Skip to content

Latest commit

 

History

History
106 lines (61 loc) · 3.27 KB

README.md

File metadata and controls

106 lines (61 loc) · 3.27 KB

81online

===================== READY FOR PRODUCTION USE =======================

                 Known bugs have all been fixed
                 It should be ready for production
                 use.

======================================================================

This projects is a front-end user management platform based on OpenVPN.

It right now has the following features:

  1. User

    1.1 Login to view the account status, including information such as total quota, used quota and left quota.

    1.2 Change the password.

    1.3 View the installation instruction.

  2. Admin

    2.1 Login to view all users and admins.

    2.2 Add new users and admins.

    2.3 Delete users and admins.

    2.4 Change admin password.

  3. To Do

    All mysql connections are made by using PHP mysql extension. In future, it is urgent to move to mysqli extension instead to avoid any secruity issues.

    The system is now Chinese version only. Multi-language support is considered to be added later.

    Front-end UI design is being developed.

    Add user with custom attributes.

    To be continued.

  4. INSTALLATION

    You have to install openvpn first on your server. It needs openvpn-auth-pam.so in the openvpn directory. It can be find in the resource directory. For Debian you may use the following command:

      cp /usr/lib/openvpn/openvpn-auth-pam.so /etc/openvpn/
    

    pam-mysql needs to be installed. For Debian, use the following command to install it:

      aptitude install libpam-dev libpam-mysql libmysql++-dev sasl2-bin
    

    Also, you need to config pam-mysql. Add the following TWO lines in to '/etc/pam.d/openvpn'. If it doesn't exist, just create a new file:

      auth optional pam_mysql.so user=openvpn passwd=PASSWORD host=localhost db=openvpn table=user usercolumn=username passwdcolumn=password where=active=1 crypt=2
      account required pam_mysql.so user=openvpn passwd=PASSWORD host=localhost db=openvpn table=user usercolumn=username passwdcolumn=password where=active=1 crypt=2
    

    Remember to change the user, passwd, host and db according your database.

    Run

            saslauthd -a pam
    

    to start sasl authrization service.

    In your server.conf:

      Add   
    
            # user/pass auth from mysql
            plugin ./openvpn-auth-pam.so openvpn
            client-cert-not-required
            username-as-common-name
            
            # record in database
            script-security 2
            client-connect ./connect.sh
            client-disconnect ./disconnect.sh
    

    In your client.conf

      Comment out
    
            cert client.crt
            key client.key
    
      Add
    
            auth-user-pass
    

    If any part of the above code is already in your configuration file, don't just add it, but modify the existing config to above.

    Copy connect.sh and disconnect.sh from Script directory to the directory where OpenVPN is installed. /etc/openvpn for Debian.

    The user runs openvpn process needs to have executing permission on connect.sh and disconnect.sh. You need to change the database connection information in connect.sh and disconnect.sh