[Solved] OpenVPN - Create OVPN file for the second user

Hi everyone,

I followed the OpenVPN guide, last edited by @vgaetera. This is the link to the documentation https://openwrt.org/docs/guide-user/services/vpn/openvpn/basic. The OpenVPN server is running without an issue.
I have also followed the below guide to generate the key file for the second user (https://openwrt.org/docs/guide-user/services/vpn/openvpn/extra) but I have no idea how to export the ovpn file. Could you assist me with that.

Thank you!

1 Like

What do you mean with "export"?
Based on that documentation you would have created a key/cert for each user. You then would need to create OVPN config file for the respective users and copy that conf and the key/cert on the client machine.

1 Like

The guide provided a script, I have no idea how to seperate it for my usage:

# Configuration parameters
OVPN_DH="$(cat ${OVPN_PKI}/dh.pem)"
OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"
OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"
# Configure VPN server and generate client profiles
umask go=
ls ${OVPN_PKI}/issued \
| sed -e "s/\.\w*$//" \
| while read -r OVPN_ID
OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"
OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"
OVPN_CERT_EXT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt -purpose)"
user nobody
group nogroup
dev ${OVPN_DEV}
port ${OVPN_PORT}
proto ${OVPN_PROTO}
server ${OVPN_POOL}
topology subnet
keepalive 10 60
push \"dhcp-option DNS ${OVPN_DNS}\"
push \"dhcp-option DOMAIN ${OVPN_DOMAIN}\"
push \"redirect-gateway def1\"
push \"persist-tun\"
push \"persist-key\"
dev ${OVPN_DEV%%[0-9]*}
remote-cert-tls server"
case ${OVPN_CERT_EXT} in
(*"SSL server : Yes"*) cat << EOF > ${OVPN_DIR}/${OVPN_ID}.conf ;;
(*"SSL client : Yes"*) cat << EOF > ${OVPN_DIR}/${OVPN_ID}.ovpn ;;
/etc/init.d/openvpn restart
ls ${OVPN_DIR}/*.ovpn

This is the script for generating the server.conf and client.ovpn.

easyrsa build-client-full client2

This is the script to generate the certificate for the client 2. How about the client2.ovpn, how do I get it?

Looks like you would need to call the script after you created the certificates for the client2 as it looks like that script creates for every OVPN_ID that is listed in issued a conf and ovpn file.
Those files would be in ${OVPN_DIR}/${OVPN_ID}.ovpn


Thanks a lot. It works.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

1 Like

The configs generated by the script include key/certs, so there's typically no need to manage them separately, as most clients support inline notation or can import key/certs from the config.

1 Like

Yeah, I first only had looked at the second link he had sent. The script in his first link is truly comprehensive and create a file will all information.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.