-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Also,
Sent with Proton Mail secure email.
------- Original Message -------
On Wednesday, March 8th, 2023 at 16:35, tincantech via Openvpn-users
<openvpn-users@lists.sourceforge.net> wrote:
>
>
>
>
>
> Sent with Proton Mail secure email.
>
>
> ------- Original Message -------
> On Wednesday, March 8th, 2023 at 14:30, Bo Berglund bo.bergl...@gmail.com
> wrote:
>
>
>
> > On Wed, 08 Mar 2023 01:45:40 +0000, tincantech via Openvpn-users
> > openvpn-users@lists.sourceforge.net wrote:
> >
> > > Appears to be correct.
> >
> > So now I have finally attacked the existing easy-rsa dir by doing this:
> >
> > 1) Copied the whole dir to easyrsa3 and renamed the source dir to easyrsa2
> >
> > 2) Removed some old script files I had written and are no longer useful.
> >
> > 3) Copied in the easyrsa3 files retrieved via svn as described earlier
> > and then moved the easyrsa script to ~/bin/ so as to put it on path.
> >
> > 4) Failed to edit the vars file! <== ! see below
> >
> > 5) Ran the command: EASYRSA_TEMP_DIR="$PWD" VERBOSE=1 easyrsa upgrade pki
> >
> > This failed luckily with these messages:
> >
> > cp: cannot stat '/home/bosse/openvpn/easy-rsa/keys/index.txt': No such file
> > or
> > directory
> >
> > and
> >
> > ERROR: Failed to copy /home/bosse/openvpn/easy-rsa/keys/index.txt to
> > /home/bosse/openvpn/easyrsa3/pki
> >
> > Turns out that in the vars file was a directive:
> > export EASY_RSA="/home/bosse/openvpn/easy-rsa"
> >
> > Which in this case after renaming easy-rsa to easyrsa2 was nowhere to be
> > found.
> > If this rename had not been the case then I guess easyrsa would have
> > operated on
> > the original v2 dir rather than the copy to be upgraded to v3.
> >
> > After I changed the export to the new dir the conversion went smoothly and
> > clients with and without passwords created in the new dir could connect
> > fine.
> >
> > So if a migration to version 3 is done on a copy of the version2 dir then it
> > is important to edit the vars file in that dir to point it to the new dir.
> >
> > Using this instead would probably be better:
> >
> > export EASY_RSA="$PWD"
>
>
> EasyRSA v3 does not use (and should not allow) 'export foo=bar'.
>
> There is a line in 'vars' which is:
> #set_var EASYRSA "${0%/*}"
>
> and should remain that way, unless you know what you are doing.
>
> The script assigns EASYRSA internally, if this remains unset in 'vars'.
>
> How 'export' got into your 'vars' file, I cannot say.
>
EASY_RSA is not a variable in use by v3.
Even so, v3 should now allow use of 'export', regardless of circumstances:
https://github.com/OpenVPN/easy-rsa/issues/909
This is a change we made to your v2 vars file, I believe,
to point to your copy keys file..
Regards
R
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsBzBAEBCAAnBQJkCMW7CRBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr
kLidAACzAAf8DqFiZ9ZmzUA5yHWhE25OyGbBaC4xcKYkeFv/4XrXey8yOvjc
Y9cNJ5fvCldw7EhbDDGUlbXTQKyWEwtZ4Lvel24R2gotcExxThhfN4Ub/Yd0
Kx4akcyoB+oZ46w8ds/zHIYIj1WG0hxIZcWKXAwE8UldL1mNnwSO4HMnldAp
Jzd/O+hhYFtwavvtOhfBvhm33PGbYlxuMZ85MSCd4SwHVPedMHDaAOu1Z6ju
NMkUSEaBpfTYa7a7uWlOQWbgE1wHBwuxREkSKen2QkF/qYvPGgDhtNXAxYDx
+e0FMJrCdxl47oVxeEHAoxS6/3vEs+H0h/YDx/kGTTBOuiesnxzzsQ==
=GtOc
-----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
