VPN close to being done
diff --git a/containers/xos/Dockerfile.devel b/containers/xos/Dockerfile.devel
index 17ae9c9..ef6753b 100644
--- a/containers/xos/Dockerfile.devel
+++ b/containers/xos/Dockerfile.devel
@@ -101,5 +101,4 @@
 RUN echo "set_var EASYRSA	/opt/openvpn/easyrsa3" | tee /opt/openvpn/easyrsa3/vars
 RUN /opt/openvpn/easyrsa3/easyrsa --batch init-pki
 RUN /opt/openvpn/easyrsa3/easyrsa --batch gen-dh
-RUN /opt/openvpn/easyrsa3/easyrsa --batch gen-crl
 RUN chmod 777 /opt/openvpn/easyrsa3/pki/dh.pem
diff --git a/xos/configurations/devel/docker-compose.yml b/xos/configurations/devel/docker-compose.yml
index d8d652f..d4f6c3b 100644
--- a/xos/configurations/devel/docker-compose.yml
+++ b/xos/configurations/devel/docker-compose.yml
@@ -29,7 +29,7 @@
         - ctl:${MYIP}
     volumes:
         - ../setup/id_rsa:/opt/xos/synchronizers/vpn/vpn_private_key:ro  # private key
-
+        - /opt/openvpn:/opt/openvpn:rw
 # FUTURE
 #xos_swarm_synchronizer:
 #    image: xosproject/xos-swarm-synchronizer
@@ -48,3 +48,4 @@
       - ../setup:/root/setup:ro
       - ../common/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
       - ../../core/static/vpn:/opt/xos/core/static/vpn:rw
+      - /opt/openvpn:/opt/openvpn:rw
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index 9e7255b..0f474d3 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py
@@ -167,14 +167,18 @@
         pki_dir = "/opt/openvpn/easyrsa3/server-" + self.instance.id
         if (not os.path.isdir(pki_dir)):
             os.makedirs(pki_dir)
-            shutil.copy2("/opt/openvpn/easyrsa3/", pki_dir)
+            shutil.copy2("/opt/openvpn/easyrsa3/openssl-1.0.cnf", pki_dir)
+            shutil.copy2("/opt/openvpn/easyrsa3/easyrsa", pki_dir)
+            shutil.copytree("/opt/openvpn/easyrsa3/x509-types", pki_dir + "/x509-types")
+            Popen(pki_dir + "/easyrsa --batch init-pki nopass", shell=True, stdout=PIPE).communicate()
             Popen(pki_dir + "/easyrsa --batch --req-cn=XOS build-ca nopass", shell=True, stdout=PIPE).communicate()
+
             self.instance.ca_crt = self.generate_ca_crt(self.instance.id)
         return result
 
     def generate_ca_crt(self, server_id):
         """str: Generates the ca cert by reading from the ca file"""
-        with open("/opt/openvpn/easyrsa3/server-" + server_id + "/ca.crt") as crt:
+        with open("/opt/openvpn/easyrsa3/server-" + server_id + "/pki/ca.crt") as crt:
             return crt.readlines()
 
     class Meta:
diff --git a/xos/services/vpn/models.py b/xos/services/vpn/models.py
index 72a6407..d190424 100644
--- a/xos/services/vpn/models.py
+++ b/xos/services/vpn/models.py
@@ -212,10 +212,10 @@
         return script
 
     def get_client_cert(self, client_name):
-        return open("/opt/openvpn/easyrsa3/server-" + self.id + "/issued/" + client_name + ".crt").readlines()
+        return open("/opt/openvpn/easyrsa3/server-" + self.id + "/pki/issued/" + client_name + ".crt").readlines()
 
     def get_client_key(self, client_name):
-        return open("/opt/openvpn/easyrsa3/server-" + self.id + "/private/" + client_name + ".key").readlines()
+        return open("/opt/openvpn/easyrsa3/server-" + self.id + "/pki/private/" + client_name + ".key").readlines()
 
     def generate_client_conf(self, client_name):
         """str: Generates the client configuration to use to connect to this VPN server.
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
index d90f40f..99cb83d 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.py
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py
@@ -43,7 +43,10 @@
 
     def run_playbook(self, o, fields):
         # Generate the server files
-        (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/easyrsa --batch build-server-full server-" + o.id + " nopass", shell=True, stdout=PIPE).communicate()
+        (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch build-server-full server nopass", shell=True, stdout=PIPE).communicate()
+        print(str(stdout))
+        print(str(stderr))
+        (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch gen-crl", shell=True, stdout=PIPE).communicate()
         print(str(stdout))
         print(str(stderr))
         super(SyncVPNTenant, self).run_playbook(o, fields)
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
index 2642828..256dd63 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
@@ -27,16 +27,16 @@
     file: path=/opt/openvpn/server-{{ tenant_id }} state=directory
 
   - name: get server key
-    copy: src=/opt/openvpn/easyrsa3/pki/private/server-{{ tenant_id }}.key dest=/opt/openvpn/server-{{ tenant_id }}/server.key
+    copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/private/server.key dest=/opt/openvpn/server-{{ tenant_id }}/server.key
 
   - name: get server crt
-    copy: src=/opt/openvpn/easyrsa3/pki/issued/server-{{ tenant_id }}.crt dest=/opt/openvpn/server-{{ tenant_id }}/server.crt
+    copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/issued/server.crt dest=/opt/openvpn/server-{{ tenant_id }}/server.crt
 
   - name: get ca crt
-    copy: src=/opt/openvpn/easyrsa3/pki/ca.crt dest=/opt/openvpn/ca.crt
+    copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/ca.crt dest=/opt/openvpn/ca.crt
 
   - name: get crl
-    copy: src=/opt/openvpn/easyrsa3/pki/crl.pem desk=/opt/openvpn/crl.pem
+    copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/crl.pem dest=/opt/openvpn/crl.pem
 
   - name: get dh
     copy: src=/opt/openvpn/easyrsa3/pki/dh.pem dest=/opt/openvpn/dh.pem
@@ -63,8 +63,8 @@
        ca /opt/openvpn/ca.crt
        cert /opt/openvpn/server-{{ tenant_id }}/server.crt
        key /opt/openvpn/server-{{ tenant_id }}/server.key
-       dh /opt/openvpn/dh.pem
-       crl-verify /opt/openvpn/crl.pem
+       dh /opt/openvpn/server-{{ tenant_id }}/dh.pem
+       crl-verify /opt/openvpn/server-{{ tenant_id }}/crl.pem
        server {{ server_network }} {{ vpn_subnet }}
        ifconfig-pool-persist /opt/openvpn/server-{{ tenant_id }}/ipp.txt
        comp-lzo