0

I am trying to setup a network using openVPN
When my file structure looks like this it works fine:

/etc/openvpn
    /client
        client-01.conf
        client-01.key
        client-01.crt
        ca.crt

systemctl start openvpn-client@client-01

But I want to have access to 2 different networks with separate ca.cert files, so I changed the structure to following:

/etc/openvpn
    /client
        /intranet.example.com
            client-01.conf
            client-01.key
            client-01.crt
            ca.crt
        /intranet.foo.com
            ...

systemctl start openvpn-client@intranet.example.com/client-01

When trying to start openvpn it freezes doing nothing.
When trying to enable it using
systemctl enable openvpn-client@intranet.example.com/client-01
I get error:
Failed to enable unit: File openvpn-client@intranet.example.com/client-01: Invalid argument

Is it possible to use openvpn from within a subfolder using systemd?

HubertNNN
  • 111
  • 1

1 Answers1

1

In the definition of systemd service there is the path where to find it. In theory you can change it in the description / definition of the service.

Anyway it is not really needed I think. You have request these structure:

/etc/openvpn
 /client
  /intranet.example.com
   client-01.conf
   client-01.key
   client-01.crt
   ca.crt
  /intranet.foo.com
   ...

What limit you from using these structure (this is how is openvpn-client designed):

/etc/openvpn
 /client
  intranet.example.com.conf
  intranet.example.com.key
  intranet.example.com.crt
  intranet.example.com-ca.crt
  intranet.foo.com.conf
  intranet.foo.com.key
  intranet.foo.com.crt
  intranet.foo.com-ca.crt
   ...

and related services:

openvpn-client@intranet.example.com
openvpn-client@intranet.foo.com

The important part is behind @ and this part point to /etc/openvpn/client/<id>.conf (in case of openvpn-client@id). Other related file names are depending only on the content of config file (which files you are mentioning / linking ).

So as example.

openvpn-client@id => /etc/openvpn/client/id.conf

/etc/openvpn/client/id.conf :

...
ca shared-ca.pem
key private.key
cert public.crt
...

The structure would be:

/etc/openvpn/client
  id.conf
  shared-ca.pem
  private.key
  public.crt
Kamil J
  • 1,632
  • 1
  • 5
  • 10