-
Notifications
You must be signed in to change notification settings - Fork 5
/
README.TXT
162 lines (110 loc) · 6.33 KB
/
README.TXT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
OpenVPN Web GUI
This project is a port of the project at http://openvpn-web-gui.sourceforge.net.
This project is a Web interface to openvpn server. It shows the status
of VPN connections, and openvpn / openssl configuration. Plus, it provides
client certificate management. Project is being written completely on
PHP 5 with openssl and Smarty.
OVERVIEW
The current version supports only the following function:
a) view status of openvpn server. The status is being refreshed every
60 seconds. If that is not happening, than openvpn server is not running.
b) view the list of connected peers. Peers are treated as users there, so
we suggest that a peer's information has a name, e-mail and stuff.
c) view the basic configuration options of openvpn package.
d) view the list of all generated openssl certificates. That is the
different part of a project and it works in cooperation with openssl.
e) from there it is possible to generate new certificate along with a
private key and certificate request file. That part is still under
construction.
The idea behind that project is to provide a handy tool to systems /
security / account administrator to maintain the openvpn server. There will
be some kind of authorization and authentication, allowin one group of
persons to see the statuses only while other group to make changes.
INSTALLATION
Clone the repository in /srv/www/htdocs/ like this:
cd /srv/www/htdocs
git clone git@github.com:cyberorg/openvpn-web-gui.git
cd openvpn-web-gui
chmod 777 templates_c
Make changes to config.inc as per your requirement. Point your browser to
http://localhost/openvpn-web-gui/
Default config.inc assumes that the openvpn configuration can be found here:
/etc/openvpn/server.conf
Easy-rsa bits here:
/etc/openvpn/easy-rsa/2.0/
Use OpenVPN's easy-rsa scripts to get started. If you have an existing OpenVPN
installation using easy-rsa, things will work fine as long as the crt/crs/key
files use the Common Name. The original project this one is ported from did NOT
do this, and this was the main reason for the port.
You need to touch the password.db file referenced in config.inc in order to store
passwords in the database. Also, you need to look for $ENV:: entries in OpenVPN's
openssl.cnf file. Replace them with the actual values from the vars script in the
easy-rsa directory.
Next, there is a config.inc, which points to several directories and files,
needed for a project. They are:
$config['Company_Name'] = 'Lake of Ontario';
(I hope that this example is not trade marked or registered :)
Use a name of your company of whatever represents your site.
$config['openvpn']['folder'] = '/usr/local/etc/openvpn/server/';
The folder with configuration of your openvpn server. Used to reach the
configuration file (see next one) and the status file.
$config['openvpn']['config'] = $config['openvpn']['folder'] .'openvpn.conf';
Here is it, the name of your openvpn server's configuration file. Later I
will made it possible to configure several servers (through several
configuation files)
$config['openssl']['folder'] = '/usr/local/etc/openvpn/keys/';
The name of directory where the keys are stored. Actually, not always keys,
but the root of them, where serial and database files are kept.
$config['openssl']['serial'] = $config['openssl']['folder'] .'serial';
The name of the serial file. Should be equival to one of openssl.cnf
$config['openssl']['database'] = $config['openssl']['folder'] .'database.txt';
The name of the database. Should be equival to one of openssl.cnf. You know
what? I'll eliminate those two later by introducing the name of openssl.cnf
file :)
$config['openssl']['default']['...']
Change new certificate defaults to what best suites you.
And, finally, the security information.
First, because the project HAS to read openssl and openvpn configuration,
give the www group (or what is your apache group) read right to:
openssl.cnf
$config['openvpn']['config']
$config['openssl']['folder']
$config['openvpn']['status']
The following files/dirs require rw access:
$config['openssl']['serial']
$config['openssl']['database']
$config['openssl']['folder']
If you know how to make it more secure, let me know :)
PLUG-INS SUPPORT
The plug-ins should be placed into the subfolder of plugins folder. The
registration of each plug-in is being done from the project's config.inc file.
Plug-ins's config.inc declares the following files, of which the plug-in consists:
$config['Plugins']['pluginname']['Action']['Name'] = 'What goes into <A> in the top menu';
$config['Plugins']['pluginname']['Action']['Include'] = 'The main PHP file of the plug-in';
$config['Plugins']['pluginname']['Top Menu']['Label'] = 'What is the text part of <A> in the top menu';
$config['Plugins']['pluginname']['Top Menu']['Tooltip'] = 'What is the tooltip for this <A>';
$config['Plugins']['pluginname']['Top Menu']['Suffix'] = 'What is an optional suffix, adding into <A> after ?Action=$ActionName';
$config['Plugins']['pluginname']['Left']['Menu'] = 'The Smarty template for the left menu';
$config['Plugins']['pluginname']['Left']['Status'] = 'The Smarty template for the status window';
Review the supplied example of the simple system check plug-in, it will tell
you the rest of how is the plug-in plugs in :)
Oh, just remembered. the main config.inc allows you to supply your own 16x16
logo. Also you will need enter the real physical path to the plugins folder there.
And the last thing: Because of the Smarty design, there might be some caveats
in using extra templates in your plug-in. I had to change all action-*.tpl into
the file being included into page.tpl. An example in action.inc file of the
sample plug-in, shows how to use that page.tpl, if you want to keep the project's
decoration.
The final thing, just saw in my notes: If you are to get more variables from GET,
obtain them from your action.inc file, as far as include all your includes into there.
DO NOT modify the project's index.php file.
Ok. now I believe I've told you the all about the current version of a project.
HISTORY
01/22/2013 - 0.0.2
Fixed issues with spaces in Common Name
Fixed typo with the word 'e-mail' in the GUI
Fixed issues attaching the ta.key file
Fixed spacing issue when writing passwords to the database
08/11/2010 - 0.0.1
Initial check in to git. Completely functional on development box. Testing hasn't been
done on a clean install.