/OpenVPN-WebAdmin

Create and manage your virtual private network via web browser and OpenVPN with your private OpenVPN-WebAdmin

Primary LanguagePHPGNU Affero General Public License v3.0AGPL-3.0

OpenVPN WebAdmin 1.4.2

You lock your front door. But why do you leave the back entrances open? This is the same with almost all Internet accesses to your IoT, webcams and other devices.

Create and manage your virtual private network via web browser and OpenVPN. This system is a simple and easy method for your private user manager. The system is suitable for families, shared flats or companies that value free software. If you want to become independent from big cloud providers, if you really care about the security of your data without having to reveal the communication to secret services or data collectors, you will find your way with this system.

GitHub OpenVPN-WebAdmin last commit GitHub OpenVPN-WebAdmin repo size GitHub OpenVPN-WebAdmin commits since latest release OpenVPN-WebAdmin Stable Branch OpenVPN-WebAdmin Development Branch

Twitter Follow Liberapay patrons

Extended documentation

Doku English OpenVPN-WebAdmin Doku Deutsch/German OpenVPN-WebAdmin Doku Französisch/French OpenVPN-WebAdmin Doku Spanisch/Español OpenVPN-WebAdmin

Update Doku OpenVPN-WebAdmin

Webfrontend Übersetzungen vorhanden in

Webfrontend translations available in

Les traductions de Webfrontend sont disponibles en

有译文

Traducción disponible en español (thank you @victorhck )

  • Deutsch, German, en allemand, 德语
  • Englisch, English, Anglais, 英文
  • Französisch, French, en français, 法国人
  • Chinesich (vereinfacht), Chinese (simplified), Chinois (simplifié), 中文(简体)
  • Spanisch, Spanish, Espagnol, 西班牙, Español

Live-Preview

Preview OpenVPN-WebAdmin

Login/Password: admin/admin or user/user

Screenshots

Administrate its OpenVPN with a web interface (logs visualisations, users managing...) with MariaDB.

Previsualisation Login OpenVPN-WebAdmin Previsualisation Administration OpenVPN-WebAdmin Previsualisation Useradministration OpenVPN-WebAdmin

General note

This installation is mainly optimised for a server without further services. In particular, if you already have a MySQL server, you should read the documentation!

Note CentOS 8

Without deactivated firewall the installation will not be completed. Only those who have a clean installation do not need a firewall.

Prerequisite

  • GNU/Linux with Bash and root access
  • Fresh install of OpenVPN
  • Web server (NGinx, Apache...)
  • MariaDB (see note MySQL)
  • PHP >= 7.x with modules:
    • zip
    • mysql
    • json
  • yarn
  • unzip
  • wget
  • sed
  • curl
  • git
  • net-tools (for the includes simple firewall)
  • gnupg

Note MySQL

If you already have a database server, you can also use it and do not need to install it locally. You only need a database and a user name and password.

For a local installation of a MySQL server, you will automatically be asked to enter a root password.

Tested on

  • Debian 10/Buster, PHP 7.3.x, 10.3.22-MariaDB.
  • RaspberryPi 4 with Debian Buster
  • CentOS 8

Feel free to open issues. https://github.com/Wutze/OpenVPN-WebAdmin/issues

Installation

Previsualisation Setup

  • Currently you can choose from the languages German, English, French and Spanish
  • Setup OpenVPN and the web application:
cd /opt/
git clone https://github.com/Wutze/OpenVPN-WebAdmin openvpn-admin
cd openvpn-admin

# You can also use the example configuration Configuration.
# The installation script will automatically adopt it.
cp installation/config.conf.sample installation/config.conf

# Edit your config.conf e.g. with nano
nano installation/config.conf

# start main installation
# Dependencies of the packages are automatically detected and installed.
./install.sh

Note

The message appearing during the installation can simply be completed with Enter.

Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

Setup Webserver

Setup the web server (Apache, NGinx...) to serve the web application. Using the example below.

nano /etc/apache2/sites-enabled/[ your apache config ]

See the example configurations at the end of this page.

Attention

You must reboot the server after installation, otherwise the vpn server will not start correctly and no connection will be established!

The VPN server and especially the administrative web interface should never be directly connected to the Internet. The danger of compromising your own network is simply too great.

For this reason, finally create a port forwarding on your Internet Router to this VPN-Server. Check the documentation of the router manufacturer or search the Internet for instructions.

Update

Change to the original installation folder /opt/openvpn-admin

cd /opt/openvpn-admin
git pull
bash ./update.sh

Follow the instructions

OpenVPN-Clients and Documentation to install

Apple iOS

Android

Windows 10

The full functionality of OpenVPN under Windows 10 can unfortunately only be achieved by running the program under admin rights. This applies in particular to the routing into the VPN network, which does not work without admin rights. Additionally, the client version 3 of OpenVPN is in my opinion not usable to its full extent. For this reason I recommend, especially for people who want to know what they are doing and also want to adjust the configuration, the old version 2. Here is the direct link. https://openvpn.net/downloads/openvpn-connect-v2-windows.msi

all

Looks at the configuration of the VPN app. If necessary, adjust the address of your gateway to the VPN server. Most routers can handle a free Dyn-DNS, so you only have to give the name, no IP address.

Apache Example

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        DocumentRoot /srv/www/openvpn-admin

        # change Logfile Path or comment out in CentOS8
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

AccessFileName .htaccess
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

<Directory /srv/www/openvpn-admin/>
        Options Indexes FollowSymLinks
        AllowOverride all
        Require all granted
</Directory>

</VirtualHost>

You can use SSL with your Apache (Example)

You can also use the server keys for the OpenVPN server to secure your website via HTTPS. The configuration for the web server will look like this. Enable ssl with "a2enmod ssl"

You can see with https:// [ website ] /

<VirtualHost *:443>

        ServerAdmin webmaster@localhost
        DocumentRoot /srv/www/openvpn-admin

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

AccessFileName .htaccess
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

<Directory /srv/www/openvpn-admin/>
        Options Indexes FollowSymLinks
        AllowOverride all
        Require all granted
</Directory>

        SSLEngine On
        SSLProtocol all -SSLv2 -SSLv3
        SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        SSLCertificateFile /etc/openvpn/server.crt
        SSLCertificateKeyFile /etc/openvpn/server.key

</VirtualHost>

Special Thanks to external Coders

Hardware-Preview

Previsualisation Preview OpenVPN-WebAdmin-Server