This is a companion discussion topic for the original entry at https://linuxconfig.org/openvpn-setup-on-ubuntu-18-04-bionic-beaver-linux
NOTE: SOME OF THE POSTS BELOW ARE TRANSFERRED FROM LINUXCONFIG DISQUS COMMENTS.
In the client configuration example, you refer to the client.key and client.crt, where are these files generated?
Egidio Docile -> Ed
They are generated inside the “certificates/keys” directory, where “certificates” it’s the name used for the directory generated with the make-cadir command in this tutorial. It’s the same directory where the keys and certificates for the server are generated.
I get this when I type source vars “-su: /root/certificates/openssl-1.0.0.cnf: Permission denied” and i’m logged in as root
Matt -> Cary Bielenberg
Hey Cary, I ran into the same issue. Since the variable was previously being populated by a command, you need to remove the backticks (
) and replace them with quotes.
Egidio Docile -> Cary Bielenberg
You should use administrative privileges only when strictly necessary. I see you are trying to generate the certificates in the /root directory, which is the “home” of root, don’t do that. Work as a normal user and generate the files inside /home/youruser.
Hi, the server’s CRL has expired. How can I re-generate it without having to make any changes on the clients side. I noticed that in the openssl-1.0.0.cnf file the variable “default_crl_days=” was set to just 30 days. I think this is the solution but I couldnt run it in my installation: https://forums.openvpn.net/viewtopic.php?t=23166
What error do you receive when you run the command?
‘Activating’ instead of ‘Active’ was returned after checking the server status. Any suggestions as to what could have caused this?