OpenVPN Web GUI
This project is a complete web-based management interface to OpenVPN. It shows the complete status of all the current active servers and clients on the server, as well as providing complete management of new servers and clients.
Project is being written completely on PHP 5 with openssl and Smarty. However, it is being tested and used in production on a CentOS system, which is using PHP 4
The current version supports the following functionality:
a) view status of openvpn server, either by using the management interface (if configured) or by reading the status file. In both cases, it will
get the configuration from the conf file. If used, the status file is refreshed every 60 seconds. If that is not happening, than openvpn server is not running.
b) view the list of connected peers. Peers are treated as users there, so we suggest that a peer's information has a name, e-mail and stuff.
c) view the basic configuration options of openvpn package.
d) view the list of all generated OpenVPN servers, and their clients
e) Ability to kill connection with specified user from the web interface
f) Ability to reset or restart OpenVPN. Restart doesn't work if not running as root, so use the reset instead.
g) Ability to create a Windows installer for client systems
This system can be installed on an existing server with pre-existing OpenVPN servers/clients
Limitations of management interface:
1) Only password-less managment currently supported. I`m planning to add user/password authorization with manager later
2) If session with manager already opened (e.g. from telnet) second manager session is not possible. This is an OpenVPN limitation.
The plugins are located in /home/openvpn/www/status/plugins.
The plug-ins should be placed into the subfolder of plugins folder. The registration of each plug-in is being done from the project's config.inc file. Plug-ins's config.inc declares the following files, of which the plug-in consists:
$config['Plugins']['pluginname']['Action']['Name'] = 'What goes into <A> in the top menu';
$config['Plugins']['pluginname']['Action']['Include'] = 'The main PHP file of the plug-in';
$config['Plugins']['pluginname']['Action']['If'] = 'A file to be checked to determine if the tab should be shown';
$config['Plugins']['pluginname']['Action']['Endif'] = 'Any processing after the tab display';
$config['Plugins']['pluginname']['Top Menu']['Label'] = 'What is the text part of <A> in the top menu';
$config['Plugins']['pluginname']['Top Menu']['Tooltip'] = 'What is the tooltip for this <A>';
$config['Plugins']['pluginname']['Top Menu']['Suffix'] = 'What is an optional suffix, adding into <A> after ?Action=$ActionName';
$config['Plugins']['pluginname']['Left']['Menu'] = 'The Smarty template for the left menu';
$config['Plugins']['pluginname']['Left']['Status'] = 'The Smarty template for the status window';
Review the supplied example of the simple system check plug-in, it will tell you the rest of how is the plug-in plugs in :)
If you have pre-existing OpenVPN servers/clients, you will need to update the configuration file to set the OpenVPN status file version to 2:
5. In SmartyValidate, I modified the email validation code because it was not properly validating.
The basic code was forked from a 5 year old, dorment project called
Openvpn-web-gui. The URL for it is:
The Windows executable code was contributed by Alex Samorukov to the original project, and modified
Use the OpenVPN management port instead of the status file
I am open to suggestions. Right now, I hope to get a complete OpenSSL management tool integrated into this, the idea being that you can manage all your security certs and configs from one interface.
I was recently working on a Perl script that would SSH to another server and run a sudo command on the remote server that was failing. The error that was received is below.
Error: sudo: sorry, you must have a tty to run sudo
The reason for this is an update along the way with sudo locked it down further by adding the below line to /etc/sudoers configuration file. In the file, it now has:
To allow a remote script to login and run a command via sudo simply comment out that line as shown below.
# Commented out so remote script can login and run a command without a tty
# Defaults requiretty
I would suggest making a comment in the sudoers file along with the actual script that is running just in case there is another systems administrator that is tasked with working on this server at a later date. Now when your script runs it will not throw that error and should be able to run the remote command that was initially required.
0.0.0 First release, management page only
0.1.0 Second release. Full OpenVPN control, certificate revocation,
installation scripts, Windows installation files