Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EasyRSA Environment Settings do not apply #627

Closed
maxswjeon opened this issue Dec 26, 2020 · 4 comments
Closed

EasyRSA Environment Settings do not apply #627

maxswjeon opened this issue Dec 26, 2020 · 4 comments

Comments

@maxswjeon
Copy link

Reading and Following docker-compose documentation, I found that easyrsa is not taking environment variables that I have set.

Doing some search, there was some issues with easyrsa ( OpenVPN/easyrsa#111 ) and it was fixed at the latest revision of easyrsa.

Bypassing the bug

  1. Copy the latest easyrsa binary and the vars.example file to OpenVPN config folder (where host volumes are attached)
  2. Rename vars.example file to var, and edit it for your style
  3. Set EASYRSA_VARS_FILE to vars file.
    Remember : EASYRSA_VARS_FILE will be read in docker container, so set the file path in docker side
    I ran export EASYRSA_VARS_FILE=/etc/openssl/vars since the vars file was at the root of the config folder (data/conf/vars on the host side)
  4. Follow the documentation until ovpn_genconfig part
  5. Refering to docker-openvpn/ovpn_initpki, run these commands with docker-compose run --rm openvpn {COMMAND}
    • /etc/openvpn/easyrsa init-pki
    • /etc/openvpn/easyrsa build-ca
    • /etc/openvpn/easyrsa gen-dh
    • openvpn --genkey --secret /etc/openvpn/pki/ta.key
    • /etc/openvpn/easyrsa build-server-full "{THE_URL_THAT_YOU_USED_ON_OVPN_GENCONFIG}" nopass
    • /etc/openvpn/easyrsa gen-crl
  6. Remove easyrsa files
  7. Start OpenVPN docker container with docker-compose up -d
  8. Follow the documentation to generate client keys

Fixing the bug

I'm nearly first to docker so I don't know how to fix it correctly. However, these were essential for fixing the bug.

  1. Update easyrsa binary to the last version
  2. Writeable vars file for easyrsa
@maxswjeon maxswjeon changed the title EasyRSA Environment Settings does not apply EasyRSA Environment Settings do not apply Dec 26, 2020
@kylemanna
Copy link
Owner

I'm unaware of any bugs after #620

Can you explain precisely what things failed when passed by environment. All environment variables can be overridden by docker.

@maxswjeon
Copy link
Author

I passed EASYRSA_ALGO=ec and EASYRSA_CURVE=secp521r1 Environment Variable, and checked with docker-compose run --rm openvpn echo $EASYRSA_ALGO. ovpn_initpki did not apply the environment variables and generated RSA 2048 CA (expected ECDSA CA).

@kylemanna
Copy link
Owner

If you ran that command as passed then the shell variable was expanded by your local shell and is most likely empty. Try again but escape the variable so it's interpreted in the docker container.

Test with plain old docker since it docker-compose doesn't really matter here:

$ docker run --rm -e 'EASYRSA_ALGO=test1' -it kylemanna/openvpn sh -c 'echo $EASYRSA_ALGO'
test1
$ docker run --rm -e 'EASYRSA_ALGO=test1' -it kylemanna/openvpn echo $EASYRSA_ALGO

I'd recommend running export instead of echo so that you can see the entire environment and more easily find typos:

$ docker run --rm -e 'EASYRSA_ALGO=test1' -it kylemanna/openvpn env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ad5bad7d653f
TERM=xterm
EASYRSA_ALGO=test1
OPENVPN=/etc/openvpn
EASYRSA=/usr/share/easy-rsa
EASYRSA_CRL_DAYS=3650
EASYRSA_PKI=/etc/openvpn/pki
HOME=/root

@maxswjeon
Copy link
Author

Thanks. My mistake.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kylemanna @maxswjeon