Hello,
why didn’t change the CA so I think that these environment variables
ROOT_CA
DEVICE_CONFIG_OPENVPN_CA
VPN_OPENVPN_CA_CRT
should be the same
I’ve encoded VPN_OPENVPN_SERVER_KEY and VPN_OPENVPN_SERVER_CRT with these commands:
echo "$(cat ./vpn/private/vpn.<server-domain>.key)" | base64 --wrap=0 2>/dev/nul
echo "$(cat ./vpn/issued/vpn.<server-domain>.crt)" | base64 --wrap=0 2>/dev/nul
is it the correct way to do it?
At the moment curl https://api.<my.domain>/ping doesn’t work and the output of journalctl -u openvpn is:
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
TCP/UDP: Preserving recently used remote address: [AF_INET]<myserverip>:443
Socket Buffers: R=[87380->87380] S=[16384->16384]
Attempting to establish TCP connection with [AF_INET]<myserverip>:443 [nonblock]
TCP connection established with [AF_INET]<myserverip>:443
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]<myserverip>.56:443
Connection reset, restarting [0]
SIGUSR1[soft,connection-reset] received, process restarting
Restart pause, 120 second(s)
In this thread (VPN Certs seems to be expired - #10 by wolf_karl) they suggest to re run the quickstart script somewhere else and then copy all the new certs, do you think it would work?
Do you think that slowly upgrading the open-balena version to a more recent one would help?
Thanks again for the help, if you’re coming to Milan a beer is on me! 