Centos 8 VPN Instaltion
 

I apologize in the beginning if this information is found elsewhere, but being a newbie I can't find the How To's section.
Anyway, I am trying to install a VPN conncetion. I get as far as typing the following command # sudo ./openvpn-install.sh and go through the options IPv4 adress, Public IP4v address, protocol, port, DNS and client name.
I then get
groupadd: cannot open /etc/group
useradd: group 'openvpn' does not exist
error: %prein(openvpn-2.4.8-1.el8.x86_64) scriptlet failed, exit status 6

Error in PREIN scriptlet in rpm package openvpn
Verifying : openvpn-2.4.8-1.el8.x86_64 1/1

Failed:
openvpn-2.4.8-1.el8.x86_64

Error: Transaction failed
mv: cannot move '/root/EasyRSA-3.0.5/' to '/etc/openvpn/server/': No such file or directory
mv: cannot stat '/etc/openvpn/server/EasyRSA-3.0.5/': No such file or directory
chown: cannot access '/etc/openvpn/server/easy-rsa/': No such file or directory
./openvpn-install.sh: line 305: cd: /etc/openvpn/server/easy-rsa/: No such file or directory
./openvpn-install.sh: line 307: ./easyrsa: No such file or directory
./openvpn-install.sh: line 308: ./easyrsa: No such file or directory
./openvpn-install.sh: line 309: ./easyrsa: No such file or directory
./openvpn-install.sh: line 310: ./easyrsa: No such file or directory
./openvpn-install.sh: line 311: ./easyrsa: No such file or directory
cp: target '/etc/openvpn/server' is not a directory
chown: cannot access '/etc/openvpn/server/crl.pem': No such file or directory
./openvpn-install.sh: line 317: openvpn: command not found
./openvpn-install.sh: line 326: /etc/openvpn/server/dh.pem: No such file or directory
./openvpn-install.sh: line 340: /etc/openvpn/server/server.conf: No such file or directory
./openvpn-install.sh: line 341: /etc/openvpn/server/server.conf: No such file or directory
./openvpn-install.sh: line 354: /etc/openvpn/server/server.conf: No such file or directory
./openvpn-install.sh: line 382: /etc/openvpn/server/server.conf: No such file or directory
./openvpn-install.sh: line 384: /etc/openvpn/server/server.conf: No such file or directory

I've tried to look up errors for installation without finding anything to go on. I do see that the files and directories 'not found' are not there, but not sure how to create them, or what to put in them. I find the 'client name'.opvn file in /root/ with the following entries
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-crypt>
</tls-crypt>
I don't know where to go from here.
Thank you
PS I am working on this is my limited spare time, so my responses aren't quick.
Thanks again

There isn't one, as most pieces of software have a TON of other how-to guides elsewhere on the Internet. See the "Question Guidelines" link in my posting signature.
Installing something like openVPN needs root access...the fact that the groupadd won't work seems to indicate that you're not running the installation routine as root/sudo, as a first guess. There are, as mentioned, a LOT of how-to guides...putting "install openvpn centos 8" into Google pulls up this as the first hit:
https://computingforgeeks.com/instal...rhel-centos-8/

...a how-to guide, with complete steps. Note the uses of sudo in those instructions, because without root/elevated privileges, you won't be able to install things into system directories like /etc, and the steps will fail

Centos 8 VPN Instaltion
 

Thank you for your response.
I tried to install using as root
using

# sudo ./openvpn-install.sh
with the exact same results.

I was using the webpage link you supplied as my directions to install

What to do next?

Thanks

Find out why the script can't open /etc/group. For example, run it as sudo bash -x openvpn-install.sh.

"groupadd: cannot open /etc/group"

"useradd: group 'openvpn' does not exist"

This link ought to explain how Centos 8 adds group. https://linuxconfig.org/redhat-8-add-user-to-group

Normally an installer for an exact distribution should correctly follow the scripting to perform each line by line and expect a correct execution of each command.

Makes me wonder if the program you are trying to install is correct for your system.

Did you use this command?

sudo dnf install epel-release
sudo dnf install openvpn

https://www.howtoforge.com/tutorial/...pn-and-easyrsa

Centos 8 VPN Instaltion
 

Thanks to all who have posted.

I tried

sudo bash -x openvpn-install.sh

with the same result. So I manually made an entry in the /etc/group file for openvpn
as
"openvpn:x:13"

and saved the file.

This stopped the error of groupadd cannot open /etc/group

I then went through and manually created all the directories that I was getting an error on as "No such file or directory"

This fixed all those errors and when I ran

# sudo ./openvpn-install.sh

I got

Looks like OpenVPN is already installed.

What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option: 1

Tell me a name for the client certificate.
Client name: ****
./openvpn-install.sh: line 111: ./easyrsa: No such file or directory
sed: can't read /etc/openvpn/server/easy-rsa/pki/issued/****.crt: No such file or directory
cat: /etc/openvpn/server/easy-rsa/pki/private/****.key: No such file or directory

Client **** added, configuration is available at: /root/****.ovpn

So I at least have the VPN installed but I do not have a key or crt (I'm assuming certificate) for the client.

The file ***.ovpn reads

****
dev tun
proto udp
remote ***.***.***.*** 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
2074842b419bb5f8c38616e172cf1970
bcea199188d6780edde8a10b34aa4e61
c5f6108332a7ee78365ebe808c9937db
afd177417cec94322fa2416cac22cea9
746072bf800a9036ab4c02ce8fcc1eba
2915927b8123f781d086c34be0163943
37471bd852d5d0d0c787c42c266fd23f
73e37d937d7ba15626cd71485a8bba48
e271754d352721ee52e0f7c29d9230a9
60e4cab6fd9690c69a2ebc58724321e5
6efd3c4bb73c1408348bca5de4565340
c21921afc81c280644dc6773f322e0cd
25bfb05b67e84d5aa00ad96d1ff9a424
e8dab31692f4678ea55073fdfe10ed16
895e876c644b573b33431a2effceb159
3f6202cec3800d0b24d0fab1bf063dec
-----END OpenVPN Static key V1-----
</tls-crypt>

From my limited experience and knowledge it appears that the easyrsa component of the openvpn install file did not work. I (at least) now only need to get a key and crt for the clients I added. I haven't found any information that allows a complete explanation as to how to do this. Help is greatly apreciated.
Thanks

My hope was that you would get plenty of debugging messages that would help you understand why /etc/group could not be opened. I am puzzled that you didn't.

I think by now you have a partial installation. The installation script detects that something is installed and concludes it has nothing to do, but the easyrsa directory is missing, and perhaps more.

I would remove OpenVPN (perhaps by removing /etc/openvpn?) and start again. However, before running the installation script I would look into it and find out what happens around the groupadd command.

Another thought: I recently played with OpenVPN on Centos 7 and used a different installation method for EasyRSA.

Thank you for all the responses.
I found that I had an error in my pathway for easyrsa in that I have an extra directory of EasyRSA-3.0.5 which is why I had the errors of 'no such file or directory'.
I fixed the paths and have the server VPN working
# sudo systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/usr/lib/systemd/system/openvpn.service; disabled; vendor preset: disabled)
Active: active (exited) since Mon 2020-02-17 17:06:14 EST; 1 day 4h ago
Main PID: 24493 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 26213)
Memory: 0B
CGroup: /system.slice/openvpn.service

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

I was able to create a user and get its .ovpn file
I have now moved onto the client portion and have a windows 10 machine
as the client.
I donwloaded the openvpn windows client software and installed.
I was also able to get the opvn file onto the client and imported it to the client. When I go to connect I get an error

Client log

Tue Feb 18 21:56:25 2020 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Tue Feb 18 21:56:25 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Feb 18 21:56:25 2020 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Tue Feb 18 21:56:25 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Feb 18 21:56:25 2020 Need hold release from management interface, waiting...
Tue Feb 18 21:56:26 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'state on'
Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'log all on'
Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'echo all on'
Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'bytecount 5'
Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'hold off'
Tue Feb 18 21:56:26 2020 MANAGEMENT: CMD 'hold release'
Tue Feb 18 21:56:26 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Feb 18 21:56:26 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb 18 21:56:26 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Feb 18 21:56:26 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb 18 21:56:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]73.230.37.158:1194
Tue Feb 18 21:56:26 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Feb 18 21:56:26 2020 UDP link local: (not bound)
Tue Feb 18 21:56:26 2020 UDP link remote: [AF_INET]73.230.37.158:1194
Tue Feb 18 21:56:26 2020 MANAGEMENT: >STATE:1582080986,WAIT,,,,,,
Tue Feb 18 21:57:26 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Feb 18 21:57:26 2020 TLS Error: TLS handshake failed
Tue Feb 18 21:57:26 2020 SIGUSR1[soft,tls-error] received, process restarting
Tue Feb 18 21:57:26 2020 MANAGEMENT: >STATE:1582081046,RECONNECTING,tls-error,,,,,
Tue Feb 18 21:57:26 2020 Restart pause, 5 second(s)

Centos 8 VPN Instaltion
 

I yielded to other advice and started over, removing the openvpn that I had and went to
https://www.howtoforge.com/tutorial/...3-on-centos-8/

Everything was going well until I was
5-Enable Port-Forwarding and Configure Routing in Firewalld
and
Enable NAT for OpenVPN internal IP address '10.5.0.0/24' to the external IP address 'SERVERIP'.
I followed the instructions as written
but after "SERVERIP ...
and then "firewall-cmd --permanent...
I get an Error
list index out of range
looking through other items is seems that the awk command is the culprit, but I'm not sure what to do
Thanks for any help

Do you get this error when running firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADE? If so, it was issued by firewall-cmd, not awk.

What is the value of SERVERIP? What is the output of ip route get 1.1.1.1?

EDIT: "list index out of range" is probably a Python error, and firewall-cmd is written in Python.

Centos 8 VPN Instaltion
 

Thank you for your response.
I did not get an error running
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADE

It was issued by entering firewall-cmd --reload

If I reenter the first firewall-cmd, I get

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADE

Warning: ALREADY_ENABLED: passthrough 'ipv4', '['-t', 'nat', '-A', 'POSTROUTING', '-s', '10.5.0.0/24', '-o', '192.168.1.2', '-j', 'MASQUERADE']'
success

I hope this helps
Thank you for your help