Migrating an existing OpenVPN server into ebox

[Ph0N37Ic5]

Hi, I have an existing openvpn server running, with multiple clients roaming worldwide. I wish to migrate the existing vpn server to a gateway with ebox on it.

It seems to me that there is no easy way to import existing CA's and certificates into ebox, (I'm happy to do it in some complex manner, if someone would give me some pointers.)

[solved]Also it seems that even if I have the openvpn server running on the computer, ebox refuses to recognize tun0 as an interface. If it could be used as a regular interface I would be content with not being able to control openvpn from ebox.[/solved]

So this is what I ask for:
Either some information on how I can import my existing OpenVPN server into ebox,
[solved]Or some information on how I can get ebox to treat tun0 as a regular interface when it comes to routing and firewall.[/solved]

Solution 2: I had a slight misconfiguration in the netmask for the vpn.

Any help would be appreciated.

[sixstone]

You may import existing CA by copying your CA to this directory /var/lib/ebox/conf/CA. eBox uses openssl ca command to create the CA structure. If you have used the same tool, you would probably have the configuration stored correctly. Once you have imported correctly the certificates, I think replicate the same VPN configuration should be easy .

[Ph0N37Ic5]

Hmm, I think that should be /var/lib/ebox/CA, but it doesn't help me all that much, my keys are generated with easy-rsa, so the structure is somewhat different. Any good ideas about how to change the structure to become the right one?

[sixstone]

Yes, you're right my failure . The directory and file structure should be as following in /var/lib/ebox/CA:

• There must be an index.txt with the following structure:

Code: [Select]

State\tExpiryDate\tSerialNo\tunknown\tDN <---- This line MUST NOT be included
V\t100712163251Z\ŧ5AB399FFCE636232\tunknown\t/C=US/ST=Nation/L=Nowhere/O=my org/CN=Certification Authority Certificate
The expiry date is in this format:

Code: [Select]

/([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z/

, that is, yymmddhhmmssZ. yy = Expiration year - 2000.

• The private keys must be in private subdirectory and their names must match with the certificate common name. CA private key: cakey.pem
• The public keys must be in keys subdirectory and their names must match with the certificate common name. CA public key: capubkey.pem
• The certificates must be in certs subdirectory and their names must match with the certificate serial number. CA cert: cacert.pem in CA root directory

This this information, the CA may list the certificates and expose to the OpenVPN module.