# openvpn-management OpenVPN management and monitoring utils. * [`ovpn_status`.py](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn_status-py) * [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-client-management-sh) ____ ## `ovpn_status`.py **Description:** > OpenVPN server status parser. **Dependencies:** > > * privileged rights > * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * [cryptography](https://cryptography.io/) Python 3 module (tested version 41.0.1) > * [requests](https://requests.readthedocs.io/) Python 3 module (tested version 2.31.0) > * Existing `status`, `server`, `ca`, `cert` options in [server.conf](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/#options) | PARAMETERS | DESCRIPTION | DEFAULT | |--------------|------------------------|---------------| |**[-s, --server_conf]**|path to OpenVPN server configuration file|**REQUIRED**| |**[-f, --filter]**|client names filter by regex|`.*`| |**[-g, --geo]**|check client real ip geo location (may be slow)|`None`| Example usage with Zabbix agent: ```bash # add options to openvpn server config file sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF' status /var/log/openvpn/openvpn-status.log status-version 2 server 10.0.0.0 255.0.0.0 ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/server.crt EOF sudo systemctl restart openvpn@server ``` ```bash # install dependencies sudo pip install cryptography requests # download sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn_status.py -O /etc/openvpn/server/ovpn_status.py sudo chmod +x /etc/openvpn/server/ovpn_status.py ``` ```bash # edit sudoers sudo sh -c "echo ' zabbix ALL=(ALL) NOPASSWD:/etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf ' > /etc/sudoers.d/zabbix_agentd" # check permission sudo -u zabbix sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf ``` ```bash # add UserParameter to Zabbix agent sudo sh -c "echo ' Timeout=30 AllowRoot=0 UserParameter=discovery.ovpn, sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf ' >> /etc/zabbix/zabbix_agentd.conf" sudo systemctl restart zabbix-agent ``` Download [OpenVPN_by_Zabbix_agent.yaml](https://git.hmp.today/pavel.muhortov/zabbix/raw/branch/master/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml) template Zabbix Server -> Configuration -> Templates -> Import template ____ ## `ovpn-client-management`.sh **Description:** > Creating or deleting client config for openvpn and sending config and info to email/telegram. **Dependencies:** > > * privileged rights > * chpasswd > * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * tar > * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) | POSITION | PARAMETERS | DESCRIPTION | DEFAULT | |-----------|--------------|------------------------|---------------| | 1 |**add\|del**|add or delete client config|**REQUIRED**| | 2 |**\**|client username|**REQUIRED**| | 3 |**\**|client password|**REQUIRED**| | 4 |**\**|client description|| | 5 |**[-f]**,**[--force]**|service will restart after username delete|| Example usage: ```bash # download sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh ``` ```bash # edit ovpn-client-management.conf sudo tee /etc/openvpn/server/ovpn-client-management.conf > /dev/null <<'EOF' # mail configuration from=user@host.zone pass=password dest=user@host.zone smtp=smtp.host.zone port=587 # telegram configuration API_KEY=YOURAPIKEY CHAT_ID=-100123456789 THRD_ID=123 EOF ``` ```bash # create link ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn ``` ```bash # create client sudo ./ovpn add username password ``` ```bash # delete client (and restart service for applying changes) sudo ./ovpn del username -f ``` ```bash # check journal tail -f /var/log/openvpn/ovpn.log ```