pavel.muhortov/openvpn-management
1
0
Fork 0
generated from pavel.muhortov/template-bash
Code Issues Pull Requests Projects Releases Wiki Activity
d2554011ce
openvpn-management/README.md
Pavel Muhortov d2554011ce moved from utils
2023-05-01 16:55:45 +03:00

143 lines
5.3 KiB
Markdown
Raw Blame History

# openvpn-management
OpenVPN management and monitoring utils.
* [`ovpn-cert-expiration`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-cert-expiration-sh)
* [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-client-management-sh)
* [`ovpn-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-connect-handling-sh)
____
## `ovpn-cert-expiration`.sh
**Description:**
> Checking openvpn server certificates expiration and preparing stats for monitoring.
**Dependencies:**
>
> * privileged rights
> * [openssl](https://www.openssl.org/) (tested version 1.1.1k on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|-----------|--------------|------------------------|---------------|
| 1 |**[qn]**|execution without pauses||
| 2 |**[/path/to/conf]**|openvpn server config file path|/etc/openvpn/server/server.conf|
Example usage:
```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-cert-expiration.sh -O /etc/openvpn/server/ovpn-cert-expiration.sh
sudo chmod +x /etc/openvpn/server/ovpn-cert-expiration.sh
```
```bash
# sudo crontab -e
0 * * * * bash /etc/openvpn/server/ovpn-cert-expiration.sh qn
```
```bash
# check stats
watch cat /var/log/openvpn/ovpn-cert-expiration.log
```
____
## `ovpn-client-management`.sh
**Description:**
> Creating or deleting client config for openvpn and sending config and info to email.
**Dependencies:**
>
> * privileged rights
> * chpasswd
> * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * tar
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|-----------|--------------|------------------------|---------------|
| 1 |**add\|del**|add or delete client config|**REQUIRED**|
| 2 |**\<username\>**|client username|**REQUIRED**|
| 3 |**\<password\>**|client password||
| 4 |**[-f]**,**[--force]**|service will restart after username delete||
Example usage:
```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh
sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh
```
```bash
# create link
ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn
```
```bash
# create client
sudo ./ovpn add username password
```
```bash
# delete client (and restart service for applying changes)
sudo ./ovpn del username -f
```
```bash
# check journal
tail -f /var/log/openvpn/ovpn.log
```
____
## `ovpn-connect-handling`.sh
**Description:**
> Handling client connection and preparing stats for monitoring.
**Dependencies:**
>
> * executing by [openvpn](https://openvpn.net/) server (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [jq](https://github.com/stedolan/jq) (tested version 1.6 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [grepcidr](https://github.com/ryantig/grepcidr) (tested version 2.0 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)
> * [bash](https://www.gnu.org/software/bash/) (tested versions: 5.1.4 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/), 5.0.17 on [Ubuntu 20](https://wiki.ubuntu.com/FocalFossa/ReleaseNotes), 4.2.46 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|-----------|--------------|------------------------|---------------|
| 1 |**inc\|dec**|increment or decrement counter|**REQUIRED**|
| 2 |**</path/to/dir>**|root path for counter, names, log|**REQUIRED**|
| 3 |**[mail]**|send email notification||
| 4 |**[geo]**|check client address geolocation||
Example usage:
```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-connect-handling.sh -O /etc/openvpn/server/ovpn-connect-handling.sh
sudo chmod +x /etc/openvpn/server/ovpn-connect-handling.sh
```
```bash
# add options to openvpn server config file
sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF'
script-security 2
client-connect "/etc/openvpn/server/ovpn-connect-handling.sh inc /var/log/openvpn mail geo"
client-disconnect "/etc/openvpn/server/ovpn-connect-handling.sh dec /var/log/openvpn - -"
EOF
sudo systemctl restart openvpn@server
```
```bash
# check counter and names
watch cat /var/log/openvpn/openvpn-counts.log
# check journal
tail -f /var/log/openvpn/ovpn-connect-handling.log
```
Reference in New Issue View Git Blame Copy Permalink