Moving server config and keys to new install

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
bigAlNZ
OpenVpn Newbie
Posts: 8
Joined: Sun Nov 22, 2020 12:44 am

Moving server config and keys to new install

Post by bigAlNZ » Mon Sep 27, 2021 12:17 am

I have had OpenVPN running nicely on Ubuntu 20.04 but for reasons unrelated to OpenVPN this server now wont boot.

I can get the data off the server, and I want to move it to a new installation.

Is this possible and what would the steps be?

I assume reinstall openvpn and copy the server.conf and keys back to same locations as previously.

Is there a step in there somewhere for installing the keys or certs?

Thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Moving server config and keys to new install

Post by TinCanTech » Mon Sep 27, 2021 12:27 am

bigAlNZ wrote:
Mon Sep 27, 2021 12:17 am
for reasons unrelated to OpenVPN this server now wont boot
for reasons unrelated to OpenVPN .. :?:


Take a backup and then low level format it.

bigAlNZ
OpenVpn Newbie
Posts: 8
Joined: Sun Nov 22, 2020 12:44 am

Re: Moving server config and keys to new install

Post by bigAlNZ » Mon Sep 27, 2021 3:11 am

It's not booting. So I will copy the files from etc/OpenVPN and back those files up

But the question is what steps are required beyond just copying then back to where they came from.

cwjs
OpenVpn Newbie
Posts: 5
Joined: Mon May 09, 2022 1:36 pm

Re: Moving server config and keys to new install

Post by cwjs » Mon May 09, 2022 1:40 pm

Did you ever find the answer to this ?, I want to move my openvpn server installation from my ubuntu 18 to a new ubuntu 20

cwjs
OpenVpn Newbie
Posts: 5
Joined: Mon May 09, 2022 1:36 pm

Re: Moving server config and keys to new install

Post by cwjs » Fri May 13, 2022 12:04 pm

I have installed openvpn on my new server, I have copied the ufw firewall files, the /etc/openvpn folders and files, the client-configs and openvpn-ca folders and files.

when I try to start open vpn I get an fail when I run status I get
openvpn@mserver.service - OpenVPN connection to mserver
Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor pre>
Active: activating (auto-restart) (Result: exit-code) since Fri 2022-05-13>
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 6030 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --stat>
Main PID: 6030 (code=exited, status=1/FAILURE)

May 13 11:45:04 server systemd[1]: Failed to start OpenVPN con>

I have looked at the manual pages but I dont understand what I am missing.
Can anyone hlep please

cwjs
OpenVpn Newbie
Posts: 5
Joined: Mon May 09, 2022 1:36 pm

Re: Moving server config and keys to new install

Post by cwjs » Fri May 13, 2022 12:41 pm

I am moving from version Version: 2.3.10-1ubuntu2.1
to version 2.4.7-1ubuntu2.20.04.4

cwjs
OpenVpn Newbie
Posts: 5
Joined: Mon May 09, 2022 1:36 pm

Re: Moving server config and keys to new install

Post by cwjs » Fri May 13, 2022 1:01 pm

OK I have sorted it !! I copied the old server /usr/share/easy-rsa to the new one.
the openvpn now starts and status says it is active

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Moving server config and keys to new install

Post by openvpn_inc » Sat May 14, 2022 9:02 pm

cwjs wrote:
Fri May 13, 2022 1:01 pm
OK I have sorted it !! I copied the old server /usr/share/easy-rsa to the new one.
the openvpn now starts and status says it is active
Hi cwjs,

It was never required nor even recommended to have your CA PKI files on the server machine. If that worked you misconfigured the server.

Your easy-rsa files should be on a non-VPN connected physical machine, owned by a non-privileged user, and not referenced in the server's config.

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Moving server config and keys to new install

Post by TinCanTech » Sat May 14, 2022 9:10 pm

openvpn_inc wrote:
Sat May 14, 2022 9:02 pm
Your easy-rsa files should be on a non-VPN connected physical machine, owned by a non-privileged user, and not referenced in the server's config.
The only serious risk is disclosure of the CA private key. :mrgreen:

Post Reply