Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: nicolatiana on May 09, 2022, 07:00:09 PM

Title: OpenVpn Server - Migration to another server
Post by: nicolatiana on May 09, 2022, 07:00:09 PM

I faced the problem with Sme9 but, at the time, I had only few users using it and recreating server certificates and then client ones was not a great problem.
Now I should migrate a server with about 35 users (from Sme9 to Sme10) and I'd like to know if a migration is possible/allowed.

Title: Re: OpenVpn Server - Migration to another server
Post by: Jean-Philippe Pialasse on May 09, 2022, 09:48:45 PM

theorically you could, it is just a matter of moving certificates from one pki to another.  However you should not for 3 reasons:
- you need to reconfigure all your clients anyway to use higher cipher and mac
- newer pki version use stronger keys. 
- doing all the work of the first point you really want to be ok for ten years and nor doing it again in 5 years because you reused weaker keys that are already 5 years old. and in 5 years you probably will have 70 clients to deal with.

Title: Re: OpenVpn Server - Migration to another server
Post by: nicolatiana on May 11, 2022, 01:55:28 PM

Maybe I'll build a separate small-indipendent SME10 VM box hosting only VPN server to re-create user certificates before migration and perform a gradual migration on VPN users without interference on fileserver migration.


Many thanks JPP

Title: Re: OpenVpn Server - Migration to another server
Post by: Jean-Philippe Pialasse on May 11, 2022, 10:04:07 PM

have a read about that specific for openvpn, it should be able to handle that in a single server ( but not without manual customization   on SME )

Title: Re: OpenVpn Server - Migration to another server
Post by: nicolatiana on May 16, 2022, 04:00:13 PM

What do you mean ?  :?: