search

robertdebock / ansible-role-openvpn

Install and configure openvpn server or client on your system.
https://robertdebock.nl/
Apache License 2.0
46 stars 16 forks source link

Cannot use easy-rsa without modifying the local directory structure #11

Open NanoPish opened 3 years ago

NanoPish commented 3 years ago

Describe the bug

On debian 10

cd /etc/openvpn/easy-rsa bash /etc/openvpn/easy-rsa/create_client.sh

The script fails to generate the conf because

1) the files it looks for are in ./pki/private/ and ./pki/issued/ not in ./private and ./issued

2) the ta.key ca.crt and ta.key are not in . but in ../server/

3) requires zip

Am I starting the easy-rsa script from the wrong location ?

Playbook

Please paste the playbook you are using. (Consider requirements.yml and optionally the command you've invoked.)

---
- hosts: MYVPN
  become: yes
  roles:
    - role: robertdebock.ansible-role-openvpn

Output

root@CDPVPN:/etc/openvpn/easy-rsa# bash create_client.sh testdude                                                                                                                                              
/etc/openvpn/easy-rsa/vars: line 7: /etc/openvpn/easy-rsa/whichopensslcnf: No such file or directory                                                                                                       
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys                 

Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019                                                                                                                                                             

Easy-RSA error:                                                                                                                                                                                            

Key file already exists. Aborting build to avoid overwriting this file.                                                                                                                                    
If you wish to continue, please use a different name or remove the file.                                                                                                                                   
Matching file found at:  /etc/openvpn/easy-rsa/pki/private/testdude.key                                                                                                                                        

mkdir: cannot create directory ‘/etc/openvpn/client/testdude/’: File exists                                                                                                                                    
cp: cannot stat 'issued/testdude.crt': No such file or directory                                                                                                                                               
cp: cannot stat 'private/testdude.key': No such file or directory                                                                                                                                              
cp: cannot stat 'ca.crt': No such file or directory                                                                                                                                                        
cp: cannot stat 'ta.key': No such file or directory                                                                                                                                                        
create_client.sh: line 15: zip: command not found

Environment

Please consider sponsoring me.

NanoPish commented 3 years ago

Works after going to /etc/openvpn/easy-rsa/

And copying ta.key and ca.crt from ../server/ to .

And adding the ./pki prefix in the easy-rsa script create_client.sh, giving:

cp pki/issued/$1.crt pki/private/$1.key ca.crt ta.key /etc/openvpn/client/$1/

robertdebock commented 3 years ago

Thanks @NanoPish for the report. I'll work on a fix. May ask for some more details, but glancing over this issue, I think everything has been described.