Amazon AWS – Installing OpenVPN on Amazon AMI

amazon ec2openvpnyum

I'm trying to set up OpenVPN on AmazonAWS. I'm pretty new to Linux so I followed a tutorial. I ran yum -y install openvpn
and I received a message saying it was successfully installed. The next step was to copy the files in /usr/share/openvpn/easy-rsa/2.0/ to /etc/openvpn/easy-rsa/.

Much to my surprise, the /usr/share/openvpn/easy-rsa/ directory was empty. I tried to uninstall and reinstall OpenVPN and the result was the same.

I tried to install easy-rsa separately, but I didn't find it in the yum package list. Can anyone help me install OpenVPN?

Best Answer

Do this command to track those files down when an RPM is installed:

$ rpm -ql openvpn

and see where those files might actually be. For packages that haven't been installed yet you can query the yum repository using the command repoquery:

$ repoquery -l openvpn

Different distros put files in different locations.

Though on my Fedora system the contents of openvpn show the following when I grep for "easy-rsa/2.0":

$ repoquery -l openvpn | grep -i "easy-rsa/2.0"
/usr/share/openvpn/easy-rsa/2.0
/usr/share/openvpn/easy-rsa/2.0/Makefile
/usr/share/openvpn/easy-rsa/2.0/README
/usr/share/openvpn/easy-rsa/2.0/build-ca
/usr/share/openvpn/easy-rsa/2.0/build-dh
/usr/share/openvpn/easy-rsa/2.0/build-inter
/usr/share/openvpn/easy-rsa/2.0/build-key
/usr/share/openvpn/easy-rsa/2.0/build-key-pass
/usr/share/openvpn/easy-rsa/2.0/build-key-pkcs12
/usr/share/openvpn/easy-rsa/2.0/build-key-server
/usr/share/openvpn/easy-rsa/2.0/build-req
/usr/share/openvpn/easy-rsa/2.0/build-req-pass
/usr/share/openvpn/easy-rsa/2.0/clean-all
/usr/share/openvpn/easy-rsa/2.0/inherit-inter
/usr/share/openvpn/easy-rsa/2.0/list-crl
/usr/share/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf
/usr/share/openvpn/easy-rsa/2.0/openssl.cnf
/usr/share/openvpn/easy-rsa/2.0/pkitool
/usr/share/openvpn/easy-rsa/2.0/revoke-full
/usr/share/openvpn/easy-rsa/2.0/sign-req
/usr/share/openvpn/easy-rsa/2.0/vars
/usr/share/openvpn/easy-rsa/2.0/whichopensslcnf

So where are your files?

The next thing to consider when installing software is where are the packages coming from. Are they official? A 3rd party repository? You can check with this command:

$ repoquery -i openvpn | grep Repo
Repository  : fedora

So this is an official package on my system, and it contains the directories you're asking about.

An alternative

The Linux AMI distros that AmazonWS uses are custom versions of CentOS. It probably makes more sense to either install a fullblown version of CentOS or Ubuntu and install the packages using that distro's normal packages vs. these modified ones that Amazon appears to be offering.

Related Solutions

Centos – Initialization Sequence Completed, but terminal wont give a prompt

Try starting the client with the --daemon option:

openvpn --daemon

From openvpn's man page:

--daemon [progname]
  Become a daemon after all initialization functions are completed

To interact with openvpn once it is a daemon, add the --management option to the command. This allows you to interact with it using telnet as described here.

Alternatively, open another terminal and just use that. This way, you can exit the running openvpn by pressing Ctl C in the original terminal.

If the client is a desktop system that uses Network Manager, then use the OpenVPN plugin to control it from there - no terminal needed.

How to install OpenVPN client on RHEL 7.3

Remove epel-6 repo

yum remove epel-release

Enable epel-7 repo:

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.‌noarch.rpm
rpm -ivh epel-release-latest-7.‌noarch.rpm

wget https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
rpm -ivh epel-release-7-9.noarch.rpm

edit the /etc/yum.repos.d/epel.repo file and make sure you have enabled=1

or run yum-config-manager --enable epel

then install openvpn:

yum update
yum install openvpn easy-rsa