EASY-RAS on windows?

Support forum for Easy-RSA certificate management suite.
Post Reply
CocodaMonkey
OpenVpn Newbie
Posts: 8
Joined: Wed Dec 14, 2016 4:55 pm

EASY-RAS on windows?

Post by CocodaMonkey » Wed Dec 14, 2016 5:06 pm

I can't seem to find any topics on this but that's not surprising since you can't search the words easy or rsa on the forums. I'm just wondering if Easy-RSA is still recommended for Windows users? I know the current release is missing windows binaries and I can make it work by using the binaries in the release candidate but is this a good idea? It looks like easyrsa has had issues with it's windows release for about a year now and I just want to make sure it's still the recommended way to do things on a windows PC.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3004
Joined: Fri Jun 03, 2016 1:17 pm

Re: EASY-RAS on windows?

Post by TinCanTech » Wed Dec 14, 2016 5:47 pm

CocodaMonkey wrote:I can't seem to find any topics on this but that's not surprising since you can't search the words easy or rsa on the forum
You must be the only person on the internet, who has not heard of google ..

CocodaMonkey
OpenVpn Newbie
Posts: 8
Joined: Wed Dec 14, 2016 4:55 pm

Re: EASY-RAS on windows?

Post by CocodaMonkey » Wed Dec 14, 2016 6:14 pm

I tried google and get links to lots of removed topics in this forum that can no longer be read. I didn't find any current topics about it. I'm actually a little surprised as all the documentation says to use easy-ras but it's been broken for over a year so I thought there'd be a note somewhere saying to either just use an old version or that they now recommend something else. I'm really just looking for an answer on which way is recommended.

I actually used archive.org to read some of the removed topics like the original 3.0.0 announcement thread but that didn't help answer the question, it just confirmed it was a known issue at launch.

CocodaMonkey
OpenVpn Newbie
Posts: 8
Joined: Wed Dec 14, 2016 4:55 pm

Re: EASY-RAS on windows?

Post by CocodaMonkey » Wed Dec 14, 2016 6:43 pm

I just want to clarify, I found plenty of topics about it being broken and people being upset and saying they were using the old version. The only part I couldn't find an answer to is what is the recommended solution. When I'm doing something secure I don't want to just use old software because it works. New software usually comes out for a reason and I don't want to use something with known issues.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3004
Joined: Fri Jun 03, 2016 1:17 pm

Re: EASY-RAS on windows?

Post by TinCanTech » Wed Dec 14, 2016 6:51 pm

When you install openvpn on windows, ensure that you select the options for easyrsa..

CocodaMonkey
OpenVpn Newbie
Posts: 8
Joined: Wed Dec 14, 2016 4:55 pm

Re: EASY-RAS on windows?

Post by CocodaMonkey » Wed Dec 14, 2016 7:38 pm

That's not an option in openvpn, easy-rsa was removed back in 2013 with the release of 2.3.x, it's noted in the documentation that you have to get easy-rsa yourself if you want it now. Which also helps lead me to believe it might not be the recommended program to be using anymore but it's not clear.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3004
Joined: Fri Jun 03, 2016 1:17 pm

Re: EASY-RAS on windows?

Post by TinCanTech » Wed Dec 14, 2016 8:09 pm

CocodaMonkey wrote:it's not clear
Image


It is clear enough :twisted:

Clewin
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 08, 2017 3:09 am

Re: EASY-RSA on windows?

Post by Clewin » Tue Aug 08, 2017 3:46 am

EasyRSA 3 doesn't seem to be shipping with a Windows shell anymore and it seems the one they were using is tied into a package (I couldn't figure out how to extract them without downloading the CD image and that was too slow - 56kbps). A much faster way I used was to download EasyRSA-3.0.1 (https://github.com/OpenVPN/easy-rsa/releases) and then shell.w32-ix86.zip (a bash shell from sourceforge) and mktemp.exe from mktemp.org and toss all the executables into the EasyRSA-3.0.1 bin directory.

Copy vars.sample to vars and edit it for your system. You can probably use relative paths to where you run the executable, but I used paths like C:\\EasyRSA-3.0.1 in vars, I'm fairly sure.

Type cmd into the search bar in Windows and right click the icon for it and Run as Administrator. cd into the EasyRSA-3.0.1 directory and run EasyRSA-Start.bat

From here follow the README.quickstart.html and run the commands needed to generate your client and server files (./easyrsa command params). I did not use the default names so I had to update the client and server ovpn files to use my machine names rather than the defaults. I had some weird failures here a couple of times, but rerunning the script worked on the next try. Didn't seem to like the typed yes and would sometimes barf on an awk (but it worked when I tried again...).

Hope that helps~ incidentally I had a personal emergency on my main server and can't afford to replace it right now, but normally I'd run this kind of thing on Linux

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3004
Joined: Fri Jun 03, 2016 1:17 pm

Re: EASY-RAS on windows?

Post by TinCanTech » Tue Aug 08, 2017 1:37 pm

Easy-RSA For Windows:
  • EasyRSA 2.2.2 is packaged with the Windows OpenVPN Installers.
    It works but the default location (C:\Program Files\Openvpn\easy-rsa) is protected by Windows,
    so copy that directory to your personal directory and work on it from there.
  • EasyRSA-3.0.1 does not come with the required Windows binaries.
    If you want to take that up with the current maintainer then do so.
  • EasyRSA-3.0.0-rc2 does come with the required Windows binaries.
    You can use the binaries included there with Easy-RSA-3.0.1

Post Reply