generated from pavel.muhortov/template-bash
4.8 KiB
4.8 KiB
openvpn-management
OpenVPN management and monitoring utils.
ovpn_status.py
Description:
OpenVPN server status parser.
Dependencies:
- privileged rights
- Python 3 (tested version 3.9.5 on Debian GNU/Linux 11)
- cryptography Python 3 module (tested version 41.0.1)
- requests Python 3 module (tested version 2.31.0)
- Existing
status,server,ca,certoptions in server.conf
| PARAMETERS | DESCRIPTION | DEFAULT |
|---|---|---|
| [-s, --server_conf] | path to OpenVPN server configuration file | REQUIRED |
| [-f, --filter] | client names filter by regex | .* |
| [-g, --geo] | check client real ip geo location (may be slow) | None |
Example usage with Zabbix agent:
# add options to openvpn server config file
sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF'
status /var/log/openvpn/openvpn-status.log
status-version 2
server 10.0.0.0 255.0.0.0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
EOF
sudo systemctl restart openvpn@server
# install dependencies
sudo pip install cryptography requests
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn_status.py -O /etc/openvpn/server/ovpn_status.py
sudo chmod +x /etc/openvpn/server/ovpn_status.py
# edit sudoers
sudo sh -c "echo '
zabbix ALL=(ALL) NOPASSWD:/etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
' > /etc/sudoers.d/zabbix_agentd"
# check permission
sudo -u zabbix sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
# add UserParameter to Zabbix agent
sudo sh -c "echo '
Timeout=30
AllowRoot=0
UserParameter=discovery.ovpn, sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
' >> /etc/zabbix/zabbix_agentd.conf"
sudo systemctl restart zabbix-agent
Download OpenVPN_by_Zabbix_agent.yaml template
Zabbix Server -> Configuration -> Templates -> Import template
ovpn-client-management.sh
Description:
Creating or deleting client config for openvpn and sending config and info to email/telegram.
Dependencies:
- privileged rights
- chpasswd
- openvpn (tested version 2.5.1 on Debian GNU/Linux 11)
- easy-rsa (tested version 3.0.8 on Debian GNU/Linux 11)
- tar
- Python 3 (tested version 3.9.5 on Debian GNU/Linux 11)
- existing /usr/local/bin/sendmail.py
- curl (tested version 7.74.0 on Debian GNU/Linux 11)
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|---|---|---|---|
| 1 | add|del | add or delete client config | REQUIRED |
| 2 | <username> | client username | REQUIRED |
| 3 | <password> | client password | REQUIRED |
| 4 | <additional> | client description | |
| 5 | [-f],[--force] | service will restart after username delete |
Example usage:
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh
sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh
# edit ovpn-client-management.conf
sudo tee /etc/openvpn/server/ovpn-client-management.conf > /dev/null <<'EOF'
# sendmail configuration
from=user@host.zone
pass=password
dest=user@host.zone
smtp=smtp.host.zone
port=587
# telegram configuration
API_KEY=YOURAPIKEY
CHAT_ID=-100123456789
THRD_ID=123
EOF
# create link
ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn
# create client
sudo ./ovpn add username password
# delete client (and restart service for applying changes)
sudo ./ovpn del username -f
# check journal
tail -f /var/log/openvpn/ovpn-client-management.log