I've been following a tutorial to set up my Raspberry Pi to run OpenVPN (I'm quite new to the Pi and networking, and this seemed to be a fun intro project). However, I've run into a road block when trying to generate keys using easy-rsa. I've edited the vars file to point to the easy-rsa directory, but whenever I try to source the vars file, I get the following message:
-bash: /etc/openvpn/easy-rsa: Is a directory-bash: /whichopensslcnf: No such file or directoryNOTE: If you run ./clean-all, I will be doing a rm -rf on /keys/etc/openvpn/easy-rsa is the location of the directory, so I find the first line to be a bit redundant. Also, the /whichopensslcnf file is clearly right there inside the directory.
Any advice or pointers would be much appreciated.
UPDATE #1
The tutorial can be found here: https://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing/
source ./vars is the command being given that results in the error.
# easy-rsa parameter settings# NOTE: If you installed from an RPM,# don't edit this file in place in# /usr/share/openvpn/easy-rsa --# instead, you should copy the whole# easy-rsa directory to another location# (such as /etc/openvpn) so that your# edits will not be wiped out by a future# OpenVPN package upgrade.# This variable should point to# the top level of the easy-rsa# tree.export EASY_RSA="`/etc/openvpn/easy-rsa`"## This variable should point to# the requested executables#export OPENSSL="openssl"export PKCS11TOOL="pkcs11-tool"export GREP="grep"# This variable should point to# the openssl.cnf file included# with easy-rsa.export KEY_CONFIG=`$EASY_RSA/whichopensslcnf`# Edit this variable to point to# your soon-to-be-created key# directory.## WARNING: clean-all will do# a rm -rf on this directory# so make sure you define# it correctly!export KEY_DIR="$EASY_RSA/keys"# Issue rm -rf warningecho NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR# PKCS11 fixesexport PKCS11_MODULE_PATH="dummy"export PKCS11_PIN="dummy"# Increase this to 2048 if you# are paranoid. This will slow# down TLS negotiation performance# as well as the one-time DH parms# generation process.export KEY_SIZE=2048# In how many days should the root CA key expire?export CA_EXPIRE=3650# In how many days should certificates expire?export KEY_EXPIRE=3650# These are the default values for fields# which will be placed in the certificate.# Don't leave any of these fields blank.export KEY_COUNTRY="US"export KEY_PROVINCE="CA"export KEY_CITY="SanFrancisco"export KEY_ORG="Fort-Funston"export KEY_EMAIL="me@myhost.mydomain"export KEY_OU="MyOrganizationalUnit"# X509 Subject Fieldexport KEY_NAME="EasyRSA"# PKCS11 Smart Card# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"# export PKCS11_PIN=1234# If you'd like to sign all keys with the same Common Name, uncomment the KEY_C$# You will also need to make sure your OpenVPN server config has the duplicate-$# export KEY_CN="CommonName"Line 14 is the only one I've modified.
Update #2
Thanks to sim, I was able to move past this initial problem, but now when I try to issue the ./clean-all command, I'm told to source the vars file even though I've already done that.
pi@cympi:/etc/openvpn/easy-rsa $ source ./varsNOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy- rsa/keyspi@cympi:/etc/openvpn/easy-rsa $ sudo ./clean-allPlease source the vars script first (i.e. "source ./vars")Make sure you have edited it to reflect your configuration.I've gone 'round and 'round a couple times but I can't seem to get past this point.