Introducing ovpn-admin — a web interface to manage OpenVPN users
Operating a diverse infrastructure for many customers, we realised a need for a convenient tool to manage OpenVPN certificates and users a long time ago. In a nutshell, we wanted to have a simple web interface instead of going through servers/containers and running all these CLI commands. Since the existing solutions that meet our requirements (including Pritunl and OpenVPN AS) are commercial, we have created (and been using for a couple of years as for now) our own web interface.
Recently, we rewrote it from Python to Go and revamped its UI*, which prompted us to share this project with a wider community. So please welcome the ovpn-admin!
Interface and features
Ovpn-admin is an Open Source project that implements a web interface for managing OpenVPN. Currently, it supports Linux only and can:
- add users (generate user certificates);
- revoke/reissue user certificates;
- generate a ready-to-use config file;
- provide Prometheus metrics: certificate expiration date, number of users (total/connected), information about connected users;
- (optionally) set the CCD (client-config-dir) for each user;
- (optionally) run in the master/slave mode (sync certificates and CCDs with another server);
- (optionally) set/change the password for additional authorization in OpenVPN.
Here is how the ovpn-admin interface looks like:
How to give it a try
You can install ovpn-admin in your system or run it in a Docker container. The detailed instruction is available in the project’s README.
What improvements do we expect the most? Here is our current to-do list:
- add the additional authorization via one-time passwords (OTP);
- add a Helm chart as an install option;
- add user groups;
- avoid external executing of the
easyrsatool to generate certificates;
- avoid using bash.