DevOps as a Service from Flant Dedicated 24x7x365 support Discover the benefits
22 October 2021
Ilya Sosnovsky, software engineer

ovpn-admin 1.7 is released with more features & enhancements

ovpn-admin is a simple web interface for managing OpenVPN users’ certificates and routes. This tool was originally developed for internal Flant projects. However, this spring, we decided it could be beneficial for a wider community and made it Open Source by posting on GitHub.

You can use ovpn-admin to generate certificates for new users, revoke and reissue certificates, expose metrics to Prometheus, etc. It is written in Go and is licensed under the Apache 2.0 license. You can learn more about the ovpn-admin features in its initial announcement.

List of users and valid actions in ovpn-admin

New features

ovpn-admin got a pack of improvements that were accumulated in version 1.7.0. Its development continued leading to several more releases with new features since then, so the latest version is v1.7.4 at the time of writing.

Here are the most prominent features implemented in ovpn-admin 1.7.x:

  • specifying a custom path to CCD templates (via the --templates.ccd-path option) and a user configuration file (--templates.clientconfig-path);
  • automatically defining the remote parameter (in the client.conf.tpl template) when ovpn-admin is behind a load balancer in Kubernetes (the --ovpn.server.behindLB option enables it, ovpn.service specifies the name of the Service having the LoadBalancer type in K8s);
  • specifying the network for the OpenVPN server via environment variables (OVPN_SERVER_NET and OVPN_SERVER_MASK variables for OpenVPN, OVPN_SERVER_NETWORK variable for ovpn-admin);
  • configuring other ovpn-admin parameters via env vars.

The following bugs were fixed:

  • failing the first execution of the iptables -D command (particularly, it caused ovpn-admin to crash when trying to run in a Docker container on Ubuntu Server 20.04);
  • disconnecting a user when a certificate is revoked;
  • displaying the wrong username in pop-up notifications;
  • non-unique custom user address in CCD (now ovpn-admin checks if it is unique).

In addition, the newly built ovpn-admin binaries are now automatically published via GitHub Actions for Linux systems based on amd64, i386, arm, and arm64 architectures.

A few sidenotes

The community members contributed to many of the features mentioned above — many thanks for their efforts!

We didn’t plan to develop ovpn-admin actively. However, this tool turned out to be useful and quite popular. The project currently boasts 300+ stars on GitHub, and the community is actively involved in its development. As always, we look forward to new users and features. Hint: GitHub stars are also much appreciated!