cad / ovpm Goto Github PK
View Code? Open in Web Editor NEWOpenVPN Management Server - Effortless and free OpenVPN server administration tool
License: GNU Affero General Public License v3.0
OpenVPN Management Server - Effortless and free OpenVPN server administration tool
License: GNU Affero General Public License v3.0
We need to not allow adding duplicate static IPs to the users.
Hello Cad,
I just did a clean install on Ubuntu 16.04 LTS from scratch and have no issues at all..!!
Everything works smooth ..!!
After the service start, go to http://myovpm.local.ip:8080 , the site is ok and ask for User/Pass.
I can´t find this information to Log IN, what is needed to access through webUI ?
Man... your project will help a lot of people and it´s better every release.., thank you for your time and knowledge to keep going...
Hello , i'm really excited with this project , a light in the end of tunnel ;) , Thankyou very much to this iniciative...
I Just do a clean install on a new and updated ubtuntu 16.04 LTS version , and got a little problem...
After install and try to start with systemctl start ovpmd.service , it's not starting, doing a LOG look, i found the ovpmd.service at /usr/lib/systemd/system/ovpmd.service , set o wrong path to ovpmd.
ExecStart=/sbin/ovpmd
On my system is on /usr/sbin/ , after edit the file above, everything works perfect..!
Forgot to say that i install using the Debian/Ubuntu method, adding the repo onubuntu and using apt-get install ovpmd..!
Thanks again..!! i will try now to understand how it works, and if i can set it up to work like i already use on another server ;) Cya.
Make rpm package and push it to a repo on git tag push.
When freshly initialized, ovpmd doesn't launch OpenVPN process.
We need to be able to edit user's attributes from cli.
Hello...
Please , i'm expect not bothering you , but the GROUP for ubuntu is nogroup , and reading the code of last version, i suspect was set nobody ;)
Soon, i will do a new ubuntu installation from zero , and i let you know, if everything is ok ;), i will wait this change, but no hurry..!!
Thanks again for this great iniciative :)
I have some ideas for future, based on my actual use... , but basic is the flexibility to configure parameters on server.conf and ccd files..
I not set the vpn as default gateway, instead i configure on ccd for especific "user" routes like below...
I used to fix IP for every user on ccd too...
This way, i just catch traffic from user machine to specific hosts like example above( 10.0.1.10 and 10.0.1.15 ) , everything else goes to users default gateway(local internet).
I have another level of protection, on external firewall, where i create a ip based rule, this is why i use fixed IP on ccd file, i have low users + - 45, and use this another firewall to control access...
I will try to use an iptables on ovpn server machine too , but not yet...
Thankyou One more time and sorry my bad english, im from Brasil. o/
Cya.
Right now ip addresses are assigned dynamically (from range), but it's requested that some users should have static ip adresses.
Right now we are pushing 8.8.8.8 to clients. It should be configurable.
It would be better to be able to see user's vpn ip address in the cli command vpn user list
output .
When updating a user with static ip address, the command fails.
ns-cert-type server is needed for the OpenVPN clients whose version is below 2.3.
When adding a ROUTE type network; --cidr
flag doesn't work as documented.
It should accept an IPv4 addr, but instead it requires CIDR and if an CIDR is provided with /32
prefix it still doesn't add the provided via hop.
Call emit after ovpmd start.
Currently user passwords are stored in plain. It should be kept as a salted hash using one of the strong password hashing algorithms.
We need to test CLI as well.
After collecting metrics, it would be nice to have a quota enforcement feature.
Unit tests are needed.
It would be nice to show currently connected VPN users and their location etc.
One way would be to talk OpenVPN's RPC protocol. The other would be arpsweep.
Notes:
# in server.conf
management localhost 7505
Hello Cad,
After your help, i successfully log on WEBUI, i go to NETWORKS , and create Two ROUTED Networks..
OVPM_Users 10.0.0.1/24
OVPM_Servers 10.0.0.2/24
No problem to create, but when i go to command line to list these NETWORKS , got a error...
root@stargate:/usr/local# ovpm net l
ERRO[0000] assoc users can not be fetched: rpc error: code = Unknown desc = validation error: OVPM_Users
can only contain letters and numbers
root@stargate:/usr/local#
So, i go to delete the OVPM_Users and another issue , i can´t delete from WEBUI , maybe because the name OVPM_Users is not ok because contain not allowed char., will try to delete from command line..
Hope It Helps... and im not wrong in the way i use it...
My intention, was create 2 networks and after that, isolate clients on your own network , than create more flexible rules in my firewalll based on networks.
Thanks..!!
We need to sepetate cli with the engine.
It's needed to have a password reset command in the cli.
We need to be able to set nat masquerading on the vpn host. This can be achieved through injectin iptables rules to the host.
ovpm daemon should handle Interrupt signal and gracefully shutdown itself.
Right now it gives 500 error.
Right now it's allowed. But it shouldn't be.
The initial plan is gRPC API is to be only for the CLI and it to listen only on 127.0.0.1
on the same host with the server, which is where the ovpmd
runs.
And HTTP REST API to listen on all interfaces and be public.
So this renders us to implement an Authentication Service where the users can get an opaque, Bearer auth token
, in exchange for their authentication credentials.
And authentication required operations on the rest of the API will be subject to checks on this token and they will get authorized accordingly.
It would be better if we can launch and stop the openvpn procces from ovpmd.
It's not ensured at the moment.
It might be nice to see network bandwidth metrics as a graph.
Notes:
Right now ovpm pushes the vpn server as the default gw for all users. It's better to make it selectable.
An INI like configuration file for static options in OVPM would be nice.
Add option to specify initial ip block for the vpn during initialization.
It wouldn't be bad to support LDAP on the auth backend.
OpenVPN process should be restartable via grpc or rest.
We need a primitive Web UI for both users and admins.
Admin interface would be capable of doing nearly all the tasks that can be done via CLI.
User interface would enable users to log in, download their .ovpn configurations and maybe download OpenVPN binaries based on the device, OS and architecture detected when they are logged in to the Web UI.
Also, another matter is Port Sharing. It would be nice to use the same port for both HTTP and OpenVPN at the same time.
One approach could be to implement such logic that if the VPN and Web UI is configured to use the same port, it would change the actual Web UI port to something else and use port-share
option implicitly to redirect non-VPN traffic to that port.
Also for the web interface and rest API, it would be nice to have auto-renewing let's encrypt.
Notes:
Docs for usage and program api is needed.
Bash completion for cli.
$ ovpm net create --name testnetwork --type ROUTE --cidr 192.168.1.3/32
This will autmatically set vpn server as the gateway for the route.
$ ovpm net create --name testnetwork --type ROUTE --cidr 192.168.1.0/24 --via 10.10.100.3
This second use will set the ip address that is specified by the --via
flag as the gateway for the route.
When yum remove ovpm is run. First ensure running ovpmd is stopped.
group 'nobody' doesn't exist in Ubuntu 17.04 (Zesty Zapus), it causes error and ovpmd is not running.
We need to be able to control OpenVPN process seperately and explicitly.
Write a documentation for the ovpm REST and gRPC APIs. Put it up on the Wiki.
Add configuration flags for vpn protocol type (udp or tcp) during initialization.
We need to be able to define which networks on the vpn server host can be accessed by which users.
It would be great if we can get it listen on both udp and tcp at the same time.
Important links:
This option is needed for backup purposes.
Adding wildcard options *
to the cli would be helpfull in cases like;
etc...
Show network types in cli.
e.g
$ ovpm net types
...
<table of availabe network types with their descriptions>
...
Find some way to edit usernames.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.