openvpn-management/README.md

124 lines
4.2 KiB
Markdown

# openvpn-management
OpenVPN management and monitoring utils.
* [`ovpn_status`.py](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn_status-py)
* [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-client-management-sh)
____
## `ovpn_status`.py
**Description:**
> OpenVPN server status parser.
**Dependencies:**
>
> * privileged rights
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [cryptography](https://cryptography.io/) Python 3 module (tested version 41.0.1)
> * [requests](https://requests.readthedocs.io/) Python 3 module (tested version 2.31.0)
> * Existing `status`, `server`, `ca`, `cert` options in [server.conf](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/#options)
| PARAMETERS | DESCRIPTION | DEFAULT |
|--------------|------------------------|---------------|
|**[-s, --server_conf]**|path to OpenVPN server configuration file|**REQUIRED**|
|**[-f, --filter]**|client names filter by regex|`.*`|
|**[-g, --geo]**|check client real ip geo location (may be slow)|`None`|
Example usage with Zabbix agent:
```bash
# add options to openvpn server config file
sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF'
status /var/log/openvpn/openvpn-status.log
status-version 2
server 10.0.0.0 255.0.0.0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
EOF
sudo systemctl restart openvpn@server
```
```bash
# install dependencies
sudo pip install cryptography requests
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn_status.py -O /etc/openvpn/server/ovpn_status.py
sudo chmod +x /etc/openvpn/server/ovpn_status.py
```
```bash
# edit sudoers
sudo sh -c "echo '
zabbix ALL=(ALL) NOPASSWD:/etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
' > /etc/sudoers.d/zabbix_agentd"
# check permission
sudo -u zabbix sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
```
```bash
# add UserParameter to Zabbix agent
sudo sh -c "echo '
Timeout=30
AllowRoot=0
UserParameter=discovery.ovpn, sudo /etc/openvpn/server/ovpn_status.py -s /etc/openvpn/server/server.conf
' >> /etc/zabbix/zabbix_agentd.conf"
sudo systemctl restart zabbix-agent
```
Download [OpenVPN_by_Zabbix_agent.yaml](https://git.hmp.today/pavel.muhortov/zabbix/raw/branch/master/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml) template
Zabbix Server -> Configuration -> Templates -> Import template
____
## `ovpn-client-management`.sh
**Description:**
> Creating or deleting client config for openvpn and sending config and info to email.
**Dependencies:**
>
> * privileged rights
> * chpasswd
> * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * tar
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|-----------|--------------|------------------------|---------------|
| 1 |**add\|del**|add or delete client config|**REQUIRED**|
| 2 |**\<username\>**|client username|**REQUIRED**|
| 3 |**\<password\>**|client password||
| 4 |**[-f]**,**[--force]**|service will restart after username delete||
Example usage:
```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh
sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh
```
```bash
# create link
ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn
```
```bash
# create client
sudo ./ovpn add username password
```
```bash
# delete client (and restart service for applying changes)
sudo ./ovpn del username -f
```
```bash
# check journal
tail -f /var/log/openvpn/ovpn.log
```