generated from pavel.muhortov/template-bash
5.3 KiB
5.3 KiB
openvpn-management
OpenVPN management and monitoring utils.
ovpn-cert-expiration.sh
Description:
Checking openvpn server certificates expiration and preparing stats for monitoring.
Dependencies:
- privileged rights
- openssl (tested version 1.1.1k on Debian GNU/Linux 11)
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|---|---|---|---|
| 1 | [qn] | execution without pauses | |
| 2 | [/path/to/conf] | openvpn server config file path | /etc/openvpn/server/server.conf |
Example usage:
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-cert-expiration.sh -O /etc/openvpn/server/ovpn-cert-expiration.sh
sudo chmod +x /etc/openvpn/server/ovpn-cert-expiration.sh
# sudo crontab -e
0 * * * * bash /etc/openvpn/server/ovpn-cert-expiration.sh qn
# check stats
watch cat /var/log/openvpn/ovpn-cert-expiration.log
ovpn-client-management.sh
Description:
Creating or deleting client config for openvpn and sending config and info to email.
Dependencies:
- privileged rights
- chpasswd
- openvpn (tested version 2.5.1 on Debian GNU/Linux 11)
- easy-rsa (tested version 3.0.8 on Debian GNU/Linux 11)
- tar
- Python 3 (tested version 3.9.5 on Debian GNU/Linux 11)
- existing /usr/local/bin/sendmail.py
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|---|---|---|---|
| 1 | add|del | add or delete client config | REQUIRED |
| 2 | <username> | client username | REQUIRED |
| 3 | <password> | client password | |
| 4 | [-f],[--force] | service will restart after username delete |
Example usage:
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh
sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh
# create link
ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn
# create client
sudo ./ovpn add username password
# delete client (and restart service for applying changes)
sudo ./ovpn del username -f
# check journal
tail -f /var/log/openvpn/ovpn.log
ovpn-connect-handling.sh
Description:
Handling client connection and preparing stats for monitoring.
Dependencies:
- executing by openvpn server (tested version 2.5.1 on Debian GNU/Linux 11)
- jq (tested version 1.6 on Debian GNU/Linux 11)
- grepcidr (tested version 2.0 on Debian GNU/Linux 11)
- Python 3 (tested version 3.9.5 on Debian GNU/Linux 11)
- existing /usr/local/bin/sendmail.py
- bash (tested versions: 5.1.4 on Debian GNU/Linux 11, 5.0.17 on Ubuntu 20, 4.2.46 on CentOS 7)
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|---|---|---|---|
| 1 | inc|dec | increment or decrement counter | REQUIRED |
| 2 | </path/to/dir> | root path for counter, names, log | REQUIRED |
| 3 | [mail] | send email notification | |
| 4 | [geo] | check client address geolocation |
Example usage:
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-connect-handling.sh -O /etc/openvpn/server/ovpn-connect-handling.sh
sudo chmod +x /etc/openvpn/server/ovpn-connect-handling.sh
# add options to openvpn server config file
sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF'
script-security 2
client-connect "/etc/openvpn/server/ovpn-connect-handling.sh inc /var/log/openvpn mail geo"
client-disconnect "/etc/openvpn/server/ovpn-connect-handling.sh dec /var/log/openvpn - -"
EOF
sudo systemctl restart openvpn@server
# check counter and names
watch cat /var/log/openvpn/openvpn-counts.log
# check journal
tail -f /var/log/openvpn/ovpn-connect-handling.log