===================== READY FOR PRODUCTION USE =======================
Known bugs have all been fixed It should be ready for production use.
This projects is a front-end user management platform based on OpenVPN.
It right now has the following features:
1.1 Login to view the account status, including information such as total quota, used quota and left quota.
1.2 Change the password.
1.3 View the installation instruction.
2.1 Login to view all users and admins.
2.2 Add new users and admins.
2.3 Delete users and admins.
2.4 Change admin password.
All mysql connections are made by using PHP mysql extension. In future, it is urgent to move to mysqli extension instead to avoid any secruity issues.
The system is now Chinese version only. Multi-language support is considered to be added later.
Front-end UI design is being developed.
Add user with custom attributes.
To be continued.
You have to install openvpn first on your server. It needs openvpn-auth-pam.so in the openvpn directory. It can be find in the resource directory. For Debian you may use the following command:
pam-mysql needs to be installed. For Debian, use the following command to install it:
cp /usr/lib/openvpn/openvpn-auth-pam.so /etc/openvpn/
Also, you need to config pam-mysql. Add the following TWO lines in to '/etc/pam.d/openvpn'. If it doesn't exist, just create a new file:
aptitude install libpam-dev libpam-mysql libmysql++-dev sasl2-bin
Remember to change the user, passwd, host and db according your database.
auth optional pam_mysql.so user=openvpn passwd=PASSWORD host=localhost db=openvpn table=user usercolumn=username passwdcolumn=password where=active=1 crypt=2 account required pam_mysql.so user=openvpn passwd=PASSWORD host=localhost db=openvpn table=user usercolumn=username passwdcolumn=password where=active=1 crypt=2
to start sasl authrization service.
saslauthd -a pam
In your server.conf:
In your client.conf
Add # user/pass auth from mysql plugin ./openvpn-auth-pam.so openvpn client-cert-not-required username-as-common-name # record in database script-security 2 client-connect ./connect.sh client-disconnect ./disconnect.sh
If any part of the above code is already in your configuration file, don't just add it, but modify the existing config to above.
Comment out cert client.crt key client.key Add auth-user-pass
Copy connect.sh and disconnect.sh from Script directory to the directory where OpenVPN is installed. /etc/openvpn for Debian.
The user runs openvpn process needs to have executing permission on connect.sh and disconnect.sh. You need to change the database connection information in connect.sh and disconnect.sh