OpenVPN config generator: Difference between revisions
No edit summary |
No edit summary |
||
Line 2: | Line 2: | ||
[https://github.com/koss822/misc/tree/master/Linux/Projects/openvpn/conf_generator GitHub Project] | [https://github.com/koss822/misc/tree/master/Linux/Projects/openvpn/conf_generator GitHub Project] | ||
== About project == | |||
This config generator is type of a tool I was always looking for. Actually you do not have to type some command to generate every simple config and you have all clients configurations in one config file - YAML. Every time you run a config generator it looks to YAML for a new config entries and generates only them. It automatically generates all certificates, not just client, but also CA authority, server keys, etc. | |||
The big advantage of my config generator is that it uses static IP addresses to assign to every point with network topology. What does it mean? Every device connected to VPN is able to communicate with every other device connected to VPN using its static IP address. That does mean that you can build your own private VPN LAN where all your devices are able to communicate together. | |||
Because of problems with interruption of malfunctioning OpenVPN clients I have also written a few scripts to automatically check and restart OpenVPN clients when it is not working. | |||
== Installation == | |||
1. Copy files to ''/etc/openvpn'' | |||
2. Start OpenVPN service for each configuration file and enable it | |||
== Directory structure == | == Directory structure == |
Latest revision as of 14:34, 19 March 2019
Simple configuration generator for OpenVPN which supports static IPs, udp/tcp
About project
This config generator is type of a tool I was always looking for. Actually you do not have to type some command to generate every simple config and you have all clients configurations in one config file - YAML. Every time you run a config generator it looks to YAML for a new config entries and generates only them. It automatically generates all certificates, not just client, but also CA authority, server keys, etc.
The big advantage of my config generator is that it uses static IP addresses to assign to every point with network topology. What does it mean? Every device connected to VPN is able to communicate with every other device connected to VPN using its static IP address. That does mean that you can build your own private VPN LAN where all your devices are able to communicate together.
Because of problems with interruption of malfunctioning OpenVPN clients I have also written a few scripts to automatically check and restart OpenVPN clients when it is not working.
Installation
1. Copy files to /etc/openvpn 2. Start OpenVPN service for each configuration file and enable it
Directory structure
├── clients
│ ├── client1
│ │ ├── client1.client.conf
│ │ └── keys
│ │ ├── ca.crt
│ │ ├── client1.crt
│ │ ├── client1.csr
│ │ └── client1.key
│ └── client2
│ ├── client2.client.conf
│ └── keys
│ ├── ca.crt
│ ├── client2.crt
│ ├── client2.csr
│ └── client2.key
├── genkey.py
├── server
│ ├── ccd
│ │ ├── client1
│ │ └── client2
│ ├── keys
│ │ ├── ca.crt
│ │ ├── ca.key
│ │ ├── dh2048.pem
│ │ ├── server.crt
│ │ ├── server.csr
│ │ └── server.key
│ └── server.conf
Config syntax
---
server:
fqdn: 'openvpn.server.com'
port: '443'
proto: 'udp'
topology: '192.168.10.0 255.255.255.0'
clients:
- name: client1
ip: 192.168.10.10
subnet: 255.255.255.0
- name: client2
ip: 192.168.10.20
subnet: 255.255.255.0
Usage
To generate keys and openvpn configs, just edit config file vpn.yml and run python script genkey.py which will generates all neccesary files. It does not overwrite existing configuration so when you add a new client previous client keys will stay untouched.