Installed OpenVPN in CentOS 6 – Can't find easy-rsa directory anywhere!

Just a quick one I came across today – I’ve installed OpenVPN but I wasn’t able to find the easy-rsa directory that simplifies the process of creating a server hugely.

If you’re here for the same reason, it’s because it’s not delivered with the install anymore. Good times!

As pointed out by a user in the comments.. it’s in yum just in a separate package. Can’t believe I missed that trick! *facepalm*yum install easy-rsa

I’ll leave the rest of the post here in case it’s ever needed by anybody, but yeah your standard install is in the EPEL yum repo..

Grab it here: https://github.com/OpenVPN/easy-rsa

I’m not sure why it was removed to be honest, and even more honestly I’ve not looked any further into it! Personally I did a git clone on it and then copied out the 2.0 dir cp -r /path/to/easy-rsa/easy-rsa/2.0 /etc/openvpn/easy-rsa

From there it’s the standard usage, edit your ./vars file to suit your environment if needed. Only clean all if this is a fresh install. This all assumes it’s fresh so make sure you CYA!
Personally I also make a link to the keys dir for easy configging ln -s /etc/openvpn/easy-rsa/keys /etc/openvpn/keys

cd easy-rsa
source ./vars
./clean-all
./build-ca
./build-dh
# Go make a cup of coffee, drink it, make another.
# This one takes a moment or two and spams up your terminal with dots and plusses.
# All good stuff really
./build-key-server servername

From here you should probably generate a CSR on the guest nodes and sign the csr using ./sign-req but as my VPN is a simple closed network with keys copied over SSH it’s just quicker to

./build-key guestname
scp ./keys/guestname.{crt,key} ./keys/ca.crt [email protected]:/etc/openvpn/

Copy (using scp of course. Don’t go using FTP or email on me) guestname.crt, guestname.key, ca.key

You’ll reference these files in your server.conf and client.conf configuration files. Let me know if you’d like an OpenVPN client-server config walkthrough/video – I’d have fleshed this one out but there’s thousands of them on them interwebs!

Hope this helps! If you do know why it was removed from the yum package please feel free to teach the wealth in the comment section below, muchly appreciated as always!

7 Comments

  1. @Bob

    Try this: whereis easy-rsa
    Output something like this: easy-rsa: /usr/share/easy-rsa

    Reply

  2. install easy-rsa for all linux system

    sudo yum -y install git

    or

    sudo apt-get -y install git

    cd /etc/openvpn

    sudo rm -rf *

    sudo git clone –branch release/2.x https://github.com/OpenVPN/easy-rsa.git

    cd easy-rsa

    sudo rm -rf configure.ac COPYING COPYRIGHT.GPL distro doc Makefile.am README

    cp easy-rsa/2.0/* ./

    sudo rm -rf easy-rsa

    Reply

Leave a Reply