openvpn-ui icon indicating copy to clipboard operation
openvpn-ui copied to clipboard
verified publisher icon d3vilh

Standalone installation pki error

Open akselite opened this issue 1 year ago • 11 comments

[E] [certificates.go:127] open /etc/openvpn//pki/index.txt: no such file or directory [E] [certificates.go:116] open /etc/openvpn/pki/index.txt: no such file or directory

[E] [ovclientconfig.go:42] open /etc/openvpn/config/client.conf: no such file or directory

how can i change location at /etc/openvpn/easy-rsa/pki (and) /etc/openvpn/ccd/client.conf

Please Help

akselite avatar Jun 04 '24 20:06 akselite

Hi @akselite, you need to go to the Configuration > OpenVPN-UI and update OpenVPN ConfigPath + EasyRSA ConfigPath there: image

Then restart UI and it should take new parameters.

d3vilh avatar Jun 06 '24 15:06 d3vilh

clipboard_image_67ff9c024e1cb0b5 clipboard_image_99bc98793b38e8e3 clipboard_image_fc95e138bdaf8ed5

akselite avatar Jun 08 '24 10:06 akselite

clipboard_image_5cbd58f9f5356c50

akselite avatar Jun 08 '24 10:06 akselite

I've changed it, but when I do the client cert, it says it's not in the pki index.txt location

akselite avatar Jun 08 '24 10:06 akselite

The pki and client issues are fine, but when creating Client Certificates, the exit status is 1, so I can't do it. Please help me

akselite avatar Jun 08 '24 15:06 akselite

I was triying the project to add a cool web interface to openvpn servers but found that the pki path seems hardcoded to $OpenVPN_ConfigPath/pki and in my installations I have the pki folder under $OpenVPN_ConfigPath/easy-rsa/pki. Would be posible to add another config variable for the pki folder?.

As the servers are not containerized configured the openvp paths on the container volumes but as explained in my installations the pki folder is inside of the easy-rsa. Mitigated the problem with a symbolink link but a variable to change this path will be of great help.

SergioAB avatar Jun 14 '24 09:06 SergioAB

I have the same problem too. The pki folder is in /etc/openvpn/server/easy-rsa

> ls /etc/openvpn/server/easy-rsa
COPYING.md  ChangeLog  README.md  README.quickstart.md  doc  easyrsa  gpl-2.0.txt  mktemp.txt  openssl-easyrsa.cnf  pki  vars.example  x509-types

I also have other mapping errors like: open /etc/openvpn/server/config/client.conf: no such file or directory

AntoninoBonanno avatar Jun 14 '24 22:06 AntoninoBonanno

The pki folder is in /etc/openvpn/server/easy-rsa

@AntoninoBonanno if your pki directory is there, just need to set it in "Configuration" > "OpenVPN UI".

OpenVPN UI, using client.conf template to generate .ovpn , you could create there empty file which content would be updated via "Configuration" > '"OpenVPN Client"' menu.

For standalone installation there maybe other workaround which needs to be applied (every server may be different), you could have a look into the scripts used by OpenVPN UI to maintain everything in server backend, there are maybe some necessary customisations done as well.

If you could share more logs I could help to debug it.

d3vilh avatar Jun 16 '24 16:06 d3vilh

the exit status is 1, so I can't do it.

Exit status 1 can be literally anything, it is general error. We need more logs.

You could run UI in dev mode to increase log level.

Or you could try to execute maintenance scripts manually, passing all the parameters and sharing the logs here.

d3vilh avatar Jun 16 '24 17:06 d3vilh

fatal: destination path 'qrencode' already exists and is not an empty directory. Building and packing OpenVPN-UI

| ___
| |/ / ___ ___ | ___ \ / _ \ / _
| |/ /| /| / _/ _| __| v2.1.0

├── GoVersion : go1.21.5 ├── GOOS : linux ├── GOARCH : amd64 ├── NumCPU : 4 ├── GOPATH : ├── GOROOT : /usr/local/go ├── Compiler : gc └── Date : Monday, 12 Aug 2024

| ___
| |/ / ___ ___ | ___ \ / _ \ / _
| |/ /| /| / _/ _| __| v2.1.0 2024/08/12 16:09:32 INFO ▶ 0001 Packaging application on '/home/ubuntu/openvpn-ui'... 2024/08/12 16:09:32 INFO ▶ 0002 Building application (openvpn-ui)... 2024/08/12 16:09:32 INFO ▶ 0003 Using: GOOS=linux GOARCH=amd64 2024/08/12 16:09:35 SUCCESS ▶ 0004 Build Successful! 2024/08/12 16:09:35 INFO ▶ 0005 Writing to output: /home/ubuntu/openvpn-ui/openvpn-ui.tar.gz 2024/08/12 16:09:35 INFO ▶ 0006 Excluding relpath prefix: . 2024/08/12 16:09:35 INFO ▶ 0007 Excluding relpath suffix: .go:.DS_Store:.tmp:go.mod:go.sum 2024/08/12 16:09:35 INFO ▶ 0008 Excluding filename regex: ^vendor|^ace.tar.bz2|^data.db|^build|^README.md|^docs 2024/08/12 16:09:36 SUCCESS ▶ 0009 Application packed! Building qrencode

internal/chacha8rand

/usr/local/go/src/internal/chacha8rand/chacha8_amd64.s:55: ABI selector only permitted when compiling runtime, reference was to """.block" asm: assembly of /usr/local/go/src/internal/chacha8rand/chacha8_amd64.s failed chmod: cannot access 'qrencode': No such file or directory Moving qrencode to GOPATH mv: cannot stat 'qrencode': No such file or directory All done.

I tried to install standalone on Ubuntu and facing issue not working i tried compose also for testing its not even connecting after creating the certificates Tried with UDP and TCP and changed all values at all points and standalone also not working

mrcloudbook avatar Aug 12 '24 16:08 mrcloudbook

I have installed stand alone version and after some "research" most of the functionality openvpn-ui works for me. The installation was done on Debian 12 VM. I had to replace all openvpn certificates. Generally I follow instructions from ReadMe. My observations below:

  1. Openvpn-ui store most of data in database. So before first run put into conf/app.conf correct values for EasyRSAPath and OpenVpnPath. From my experience if you change this setting after first run, openvpn-ui will not see new values.
  2. Install openvpn-ui in /opt directory (/opt/openvpv-ui).
  3. Create /opt/scripts directory and copy there all files from build/assets directory from source
  4. Manually init pki on directory specified in p.1 as OpenVpnPath. In Debian I did: # cd /etc/openvpn # make-cadir easy-rsa/
  5. create symlink from easy-rsa/pki to OpenVpnPath directory. In my case i have been created symlink from from /etc/openvpn/easy-rsa/pki to etc/openvpn/pki. Create in this directory (if not exists) clients, config, staticclients subdirectories.
  6. Now run ./openvpn-gui and look at console output. If anything is marked as [E] in red, make necessary corrections.
  7. Log into openvpn-ui web page. Generate easy-rsa Vars from Configuration - EasyRSA Vars and save it.
  8. Go to Configuration - Maintenance and press: (look at console where you have run ./openvpn-ui for any errors) a) Copy RSA Vars b) Initialize PKI c) Build CA d) Build Sever e) Generate DH f) Generate CRL Generate TA was not working for me. I had to create this from Debian console.
  9. Now create server config from Configuration - OpenVPN Server and save it. One remark, anytime I change anything in server configuration in openvpn-ui my server service was killed. I had to start it manually from console.
  10. Start openvpn service. Check for any errors.
  11. Go to Configuration - OpenVPN Client. Put configuration settings for your clients and save it.
  12. Then go to Certificates and create certificates for Clients. When certificate is created, it should be visible in the client corticates list. If is not not visible, it will be not possible to download ovpn client file. Check output in console for any errors.
  13. Finally, if you want to see openvpn logs in openvpn-ui, create symlink from log directory to /etc/openvpn directory.

Last, you should create systemd service to start openvpn-ui during system boot. I have used information from this page: https://unix.stackexchange.com/questions/625605/run-a-binary-file-via-systemctl

Why I have been creating all certificates again? Because information about hem are also in db and openvpn-ui not saving anything about existing certificates in db.

zoltan65 avatar Sep 04 '24 17:09 zoltan65