Page 1 of 1
Moving server config and keys to new install
Posted: Mon Sep 27, 2021 12:17 am
by bigAlNZ
I have had OpenVPN running nicely on Ubuntu 20.04 but for reasons unrelated to OpenVPN this server now wont boot.
I can get the data off the server, and I want to move it to a new installation.
Is this possible and what would the steps be?
I assume reinstall openvpn and copy the server.conf and keys back to same locations as previously.
Is there a step in there somewhere for installing the keys or certs?
Thanks
Re: Moving server config and keys to new install
Posted: Mon Sep 27, 2021 12:27 am
by TinCanTech
bigAlNZ wrote: ↑Mon Sep 27, 2021 12:17 am
for reasons unrelated to OpenVPN this server now wont boot
for reasons unrelated to OpenVPN ..
Take a backup and then
low level format it.
Re: Moving server config and keys to new install
Posted: Mon Sep 27, 2021 3:11 am
by bigAlNZ
It's not booting. So I will copy the files from etc/OpenVPN and back those files up
But the question is what steps are required beyond just copying then back to where they came from.
Re: Moving server config and keys to new install
Posted: Mon May 09, 2022 1:40 pm
by cwjs
Did you ever find the answer to this ?, I want to move my openvpn server installation from my ubuntu 18 to a new ubuntu 20
Re: Moving server config and keys to new install
Posted: Fri May 13, 2022 12:04 pm
by cwjs
I have installed openvpn on my new server, I have copied the ufw firewall files, the /etc/openvpn folders and files, the client-configs and openvpn-ca folders and files.
when I try to start open vpn I get an fail when I run status I get
●
openvpn@mserver.service - OpenVPN connection to mserver
Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor pre>
Active: activating (auto-restart) (Result: exit-code) since Fri 2022-05-13>
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 6030 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --stat>
Main PID: 6030 (code=exited, status=1/FAILURE)
May 13 11:45:04 server systemd[1]: Failed to start OpenVPN con>
I have looked at the manual pages but I dont understand what I am missing.
Can anyone hlep please
Re: Moving server config and keys to new install
Posted: Fri May 13, 2022 12:41 pm
by cwjs
I am moving from version Version: 2.3.10-1ubuntu2.1
to version 2.4.7-1ubuntu2.20.04.4
Re: Moving server config and keys to new install
Posted: Fri May 13, 2022 1:01 pm
by cwjs
OK I have sorted it !! I copied the old server /usr/share/easy-rsa to the new one.
the openvpn now starts and status says it is active
Re: Moving server config and keys to new install
Posted: Sat May 14, 2022 9:02 pm
by openvpn_inc
cwjs wrote: ↑Fri May 13, 2022 1:01 pm
OK I have sorted it !! I copied the old server /usr/share/easy-rsa to the new one.
the openvpn now starts and status says it is active
Hi cwjs,
It was never required nor even recommended to have your CA PKI files on the server machine. If that worked you misconfigured the server.
Your easy-rsa files should be on a non-VPN connected physical machine, owned by a non-privileged user, and not referenced in the server's config.
regards, rob0
Re: Moving server config and keys to new install
Posted: Sat May 14, 2022 9:10 pm
by TinCanTech
openvpn_inc wrote: ↑Sat May 14, 2022 9:02 pm
Your easy-rsa files should be on a non-VPN connected physical machine, owned by a non-privileged user, and not referenced in the server's config.
The only
serious risk is disclosure of the CA private key.
