generated from pavel.muhortov/template-bash
141 lines
4.6 KiB
Markdown
141 lines
4.6 KiB
Markdown
# openvpn-management
|
|
|
|
OpenVPN management and monitoring utils.
|
|
|
|
* [`ovpn_status`.py](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn_status-py)
|
|
* [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-client-management-sh)
|
|
|
|
____
|
|
|
|
## `ovpn_status`.py
|
|
|
|
**Description:**
|
|
> OpenVPN server status parser.
|
|
|
|
**Dependencies:**
|
|
>
|
|
> * privileged rights
|
|
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
|
|
> * [cryptography](https://cryptography.io/) Python 3 module (tested version 41.0.1)
|
|
> * [requests](https://requests.readthedocs.io/) Python 3 module (tested version 2.31.0)
|
|
> * Existing `status`, `server`, `ca`, `cert` options in [server.conf](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/#options)
|
|
|
|
| PARAMETERS | DESCRIPTION | DEFAULT |
|
|
|--------------|------------------------|---------------|
|
|
|**[-s, --server_conf]**|path to OpenVPN server configuration file|**REQUIRED**|
|
|
|**[-f, --filter]**|client names filter by regex|`.*`|
|
|
|**[-g, --geo]**|check client real ip geo location (may be slow)|`None`|
|
|
|
|
Example usage with Zabbix agent:
|
|
|
|
```bash
|
|
# add options to openvpn server config file
|
|
sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF'
|
|
status /var/log/openvpn/openvpn-status.log
|
|
status-version 2
|
|
server 10.0.0.0 255.0.0.0
|
|
ca /etc/openvpn/easy-rsa/pki/ca.crt
|
|
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
|
|
EOF
|
|
sudo systemctl restart openvpn@server
|
|
```
|
|
|
|
```bash
|
|
# install dependencies
|
|
sudo pip install cryptography requests
|
|
# download
|
|
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn_status.py -O /etc/openvpn/server/ovpn_status.py
|
|
sudo chmod +x /etc/openvpn/server/ovpn_status.py
|
|
```
|
|
|
|
```bash
|
|
# edit sudoers
|
|
sudo sh -c "echo '
|
|
zabbix ALL=(ALL) NOPASSWD:/etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
|
|
' > /etc/sudoers.d/zabbix_agentd"
|
|
# check permission
|
|
sudo -u zabbix sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
|
|
```
|
|
|
|
```bash
|
|
# add UserParameter to Zabbix agent
|
|
sudo sh -c "echo '
|
|
Timeout=30
|
|
AllowRoot=0
|
|
UserParameter=discovery.ovpn, sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
|
|
' >> /etc/zabbix/zabbix_agentd.conf"
|
|
sudo systemctl restart zabbix-agent
|
|
```
|
|
|
|
Download [OpenVPN_by_Zabbix_agent.yaml](https://git.hmp.today/pavel.muhortov/zabbix/raw/branch/master/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml) template
|
|
Zabbix Server -> Configuration -> Templates -> Import template
|
|
|
|
____
|
|
|
|
## `ovpn-client-management`.sh
|
|
|
|
**Description:**
|
|
> Creating or deleting client config for openvpn and sending config and info to email/telegram.
|
|
|
|
**Dependencies:**
|
|
>
|
|
> * privileged rights
|
|
> * chpasswd
|
|
> * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
|
|
> * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
|
|
> * tar
|
|
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
|
|
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)
|
|
|
|
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|
|
|-----------|--------------|------------------------|---------------|
|
|
| 1 |**add\|del**|add or delete client config|**REQUIRED**|
|
|
| 2 |**\<username\>**|client username|**REQUIRED**|
|
|
| 3 |**\<password\>**|client password|**REQUIRED**|
|
|
| 4 |**\<additional\>**|client description||
|
|
| 5 |**[-f]**,**[--force]**|service will restart after username delete||
|
|
|
|
Example usage:
|
|
|
|
```bash
|
|
# download
|
|
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh
|
|
sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh
|
|
```
|
|
|
|
```bash
|
|
# edit ovpn-client-management.conf
|
|
sudo tee /etc/openvpn/server/ovpn-client-management.conf > /dev/null <<'EOF'
|
|
# sendmail configuration
|
|
from=user@host.zone
|
|
pass=password
|
|
dest=user@host.zone
|
|
smtp=smtp.host.zone
|
|
port=587
|
|
# telegram configuration
|
|
API_KEY=YOURAPIKEY
|
|
CHAT_ID=-100123456789
|
|
THRD_ID=123
|
|
EOF
|
|
```
|
|
|
|
```bash
|
|
# create link
|
|
ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn
|
|
```
|
|
|
|
```bash
|
|
# create client
|
|
sudo ./ovpn add username password
|
|
```
|
|
|
|
```bash
|
|
# delete client (and restart service for applying changes)
|
|
sudo ./ovpn del username -f
|
|
```
|
|
|
|
```bash
|
|
# check journal
|
|
tail -f /var/log/openvpn/ovpn.log
|
|
```
|