passed to enable, but globs are not supported for this.
Invalid unit name "openvpn-server@*.service" escaped as "openvpn-server@\x2a.service".
Erasing : openvpn-2.6.3-1.fc38.x86_64 1/2
Running scriptlet: openvpn-2.6.3-1.fc38.x86_64 1/2
Erasing : pkcs11-helper-1.29.0-3.fc38.x86_64 2/2
Running scriptlet: pkcs11-helper-1.29.0-3.fc38.x86_64 2/2
Verifying : openvpn-2.6.3-1.fc38.x86_64 1/2
Verifying : pkcs11-helper-1.29.0-3.fc38.x86_64 2/2
Removed:
openvpn-2.6.3-1.fc38.x86_64 pkcs11-helper-1.29.0-3.fc38.x86_64
Complete!
[root@mcq etc]#
While I stopped after the install, the file you mentioned was there first go around. Sorry, I don’t remember the contents (and the name as you showed would not tell me that it was the var file, if I didn’t have a var.example file to compare.
Guess I have to wait until the next update of openvpn (btw, do I file a bug report at Git?)
I am not having a problem with openvpn on F37.
I am at present building an F38 VM to test on the same version you have.
Will update when the build is complete.
Did a complete new install of F38, installed openvpn and easy-rsa per steps 1 - 3
no errors seen at this point.
Is your system fully up to date with dnf upgrade --refresh ?
What happens if you now do a new install of openvpn dnf install openvpn
My next step at this point would be to edit the variables in the .cnf file (step 4) to properly configure the vpn server or client as needed. Since I do not use a vpn I will not do that here.
Is your system fully up to date with dnf upgrade --refresh ?
“Nothing to do” was the final answer
What happens if you now do a new install of openvpn dnf install openvpn
Same error as before:
Glob pattern passed to enable, but globs are not supported for this.
Invalid unit name "openvpn-client@*.service" escaped as "openvpn-client@\x2a.service".
Glob pattern passed to enable, but globs are not supported for this.
Invalid unit name "openvpn-server@*.service" escaped as "openvpn-server@\x2a.service".