I've my OpenVPN Cloud configured and fully functional with a Network (in Azure) receiving network requests according to the DNS that I've set in its configurations. So far so good. I've deployed an RHEL 8.4 as the connector in Azure with NAT forwarding enable and all necessary steps to make it functional.
As I only have one connector in this Network we have decided to deploy a second connector for HA. Yet I'm stuck on the installation of the connector. The script provided by OpenVPN for RHEL 8 considers that you have an active subscription with Red Hat, which is not the case when you have a PAYG (On-Demand) license with Azure.
Whenever you have an instance in PAYG mode, customers should not register these images with Red Hat Subscription Management (RHSM). On-demand clients receive updates from the cloud provider via the Red Hat Update Infrastructure (RHUI) and not Red Hat directly, which makes script misbehave.
Before I add the script provided by OpenVPN, allow me to provide information on my repos and system.
Code: Select all
Linux VMLinuxToolsHA 4.18.0-305.17.1.el8_4.x86_64
NAME="Red Hat Enterprise Linux"
VERSION="8.4 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.4"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.4 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8.4:GA"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.4
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.4"
Red Hat Enterprise Linux release 8.4 (Ootpa)
Red Hat Enterprise Linux release 8.4 (Ootpa)
Repositories configured:
copr:copr.fedorainfracloud.org:dsommers:openvpn3 Copr repo for openvpn3 owned by dsommers
epel Extra Packages for Enterprise Linux 8 - x86_64
epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64
microsoft-azure-rhel8-eus Microsoft Azure RPMs for RHEL8 Extended Update Support
packages-microsoft-com-prod packages-microsoft-com-prod
rhel-8-for-x86_64-appstream-eus-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream - Extended Update Support from RHUI (RPMs)
rhel-8-for-x86_64-baseos-eus-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Extended Update Support from RHUI (RPMs)
As we can see in the script it follows basically the same steps of this procedure: https://openvpn.net/cloud-docs/openvpn- ... for-linux/
Code: Select all
#!/bin/bash
# Install dependencies
sudo yum localinstall https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
sudo yum install yum-plugin-copr
# Add the OpenVPN repository
sudo yum copr enable dsommers/openvpn3
# Install OpenVPN Connector setup tool
sudo yum install python3-openvpn-connector-setup
# Enable IP forwarding
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Configure NAT
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -j MASQUERADE
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv6 nat POSTROUTING 0 -j MASQUERADE
sudo firewall-cmd --permanent --direct --add-rule ipv6 filter FORWARD 0 -j ACCEPT
sudo systemctl restart firewalld
# Run openvpn-connector-setup to install ovpn profile and connect to VPN.
# You will be asked to enter setup token. You can get setup token from Linux
# Connector configuration page in OpenVPN Cloud Portal
sudo openvpn-connector-setup
As mentioned earlier, this is a Pay-as-you-go (aka On-Demand) RHEL license and those shouldn't register these images with Red Hat Subscription Management (RHSM). Therefore, the command snipped in the script to add the repository via the subscription manager doesn't work. Whenever I input this command the following output comes out
Code: Select all
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
This system has no repositories available through subscriptions.
Code: Select all
sudo yum install openvpn3-client
Last metadata expiration check: 3:21:21 ago on Fri 04 Mar 2022 06:03:48 PM UTC.
Error:
Problem: package openvpn3-client-17-2.beta1.el8.x86_64 requires openvpn3(x86-64) = 17-2.beta1.el8, but none of the providers can be installed
- package openvpn3-17-2.beta1.el8.x86_64 requires openvpn3-selinux >= 17-2.beta1.el8, but none of the providers can be installed
- conflicting requests
- nothing provides selinux-policy >= 3.14.3-80.el8 needed by openvpn3-selinux-17-2.beta1.el8.noarch
- nothing provides selinux-policy-base >= 3.14.3-80.el8 needed by openvpn3-selinux-17-2.beta1.el8.noarch
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
Code: Select all
Last metadata expiration check: 3:24:34 ago on Fri 04 Mar 2022 06:03:48 PM UTC.
Installed Packages
selinux-policy.noarch 3.14.3-67.el8_4.4 @rhel-8-for-x86_64-baseos-eus-rhui-rpms
I also have tried to add the codeready for RHUI found in this link of Amazon, but yet works out for me.
https://aws.amazon.com/premiumsupport/k ... able-epel/
Best,