This is a companion discussion topic for the original entry at https://linuxconfig.org/openvpn-setup-on-ubuntu-18-04-bionic-beaver-linux
NOTE: SOME OF THE POSTS BELOW ARE TRANSFERRED FROM LINUXCONFIG DISQUS COMMENTS.
In the client configuration example, you refer to the client.key and client.crt, where are these files generated?
Egidio Docile -> Ed
They are generated inside the “certificates/keys” directory, where “certificates” it’s the name used for the directory generated with the make-cadir command in this tutorial. It’s the same directory where the keys and certificates for the server are generated.
I get this when I type source vars “-su: /root/certificates/openssl-1.0.0.cnf: Permission denied” and i’m logged in as root
Matt -> Cary Bielenberg
Hey Cary, I ran into the same issue. Since the variable was previously being populated by a command, you need to remove the backticks (
) and replace them with quotes.
Egidio Docile -> Cary Bielenberg
You should use administrative privileges only when strictly necessary. I see you are trying to generate the certificates in the /root directory, which is the “home” of root, don’t do that. Work as a normal user and generate the files inside /home/youruser.
Hi, the server’s CRL has expired. How can I re-generate it without having to make any changes on the clients side. I noticed that in the openssl-1.0.0.cnf file the variable “default_crl_days=” was set to just 30 days. I think this is the solution but I couldnt run it in my installation: https://forums.openvpn.net/viewtopic.php?t=23166
What error do you receive when you run the command?