Re: Missing easy-rsa package
On 20/12/14 04:47 AM, Reinis Ivanovs wrote:
The Debian Wiki guide I linked to doesn't work without easy-rsa, and
basically every guide I've seen for configuring openvpn with TLS relies
on easy-rsa, so a very common use case for openvpn isn't possible
without the easy-rsa package, so it should be fair to say that the
openvpn package is not fully usable without the easy-rsa package.
Moreover, following strict security practices isn't always necessary, so
I'm not sure why it needed to be brought up. I'm not setting up openvpn
for an organization, just for myself and a quick test, so it's not
relevant where the CA is. Finally, it's rather clear that you're
replying to keywords and not the meaning of the message, which is more
consistent with skimming or scanning, not reading. Declaring that the
discussion is over is also a nice touch. All in all, it's been a very
pleasant experience to take the time and try and report a problem with
I'm not sure how familiar you are with Debian backports so I will offer
this.. Perhaps you would have more chance to get satisfaction if you
took up the issue with the maintainer of the package you want to be able
to use rather than with the FTPMaster of the backports repository. It
has probably been frustrating for you not being able to do the test you
wanted but, until now, no one knew what you were trying so the security
advice offered by the FTPMaster did seem appropriate to me.
If you had been upgrading openvpn on a working stable (pure wheezy)
system to a newer version of openvpn with the backport then you would
have just copied the necessary files to the proper location as
instructed by the wiki:
# cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* easy-rsa/"
Much of this probably falls under the heading of backport users are
expected to be more knowledgeable than the "average" user and backports
are considered an advanced topic.
Of course, it may take some patience, as you might not get a quick reply
to your suggestion. Lots of people might be busy at this time of year
and not have time to check the list often or backport a package for you
so that you can make a "quick test". The argument that the openvpn
backport isn't fully functional without a backport of easy-rsa is
probably best made with the maintainer of the package, if they agree
with you maybe they will make such a backport.
With the release of the next stable coming up it is possible that there
won't be a lot of concern regarding this trivial issue, don't take that
Hope this helps.
By the way, this list is a bottom posting list, that is the example Alex
is using throughout to make it easier to read in sequence.