# OpenVPN server info?

## The_Great_Sephiroth

OK, I am trying to figure out how and what I need to generate to run an OpenVPN server. I keep finding guides for CentOS or Ubuntu but they have all kinds of files missing in Gentoo, such as some "vars" file. How do I properly generate certificates and such for OpenVPN? I have stuck with PPTP for years because it's too damn complicated. Either I have to use a n00b distro with scripts or I can't get any info at all. I know I need certificates but I cannot find info on what type, where to use them, or how to create them unless I have all of these scripts which don't exist as a stock part of OpenVPN. Help?

----------

## bbgermany

Hi,

have a look here: https://forums.gentoo.org/viewtopic-t-538662.html . Even the default howtos for ubuntu or centos are worth a look, since 99% of the howtos are the same for gentoo.

greets, bb

----------

## The_Great_Sephiroth

I'll check that out in a minute, thank you. I have read the guides for Ubuntu and Cent but the issue is step one. I cannot get past it. They all mention this "vars" script which does not exist on any Gentoo system I have access to. Everything in their guides depends on this mystical n00b script so they never cover actually generating CAs and such, they just tell me to edit the stupid script and run it. That doesn't help me.

It's like telling me to push the auto-start button in my 2002 BMW. It doesn't have one. It still uses a key, so the guide on starting the car would be a fail at step one.

----------

## szatox

I think that "vars" file is from easy-rsa. It is available in portage too.

Alternatively, you can use openssl to generate CA and certs in slightly more manual way. The difference isn't all that big. There are guides on this all over the internet, often accompanied by commands for creating self-signed certs.

----------

## KintaroBC

The vars file is for easy-rsa and allow you to create your own certificate authority. This is for verifying clients and the server for authenticity, and for example this prevents man in the middle attacks.

Make sure you are using the same easy-rsa version as the guide. Otherwise it will seem a bit strange, I know easy-rsa 2 has a vars file to edit. You might be using easy-rsa 3 with a guide for 2.

----------

## The_Great_Sephiroth

I do have easy-rsa installed, but never found the vars file. I have yet to follow the guide posted above because I have been working with another machine today. I am going to try it soon enough though. I will report back once I check it.

----------

## bbgermany

Hi,

here is the "var-file":

```

$ /usr/share/easy-rsa # ls -la

insgesamt 64

drwxr-xr-x  3 root root  4096 22. Aug 08:53 .

drwxr-xr-x 87 root root  4096 31. Dez 13:02 ..

-rwxr-xr-x  1 root root 34910 22. Aug 08:53 easyrsa

-rw-r--r--  1 root root  4560 22. Aug 08:53 openssl-1.0.cnf

-rw-r--r--  1 root root  8126 22. Aug 08:53 vars.example

drwxr-xr-x  2 root root  4096 22. Aug 08:53 x509-types

$ /usr/share/easy-rsa #

```

greets, bb

----------

## The_Great_Sephiroth

That was my issue. Every guide I found told me to check /usr/share/openvpn/easy-rsa. I did a find on the root of my drive but cancelled it after a few minutes. It probably would have found it. My bad.

*UPDATE*

Still not there. I see an example file with LOADS of mess in it which I will study, but no vars file and none of those other scripts either, like the "clean-all" script.

```

user@9y84mj1 /usr/share/easy-rsa $ l

total 52

-rwxr-xr-x 1 root root 34910 Feb  6 20:43 easyrsa

-rw-r--r-- 1 root root  4560 Feb  6 20:43 openssl-1.0.cnf

-rw-r--r-- 1 root root  8126 Feb  6 20:43 vars.example

drwxr-xr-x 1 root root    40 Feb  6 20:43 x509-types

user@9y84mj1

```

----------

## bbgermany

Hi,

since this is easy-rsa-3.x already, there is no clean-all script anymore. Check for the latest howto for easy-rsa instead or have a look here: https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto

greets, bb

----------

