2025-01-10T00:06:58.031Z | <chunmei> where do you put this sepia.ovpn file? |
2025-01-10T00:08:03.462Z | <Matt Benjamin> well do the installation of the openvpn server and it's tunnel driver; then this file (and the cert and key files, as shown) go in the config directory selected by the installer |
2025-01-10T00:09:20.538Z | <Matt Benjamin> or, I guess, cacert, key, and tls key--all that comes with the sepia credentials bundle, or it did; I used my old one, but substituted the cacert that was generated last week |
2025-01-10T00:10:06.196Z | <Matt Benjamin> the options here go with the 2.1+ version--earlier versions used that bf-cbc line, it's no longer permitted so commented out |
2025-01-10T00:10:48.471Z | <Matt Benjamin> then you would run the openvpn gui, and can from the app icon, right click and select "sepia" to run |
2025-01-10T00:11:04.250Z | <chunmei> I download OpenVPN-2.6.12-I001-amd64 and installed, is this what you mean to install? |
2025-01-10T00:11:06.225Z | <Matt Benjamin> (presuming you save this as "sepia.ovpn") |
2025-01-10T00:11:10.508Z | <Matt Benjamin> yes, that's it |
2025-01-10T00:11:20.610Z | <Matt Benjamin> it should match fine |
2025-01-10T00:11:59.608Z | <Matt Benjamin> it looks like I am running the config from my user home directory (same as the path in those lines in the file) |
2025-01-10T00:12:12.705Z | <Matt Benjamin> it may be possible to run it from system32, I'm not sure--old versions did |
2025-01-10T00:12:25.466Z | <Zack Cerza> looks like the jenkins queue is just very backed up: 114 in the queue atm, which is more than i remember having seen before |
2025-01-10T00:12:46.808Z | <Matt Benjamin> but you'll know the right path to the config directory because the installer will I believe create it |
2025-01-10T00:13:01.748Z | <chunmei> how to get the cert and key files? |
2025-01-10T00:13:19.141Z | <Matt Benjamin> you need to download the sepia vpn bundle |
2025-01-10T00:13:42.543Z | <Matt Benjamin> your key is the ssh key you generated when you set up your sepia creds |
2025-01-10T00:14:05.872Z | <Matt Benjamin> you do that following the basic sepia instructions--it's not windows specific |
2025-01-10T00:14:43.278Z | <Matt Benjamin> if you had this working from linux somewhere, you have that stuff, unless you're upgrading the cert that was regenerated |
2025-01-10T00:15:36.702Z | <chunmei> I just reference <https://wiki.sepia.ceph.com/doku.php?id=vpnaccess> and which part is download sepia vpn bundle? |
2025-01-10T00:15:45.343Z | <Matt Benjamin> yes |
2025-01-10T00:16:17.060Z | <Matt Benjamin> if you've never used sepia before, you have to follow the instructions to generate a key pair, and share the public key, and the ceph team needs to set up your account |
2025-01-10T00:16:38.082Z | <Matt Benjamin> when it's ready, you can authenticate, and this workflow will work |
2025-01-10T00:17:21.983Z | <Matt Benjamin> thanks, zack |
2025-01-10T00:18:59.749Z | <chunmei> do need download sudo wget <https://filedump.ceph.com/sepia-vpn-client.tar.gz> to my windows system? |
2025-01-10T00:19:14.806Z | <Matt Benjamin> you need to get it and extract the contents, yes |
2025-01-10T00:19:31.072Z | <Matt Benjamin> you need to place the files in there, plus your secret key, into the locations named in the vpn config file |
2025-01-10T00:42:23.653Z | <chunmei> seems I can't run ./sepia/new-client USER@HOST in windows system. |
2025-01-10T01:40:43.663Z | <chunmei> I just install python into windows and try to turn that script again. |
2025-01-10T01:54:41.185Z | <Æmerson> Is something tying up all our jammy hosts? |
2025-01-10T02:22:22.701Z | <chunmei> new-client user@host create secret secret.hash secrets.xxx.tar.gz and I copy them to openvpn/config |
2025-01-10T02:30:35.738Z | <chunmei> I think "sepia_secret" in your sepia.ovpn file is the secret file created by new-client. |
2025-01-10T02:31:12.739Z | <Matt Benjamin> I might be mixing it up with red hat's vpn đŸ™‚ |
2025-01-10T02:31:27.740Z | <Matt Benjamin> I do think that the ceph team needs to set things up, however |
2025-01-10T02:31:43.695Z | <chunmei> what are sepia_new_ca.crt and sepia_tlsauth? |
2025-01-10T02:31:47.285Z | <Matt Benjamin> does new-client not create a public key? |
2025-01-10T02:32:17.578Z | <chunmei> it just create secret(private key) and secret (public) I think. |
2025-01-10T02:32:32.630Z | <chunmei> secrete.hash is public |
2025-01-10T02:32:42.315Z | <Matt Benjamin> those are renamed versions of the sepia ca certificate file, and a pregenerated key that at least used to be distributed with the bundle, and apparently still works. you could try commenting that line out |
2025-01-10T02:33:01.268Z | <Matt Benjamin> (the tlsauth one) |
2025-01-10T02:33:56.177Z | <chunmei> there is ca and tlsauth file in extracted sepia tar. |
2025-01-10T02:34:00.968Z | <Matt Benjamin> you can name them whatever you like; I have several vpn client setups on my system |
2025-01-10T02:34:06.868Z | <Matt Benjamin> so it's the tlsauth file |
2025-01-10T02:34:15.679Z | <Matt Benjamin> it just has a different name in my environment |
2025-01-10T02:34:44.458Z | <chunmei> ok, I will use those files in sepia tar bundle. Thanks! |
2025-01-10T02:34:50.856Z | <Matt Benjamin> sure, yw |
2025-01-10T16:41:18.032Z | <Sridhar Seshasayee> Another instance of this error: <https://jenkins.ceph.com/job/ceph-pull-requests/149349/testReport/junit/projectroot.src.pybind/mgr/run_tox_mgr/> |
2025-01-10T21:48:27.037Z | <David Galloway> Looks like we could afford to shuffle some resources around. I'll ask AdamK to take a look at this Sunday. |