OpenVPN server info?

[The_Great_Sephiroth]

OK, I am trying to figure out how and what I need to generate to run an OpenVPN server. I keep finding guides for CentOS or Ubuntu but they have all kinds of files missing in Gentoo, such as some "vars" file. How do I properly generate certificates and such for OpenVPN? I have stuck with PPTP for years because it's too damn complicated. Either I have to use a n00b distro with scripts or I can't get any info at all. I know I need certificates but I cannot find info on what type, where to use them, or how to create them unless I have all of these scripts which don't exist as a stock part of OpenVPN. Help?
_________________
Ever picture systemd as what runs "The Borg"?

[bbgermany]

Hi,

have a look here: https://forums.gentoo.org/viewtopic-t-538662.html . Even the default howtos for ubuntu or centos are worth a look, since 99% of the howtos are the same for gentoo.

greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB

[The_Great_Sephiroth]

I'll check that out in a minute, thank you. I have read the guides for Ubuntu and Cent but the issue is step one. I cannot get past it. They all mention this "vars" script which does not exist on any Gentoo system I have access to. Everything in their guides depends on this mystical n00b script so they never cover actually generating CAs and such, they just tell me to edit the stupid script and run it. That doesn't help me.

It's like telling me to push the auto-start button in my 2002 BMW. It doesn't have one. It still uses a key, so the guide on starting the car would be a fail at step one.
_________________
Ever picture systemd as what runs "The Borg"?

[szatox]

I think that "vars" file is from easy-rsa. It is available in portage too.
Alternatively, you can use openssl to generate CA and certs in slightly more manual way. The difference isn't all that big. There are guides on this all over the internet, often accompanied by commands for creating self-signed certs.

[KintaroBC]

The vars file is for easy-rsa and allow you to create your own certificate authority. This is for verifying clients and the server for authenticity, and for example this prevents man in the middle attacks.

Make sure you are using the same easy-rsa version as the guide. Otherwise it will seem a bit strange, I know easy-rsa 2 has a vars file to edit. You might be using easy-rsa 3 with a guide for 2.

[The_Great_Sephiroth]

I do have easy-rsa installed, but never found the vars file. I have yet to follow the guide posted above because I have been working with another machine today. I am going to try it soon enough though. I will report back once I check it.
_________________
Ever picture systemd as what runs "The Borg"?

[bbgermany]

Hi,

here is the "var-file":

[The_Great_Sephiroth]

That was my issue. Every guide I found told me to check /usr/share/openvpn/easy-rsa. I did a find on the root of my drive but cancelled it after a few minutes. It probably would have found it. My bad.

*UPDATE*

Still not there. I see an example file with LOADS of mess in it which I will study, but no vars file and none of those other scripts either, like the "clean-all" script.

[bbgermany]

Hi,

since this is easy-rsa-3.x already, there is no clean-all script anymore. Check for the latest howto for easy-rsa instead or have a look here: https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto

greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB