OpenVPN-web-ui
Summary
OpenVPN server web administration interface.
Goal: create quick to deploy and easy to use solution that makes work with small OpenVPN environments a breeze.
If you have docker and docker-compose installed, you can jump directly to installation.
Please note this project is in alpha stage. It still needs some work to make it secure and feature complete.
Motivation
Features
- status page that shows server statistics and list of connected clients
- easy creation of client certificates
- ability to download client certificates as a zip package with client configuration inside
- log preview
- modification of OpenVPN configuration file through web interface
Screenshots
Screenshots
Usage
After startup web service is visible on port 8080. To login use the following default credentials:
- username: admin
- password: b3secure (this will be soon replaced with random password)
Please change password to your own immediately!
Prod
Requirements:
- docker and docker-compose
- on firewall open ports: 1194/udp and 8080/tcp
Execute commands
curl -O https://raw.githubusercontent.com/vuonglequoc/openvpn-web-ui/master/docs/docker-compose.yml
docker-compose up -d
It starts two docker containers. One with OpenVPN server and second with OpenVPNAdmin web application. Through a docker volume it creates following directory structure:
.
├── docker-compose.yml
└── openvpn-data
├── openvpn
│ ├── client-configs
│ │ ├── files
│ │ │ └── client_*.ovpn
│ │ └── keys
│ │ └── client_*.crt
│ │── pki
│ │ ├── private
│ │ │ ├── client_*.key
│ │ │ └── server.key
│ │ ├── reqs
│ │ │ ├── client_*.req
│ │ │ └── server.req
│ │ ├── dh2048.pem
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ ├── ta.key
│ │ ├── openssl-easyrsa.cnf
│ │ └── safessl-easyrsa.cnf
│ ├── log
│ │ ├── ipp.txt
│ │ ├── openvpn.log
│ │ └── openvpn-status.log
│ ├── server.conf
│ └── vars
├── ca_server
│ ├── pki
│ │ ├── certs_by_serial
│ │ │ └── *.pem
│ │ ├── issued
│ │ │ ├── client_*.crt
│ │ │ └── server.crt
│ │ ├── private
│ │ │ └── ca.key
│ │ ├── reqs
│ │ │ ├── client_*.req
│ │ │ └── server.req
│ │ ├── ca.crt
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── index.txt.attr.old
│ │ ├── index.txt.old
│ │ ├── index_ok.txt
│ │ ├── serial
│ │ └── serial.old
│ └── vars
└── db
└── data.db
Dev
Requirements:
Execute commands:
go get github.com/vuonglequoc/openvpn-web-ui
cd $GOPATH/src/github.com/vuonglequoc/openvpn-web-ui
bee run -gendoc=true
Source code structure
.
├── build
│ ├── Dockerfile
│ └── [build scripts]
├── conf
│ ├── app.conf
│ ├── openvpn-client-config.tpl
│ └── openvpn-server-config.tpl
├── controllers # MVC
├── docs
│ ├── docker-compose.yml
│ └── [documents]
├── lib # Lib for controllers
├── models # MVC
├── routers # Application routes
├── static # CSS, Img, JS
├── swagger # RESTful APIs (beego generated)
├── vendor
├── view # MVC - AdminLTE
│ ├── common
│ │ ├── alert.html
│ │ ├── footer.html
│ │ ├── fvalid.html
│ │ └── [header].html
│ ├── layout
│ │ └── base.html
│ └── [page].html
├── main.go
├── go.mod
├── go.sum
├── LICENSE
└── README.md
Compiled structure
.
├── conf
│ ├── app.conf
│ ├── openvpn-client-config.tpl
│ └── openvpn-server-config.tpl
├── db
│ └── data.db
├── static
├── swagger
├── view # MVC
│ ├── common
│ │ ├── alert.html
│ │ ├── footer.html
│ │ ├── fvalid.html
│ │ └── [header].html
│ ├── layout
│ │ └── base.html
│ └── [page].html
├── openvpn-web-ui # main app
└── LICENSE
Important Note
Management interface
OpenVPNAdmin will manage OpenVPN daemon via management api.
https://openvpn.net/community-resources/how-to/
In order to enable management api for OpenVPN daemon, we need to add below config to the config file server.conf
:
management 0.0.0.0 2080
In the Settings
of OpenVPNAdmin, update Management interface address
with IP of OpenVPN daemon and same port as above (2080).
Logging
OpenVPNAdmin will read OpenVPN daemon log from /etc/openvpn/log/openvpn.log
.
In order to enable this log for OpenVPN daemon, we need to add below config to the config file server.conf
:
log-append /etc/openvpn/log/openvpn.log
SSL
Added SSL Support by adding HTTPS config in app.conf
appname = openvpn-web-ui
httpport = 8080
runmode = dev
EnableGzip = true
EnableAdmin = true
sessionon = true
CopyRequestBody = true
HTTPSCertFile = /opt/certs/vpn.example.com/cert.pem
HTTPSKeyFile = /opt/certs/vpn.example.com/privkey.pem
HTTPSPort = 443
EnableHTTPS = true
DbPath = "./data.db"
Todo
- add unit tests
- add option to modify certificate properties
- generate random admin password at initialization phase
- add versioning
- add automatic ssl/tls (check how ponzu did it)
Vendoring
To update dependencies from GOPATH:
go mod vendor
Template
- AdminLTE 2.3.7 - dashboard & control panel theme. Built on top of Bootstrap.
- Bootstrap 3.3.7
- FontAwesome 5.15.3
- Ionicons 2.0.0
- iCheck 1.0.2
License
This project uses MIT license