openvpn-management/README.md

# openvpn-management

OpenVPN management and monitoring utils.

* [`ovpn_status`.py](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn_status-py)
* [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-client-management-sh)

____

## `ovpn_status`.py

**Description:**  
> OpenVPN server status parser.  

**Dependencies:**  
>
> * privileged rights
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [cryptography](https://cryptography.io/) Python 3 module (tested version 41.0.1)
> * [requests](https://requests.readthedocs.io/) Python 3 module (tested version 2.31.0)
> * Existing `status`, `server`, `ca`, `cert` options in [server.conf](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/#options)

| PARAMETERS   |       DESCRIPTION      |    DEFAULT    |
|--------------|------------------------|---------------|
|**[-s, --server_conf]**|path to OpenVPN server configuration file|**REQUIRED**|
|**[-f, --filter]**|client names filter by regex|`.*`|
|**[-g, --geo]**|check client real ip geo location (may be slow)|`None`|

Example usage with Zabbix agent:  

```bash
# add options to openvpn server config file
sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF'
status /var/log/openvpn/openvpn-status.log
status-version 2
server 10.0.0.0 255.0.0.0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
EOF
sudo systemctl restart openvpn@server
```

```bash
# install dependencies
sudo pip install cryptography requests
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn_status.py -O /etc/openvpn/server/ovpn_status.py
sudo chmod +x /etc/openvpn/server/ovpn_status.py
```

```bash
# edit sudoers
sudo sh -c "echo '
zabbix  ALL=(ALL) NOPASSWD:/etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
' > /etc/sudoers.d/zabbix_agentd"
# check permission
sudo -u zabbix sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
```

```bash
# add UserParameter to Zabbix agent
sudo sh -c "echo '
Timeout=30
AllowRoot=0
UserParameter=discovery.ovpn, sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
' >> /etc/zabbix/zabbix_agentd.conf"
sudo systemctl restart zabbix-agent
```

Download [OpenVPN_by_Zabbix_agent.yaml](https://git.hmp.today/pavel.muhortov/zabbix/raw/branch/master/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml) template  
Zabbix Server -> Configuration -> Templates -> Import template

____

## `ovpn-client-management`.sh

**Description:**  
> Creating or deleting client config for openvpn and sending config and info to email/telegram.  

**Dependencies:**  
>
> * privileged rights
> * chpasswd
> * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * tar
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)

|  POSITION | PARAMETERS   |       DESCRIPTION      |    DEFAULT    |
|-----------|--------------|------------------------|---------------|
|     1     |**add\|del**|add or delete client config|**REQUIRED**|
|     2     |**\<username\>**|client username|**REQUIRED**|
|     3     |**\<password\>**|client password|**REQUIRED**|
|     4     |**\<additional\>**|client description||
|     5     |**[-f]**,**[--force]**|service will restart after username delete||

Example usage:  

```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh
sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh
```

```bash
# edit ovpn-client-management.conf
sudo tee /etc/openvpn/server/ovpn-client-management.conf > /dev/null <<'EOF'
# sendmail configuration
from=user@host.zone
pass=password
dest=user@host.zone
smtp=smtp.host.zone
port=587
# telegram configuration
API_KEY=YOURAPIKEY
CHAT_ID=-100123456789
THRD_ID=123
EOF
```

```bash
# create link
ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn
```

```bash
# create client
sudo ./ovpn add username password
```

```bash
# delete client (and restart service for applying changes)
sudo  ./ovpn del username -f
```

```bash
# check journal
tail -f /var/log/openvpn/ovpn-client-management.log
```
moved from utils 2023-05-01 16:55:45 +03:00			`# openvpn-management`
Initial commit 2023-05-01 11:56:22 +03:00
moved from utils 2023-05-01 16:55:45 +03:00			`OpenVPN management and monitoring utils.`
Initial commit 2023-05-01 11:56:22 +03:00
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			* [`ovpn_status`.py](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn_status-py)
moved from utils 2023-05-01 16:55:45 +03:00			* [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-client-management-sh)
Initial commit 2023-05-01 11:56:22 +03:00
			`____`

some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			## `ovpn_status`.py
Initial commit 2023-05-01 11:56:22 +03:00
			`Description:`
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`> OpenVPN server status parser.`
Initial commit 2023-05-01 11:56:22 +03:00
			`Dependencies:`
			`>`
moved from utils 2023-05-01 16:55:45 +03:00			`> * privileged rights`
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))`
fix ovpn_status.py description 2023-07-27 15:11:51 +03:00			`> * [cryptography](https://cryptography.io/) Python 3 module (tested version 41.0.1)`
add dependencies description 2023-08-14 11:32:01 +03:00			`> * [requests](https://requests.readthedocs.io/) Python 3 module (tested version 2.31.0)`
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			> * Existing `status`, `server`, `ca`, `cert` options in [server.conf](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/#options)
Initial commit 2023-05-01 11:56:22 +03:00
fix ovpn_status.py description 2023-07-27 15:11:51 +03:00			`\| PARAMETERS \| DESCRIPTION \| DEFAULT \|`
			`\|--------------\|------------------------\|---------------\|`
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`\|[-s, --server_conf]\|path to OpenVPN server configuration file\|REQUIRED\|`
			\|[-f, --filter]\|client names filter by regex\|`.*`\|
fix ovpn_status.py description 2023-07-27 15:11:51 +03:00			\|[-g, --geo]\|check client real ip geo location (may be slow)\|`None`\|
Initial commit 2023-05-01 11:56:22 +03:00
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`Example usage with Zabbix agent:`

			```bash
			`# add options to openvpn server config file`
			`sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF'`
			`status /var/log/openvpn/openvpn-status.log`
			`status-version 2`
			`server 10.0.0.0 255.0.0.0`
			`ca /etc/openvpn/easy-rsa/pki/ca.crt`
			`cert /etc/openvpn/easy-rsa/pki/issued/server.crt`
			`EOF`
			`sudo systemctl restart openvpn@server`
			```
Initial commit 2023-05-01 11:56:22 +03:00
			```bash
fix ovpn_status.py description 2023-07-27 15:11:51 +03:00			`# install dependencies`
add dependencies description 2023-08-14 11:32:01 +03:00			`sudo pip install cryptography requests`
moved from utils 2023-05-01 16:55:45 +03:00			`# download`
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn_status.py -O /etc/openvpn/server/ovpn_status.py`
			`sudo chmod +x /etc/openvpn/server/ovpn_status.py`
Initial commit 2023-05-01 11:56:22 +03:00			```

moved from utils 2023-05-01 16:55:45 +03:00			```bash
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`# edit sudoers`
			`sudo sh -c "echo '`
			`zabbix ALL=(ALL) NOPASSWD:/etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf`
			`' > /etc/sudoers.d/zabbix_agentd"`
			`# check permission`
			`sudo -u zabbix sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf`
moved from utils 2023-05-01 16:55:45 +03:00			```

			```bash
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`# add UserParameter to Zabbix agent`
			`sudo sh -c "echo '`
			`Timeout=30`
			`AllowRoot=0`
			`UserParameter=discovery.ovpn, sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf`
			`' >> /etc/zabbix/zabbix_agentd.conf"`
			`sudo systemctl restart zabbix-agent`
moved from utils 2023-05-01 16:55:45 +03:00			```

zabbix template moved to zabbix repo 2023-09-10 12:30:11 +03:00			`Download [OpenVPN_by_Zabbix_agent.yaml](https://git.hmp.today/pavel.muhortov/zabbix/raw/branch/master/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml) template`
some shell scripts replaced ovpn_status.py 2023-07-27 13:53:33 +03:00			`Zabbix Server -> Configuration -> Templates -> Import template`

moved from utils 2023-05-01 16:55:45 +03:00			`____`

			## `ovpn-client-management`.sh

			`Description:`
added sending config to telegram 2024-01-05 00:25:07 +03:00			`> Creating or deleting client config for openvpn and sending config and info to email/telegram.`
moved from utils 2023-05-01 16:55:45 +03:00
			`Dependencies:`
			`>`
			`> * privileged rights`
			`> * chpasswd`
			`> * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))`
			`> * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))`
			`> * tar`
			`> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))`
			`> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)`

			`\| POSITION \| PARAMETERS \| DESCRIPTION \| DEFAULT \|`
			`\|-----------\|--------------\|------------------------\|---------------\|`
			`\| 1 \|add\\|del\|add or delete client config\|REQUIRED\|`
			`\| 2 \|\<username\>\|client username\|REQUIRED\|`
added additional client description to $faqprofile 2024-01-04 22:10:15 +03:00			`\| 3 \|\<password\>\|client password\|REQUIRED\|`
			`\| 4 \|\<additional\>\|client description\|\|`
			`\| 5 \|[-f],[--force]\|service will restart after username delete\|\|`
moved from utils 2023-05-01 16:55:45 +03:00
			`Example usage:`

			```bash
			`# download`
			`sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh`
			`sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh`
			```

defined ovpn-client-management.conf 2024-01-05 12:15:59 +03:00			```bash
			`# edit ovpn-client-management.conf`
			`sudo tee /etc/openvpn/server/ovpn-client-management.conf > /dev/null <<'EOF'`
added ovpn-client-management.conf 2024-01-06 07:51:38 +03:00			`# sendmail configuration`
defined ovpn-client-management.conf 2024-01-05 12:15:59 +03:00			`from=user@host.zone`
			`pass=password`
			`dest=user@host.zone`
			`smtp=smtp.host.zone`
			`port=587`
			`# telegram configuration`
			`API_KEY=YOURAPIKEY`
			`CHAT_ID=-100123456789`
			`THRD_ID=123`
			`EOF`
			```

moved from utils 2023-05-01 16:55:45 +03:00			```bash
			`# create link`
			`ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn`
			```

			```bash
			`# create client`
			`sudo ./ovpn add username password`
			```

			```bash
			`# delete client (and restart service for applying changes)`
			`sudo ./ovpn del username -f`
			```

			```bash
			`# check journal`
fixed readme typo 2024-01-06 09:37:04 +03:00			`tail -f /var/log/openvpn/ovpn-client-management.log`
moved from utils 2023-05-01 16:55:45 +03:00			```