Skip to content

vitaliy-sn/openvpn-oidc

Repository files navigation

OpenVPN OpenID Connect (OIDC) Auth

Tested with google and Dex.

Consists of two components:

  • auth-server — implements authentication by OpenID Connect (OIDC) provider and outputs information for connecting to the OpenVPN server (username, one-time password and OpenVPN client configuration file).
  • auth-client — checks the username and password received from OpenVPN client.

Environment variables are used to configure auth-server:

  • ISSUER_URL — URL where auth-server can find the OpenID Provider Configuration Document, which should be available in the /.well-known/openid-configuration.
  • DOMAIN — auth-server domain.
  • CLIENT_ID — unique identifier for your registered application.
  • CLIENT_SECRET — is a secret known only to the application and the authentication server.
  • ADDITIONAL_SCOPES — list of additional scopes.
  • OPENVPN_SERVER_HOST — IP or domain for connect to OpenVPN server.
  • OPENVPN_SERVER_PORT — port that listen OpenVPN server.

Example for Google:

ISSUER_URL="https://accounts.google.com"
DOMAIN=openvpn-auth.example.com
CLIENT_ID="0-r.apps.googleusercontent.com"
CLIENT_SECRET="secret"
ADDITIONAL_SCOPES="email"
OPENVPN_SERVER_HOST=openvpn.example.com
OPENVPN_SERVER_PORT=1194

Easy install in kubernetes from Helm chart:

git clone git@github.com:vitaliy-sn/openvpn-oidc.git
cd helm
vim values.yaml
helm install openvpn-oidc .

How to register app in OIDC provider:

  • Google.
  • Dex - you need to create a custom resource oauth2clients.dex.coreos.com in kubernetes cluster.

About

OpenVPN OpenID Connect (OIDC) Auth

Resources

Stars

Watchers

Forks

Packages

No packages published