I backup the OpenVPN Access Server and restore it on another instance using the manual below https://openvpn.net/vpn-server-resource ... d-backups/, script looks like below
Code: Select all
#!/bin/bash
set -e
ENV=prod
IP=10.10.10.10
CLUSTER_MODE=`/usr/local/openvpn_as/scripts/sacli ConfigQuery | grep cluster.mode | awk -F \" '{print $4}'`
SERVER_NAME=`/usr/bin/hostname -f | awk -F \- '{print $3}'`
TMP="/tmp/vpnas-backup"
# Script will only restore configuration if this will be a new server, new server always have cluster_mode = false
if [[ $CLUSTER_MODE != "true" ]]; then
# Fetch backup from S3
echo "Synching files from S3"
mkdir -p $TMP
HOME=/root/ /usr/local/bin/aws s3 sync s3://vpnas-backup-${ENV}/${SERVER_NAME} $TMP || exit 1
cd $TMP
# Figure out backup dir (get most recent)
cd $(ls -r | head -n1)
# stop service, restore backup, start service
service openvpnas stop
[ -e ./config_local.db.bak ] && rm /usr/local/openvpn_as/etc/db/config_local.db ; sqlite3 < ./config_local.db.bak /usr/local/openvpn_as/etc/db/config_local.db
[ -e ./log.db.bak ] && rm /usr/local/openvpn_as/etc/db/log.db ; sqlite3 < ./log.db.bak /usr/local/openvpn_as/etc/db/log.db
[ -e ./as.conf.bak ] && cp ./as.conf.bak /usr/local/openvpn_as/etc/as.conf
cp -r ./ssl-api /usr/local/openvpn_as/etc/
chmod 600 /usr/local/openvpn_as/etc/ssl-api/*
chmod 644 /usr/local/openvpn_as/etc/ssl-api/ca.crt
service openvpnas start
sleep 5
# update server configuration with the new server ip
/usr/local/openvpn_as/scripts/sacli --key "ssl_api.client_addr" --value "$IP" ConfigPut
/usr/local/openvpn_as/scripts/confdba --cluster -m --prof="prod-openvpn-$SERVER_NAME" --key="sacli_ip" --value="$IP"
/usr/local/openvpn_as/scripts/sacli start
fi
Code: Select all
Unable to reach this node
Reason: <Fault 9000: "Server Agent AuthProxy error: only peer UIDs from the following set are allowed: ['root', 'openvpn_as']">