[Howto] Install and configure basic OpenVPN server for Oleg firmware

[seb101]

Hey
Im trying to install OpenVPN on my asus wl-500gp (v1) with attached usb-hdd but im stuck on generating keys from easy-rsa.
It's running Oleg 1.9.2.7-10

./install.sh
Package openssl (0.9.7m-6) installed in root is up to date.
Package lzo (2.03-1) installed in root is up to date.
Package net-tools (1.60-6) installed in root is up to date.
Package easy-rsa (2.0rc1SAN-3) installed in root is up to date.
Package psmisc (22.13-1) installed in root is up to date.
Package openvpn (2.2.0-1) installed in root is up to date.
Nothing to be done
Several questions will be asked that will be reflected in the keys
for private use your answer does not matter.
Save previously generated keys from /opt/share/easy-rsa/keys (if any).
Type the number of clients you need keys for and press Enter to continue.
Guess your number of clients well as it takes time both to generate and generate keys again.
1
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
./install.sh: ./install.sh: 55: source: not found
Generating CA key
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating Diffie-Hellman parameters
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
Generating Server key
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 1
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
cannot stat `./keys/server*': No such file or directory
cannot stat `./keys/ca*': No such file or directory
cannot stat `./keys/dh1024.pem': No such file or directory
cannot stat `./keys/client*': No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/client0?.key: No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/client0?.crt: No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/ca.crt: No such file or directory
tar: Error exit delayed from previous errors
Starting: openvpn

easy-rsa vars : /opt/share/easy-rsa

# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="/opt/share/easy-rsa"

#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
#export PKCS11TOOL="pkcs11-tool" - uncommented as i don't have it, is it even avaliable and required? (README said it can be uncommented)
export GREP="grep"


# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`/opt/share/easy_rsa/openssl.cnf` <--- changed this to openssl.cnf from whichopensslcnf (tested both) as README said

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="/opt/etc/openvpn/easy_rsa/keys"

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=1024

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"

any idea what is wrong with my config ?

[Nix_o_lay]

Hey
Im trying to install OpenVPN on my asus wl-500gp (v1) with attached usb-hdd but im stuck on generating keys from easy-rsa.
It's running Oleg 1.9.2.7-10




easy-rsa vars : /opt/share/easy-rsa


any idea what is wrong with my config ?

replace this line within script:

source ${RSAVAR}

with this:

. ${RSAVAR}

It worked for me.

[ekze]

I've got the same problem.
Tried replacing the line suggested in the post above - didn't help.

Code:

install.sh
Package openssl (0.9.7m-6) installed in /opt/ is up to date.
Package lzo (2.03-1) installed in /opt/ is up to date.
Package net-tools (1.60-6) installed in /opt/ is up to date.
Package easy-rsa (2.0rc1SAN-3) installed in /opt/ is up to date.
Package psmisc (22.13-1) installed in /opt/ is up to date.
Package openvpn (2.2.0-1) installed in /opt/ is up to date.
Nothing to be done
Successfully terminated.
Several questions will be asked that will be reflected in the keys
for private use your answer does not matter.
Save previously generated keys from /opt/share/easy-rsa/keys (if any).
Type the number of clients you need keys for and press Enter to continue.
Guess your number of clients well as it takes time both to generate and generate keys again.
3
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
NOTE: If you run ./clean-all, I will be doing a rm -rf on /opt/share/easy-rsa/keys
Generating CA key
  Please edit the vars script to reflect your configuration,
  then source it with "source ./vars".
  Next, to start with a fresh PKI configuration and to delete any
  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool (pkitool) to build certificates/keys.
Generating Diffie-Hellman parameters
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
Generating Server key
  Please edit the vars script to reflect your configuration,
  then source it with "source ./vars".
  Next, to start with a fresh PKI configuration and to delete any
  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 1
  Please edit the vars script to reflect your configuration,
  then source it with "source ./vars".
  Next, to start with a fresh PKI configuration and to delete any
  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 2
  Please edit the vars script to reflect your configuration,
  then source it with "source ./vars".
  Next, to start with a fresh PKI configuration and to delete any
  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 3
  Please edit the vars script to reflect your configuration,
  then source it with "source ./vars".
  Next, to start with a fresh PKI configuration and to delete any
  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool (pkitool) to build certificates/keys.
cannot stat `./keys/server*': No such file or directory
cannot stat `./keys/ca*': No such file or directory
cannot stat `./keys/dh1024.pem': No such file or directory
cannot stat `./keys/client*': No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/ca.crt: No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/client0?.crt: No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/client0?.key: No such file or directory
tar: error exit delayed from previous errors
Starting: openvpn

Anyone knows what is causing this and how to fix it?

[aegisrtcw]

I've got the same problem.
Tried replacing the line suggested in the post above - didn't help.
Anyone knows what is causing this and how to fix it?

Try

Code:

cp /opt/share/easy-rsa/* /opt/etc/openvpn/easy-rsa

[seff]

Hey
Im trying to install OpenVPN on my asus wl-500gp (v1) with attached usb-hdd but im stuck on generating keys from easy-rsa.
It's running Oleg 1.9.2.7-10

easy-rsa vars : /opt/share/easy-rsa

any idea what is wrong with my config ?

Hi Matej,
this is going to fix it:

1)
Yes, replace source ${RSAVAR}" with ". ${RSAVAR} in the script. This is because 'source' is not recognized by /bin/sh shell (it is in BASH).
and move the sourcing command one line above before cleaning:

change these two lines:
./clean-all
. ${RSAVAR}

to:
. ${RSAVAR}
./clean-all

2)
Do not execute cp /opt/share/easy-rsa/* /opt/etc/openvpn/easy-rsa
if you have already done so, then remove it
rm -r /opt/etc/openvpn/easy-rsa

3)
run the script agaion

Now it will work.
J.