OpenVPN Web GUI

 

 

This project is a complete web-based management interface to OpenVPN.  It shows the complete status of  all the current active servers and clients on the server, as well as providing complete management of new servers and clients.  

Project is being written completely on PHP 5 with openssl and Smarty.  However, it is being tested and used in production on a CentOS system, which is using PHP 4

 

The current version supports the following functionality:

a) view status of openvpn server, either by using the management interface (if configured) or by reading the status file.  In both cases, it will

   get the configuration from the conf file. If used, the status file is refreshed every 60 seconds. If that is not happening, than openvpn server is not running.

b) view the list of connected peers. Peers are treated as users there, so we suggest that a peer's information has a name, e-mail and stuff.

c) view the basic configuration options of openvpn package.

d) view the list of all generated OpenVPN servers, and their clients

e) Ability to kill connection with specified user from the web interface

f) Ability to reset or restart OpenVPN.  Restart doesn't work if not running as root, so use the reset instead.

g) Ability to create a Windows installer for client systems

 

This system can be installed on an existing server with pre-existing OpenVPN servers/clients

 

Limitations of management interface:

1) Only password-less managment currently supported. I`m planning to add user/password authorization with manager later

2) If session with manager already opened (e.g. from telnet) second manager session is not possible. This is an OpenVPN limitation.

 

 

PLUG-INS SUPPORT

 

The plugins are located in /home/openvpn/www/status/plugins.

 

The plug-ins should be placed into the subfolder of plugins folder. The  registration of each plug-in is being done from the project's config.inc file.  Plug-ins's config.inc declares the following files, of which the plug-in consists:

 

$config['Plugins']['pluginname']['Action']['Name']      = 'What goes into <A> in the top menu';

$config['Plugins']['pluginname']['Action']['Include']   = 'The main PHP file of the plug-in';

$config['Plugins']['pluginname']['Action']['If']        = 'A file to be  checked to determine if the tab should be shown';

$config['Plugins']['pluginname']['Action']['Endif']     = 'Any processing  after the tab display';

$config['Plugins']['pluginname']['Top Menu']['Label']   = 'What is the text part of <A> in the top menu';

$config['Plugins']['pluginname']['Top Menu']['Tooltip'] = 'What is the tooltip for this <A>';

$config['Plugins']['pluginname']['Top Menu']['Suffix']  = 'What is an optional suffix, adding into <A> after ?Action=$ActionName';

$config['Plugins']['pluginname']['Left']['Menu']        = 'The Smarty template for the left menu';

$config['Plugins']['pluginname']['Left']['Status']      = 'The Smarty template for the status window';

 

Review the supplied example of the simple system check plug-in, it will tell you the rest of how is the plug-in plugs in :)

 

Caveats

 

If you have pre-existing OpenVPN  servers/clients, you will need to update the configuration file to set the OpenVPN status file version  to 2:

 

    status-version 2

    

5.  In SmartyValidate, I modified the email validation code because it was not properly validating.

 

 

Notes

 

The  basic  code  was  forked  from  a 5  year  old,  dorment  project  called

Openvpn-web-gui.  The URL for it is:

    http://openvpn-web-gui.sourceforge.net

The Windows executable code was contributed by Alex Samorukov to the original project, and modified

 

 

Future Expansion

 

Use the OpenVPN management port instead of the status file

 

I am  open  to  suggestions.  Right  now, I  hope  to get a  complete  OpenSSL management  tool  integrated into this, the idea being that you can manage all your security certs and configs from one interface.

 

 

NOTES

 

I was recently working on a Perl script that would SSH to  another server and run a sudo command on the remote server  that was failing. The error that was received is below. 

 

Error: sudo: sorry, you must have a tty to run sudo

 

The reason for this is an update along the way with sudo locked  it down further by adding the below line to /etc/sudoers configuration  file.  In the file, it now has:

 

    Defaults requiretty

 

To allow a remote script to login and run a command via sudo simply comment out that line as shown below.

 

    # Commented out so remote script can login and run a command without a tty

    # Defaults requiretty

 

I would suggest making a comment in the sudoers file along with the actual script that is running just in case there is another systems administrator that is tasked with working on this server at a later date. Now when your script runs it will not throw that error and should be able to run the remote command that was initially required.

 

 

HISTORY

 

0.0.0   First release, management page only

 

0.1.0   Second release.  Full OpenVPN control, certificate revocation,

        installation scripts, Windows installation files