OpenVPN Client configuration (0.9.2)

[TheAlbanian]

hello i want from template 2 extra setting in .opvn file. askpass UserAuth.file log /etc/openvpn/openvpn.log

here no option add extra settings

directly from /root/openvpn/config/client.conf dont load the config.

also from panel config no load extra config

[d3vilh]

Hi @TheAlbanian, Thanks for reporting this issue. In the next release I'll fix template issue and add 3 more custom fields to use with the template. At the moment, as crappy workaround you can manually take certificates from ./openvpn-server/clients there are *.ovpn files which been created during certificates generation, during this process OpenVPN-UI using config.conf.

[TheAlbanian]

hello @d3vilh i have small issue..

i'm try to add some config

auth-user-pass-verify plugins/checkpsw.sh via-env client-cert-not-required username-as-common-name script-security 3 execve

i get this error..

Options error: --auth-user-pass-verify script fails with 'plugins/checkpsw.sh': No such file or directory (errno=2)
Options error: Please correct this error.
Use --help for more information.

i try change many folders. /root/openvpn/plugins/ also in no root folder..

file exist checkpsw.sh need chmod 0755 chmod +x /root/openvpn/checkpsw.sh

honestly first time

[d3vilh]

i try change many folders.

which openvpn-server docker container do you use?

[TheAlbanian]

i try change many folders.

which openvpn-server docker container do you use?

openvpn-aws

[d3vilh]

i try change many folders.

which openvpn-server docker container do you use?

openvpn-aws

you can put your authentication script in ~/openvpn/ directory of your main OS and add into ~/openvpn/config/server.conf this line: auth-user-pass-verify /opt/app/checkpsw.sh via-env then restart server and it should works fine.

[TheAlbanian]

auth-user-pass-verify /opt/app/checkpsw.sh via-env

[d3vilh]

OK, I see 2 ways to fix this:

Easy way

Put file in the /root/openvpn/config/checkpsw.sh and update server.conf with this line: auth-user-pass-verify /etc/openvpn/config/checkpsw.sh via-env

The most correct way

update docker-compose volumes configuration with your script (last line in config below):

~/openvpn $ cat docker-compose.yml
---
version: "3.5"

services:
    openvpn:
       container_name: openvpn
       build: ./openvpn-docker
       privileged: true
       ports:
          - "1194:1194/udp"
       environment:
           TRUST_SUB: 10.0.70.0/24
           GUEST_SUB: 10.0.71.0/24
           HOME_SUB: 192.168.0.0/24
       volumes:
           - ./pki:/etc/openvpn/pki
           - ./clients:/etc/openvpn/clients
           - ./config:/etc/openvpn/config
           - ./staticclients:/etc/openvpn/staticclients
           - ./log:/var/log/openvpn
           - ./fw-rules.sh:/opt/app/fw-rules.sh
           - ./checkpsw.sh:/opt/app/checkpsw.sh

and keep auth-user-pass-verify /opt/app/checkpsw.sh via-env in server.conf.

You have to restart container to apply the change:

cd ~openvpn
docker-compose up -d

BTW, I'll add checkpsw.sh dummy file to be passed via volume in next release into /opt/app/checkpsw.sh

[TheAlbanian]

done... i'm sorry bro i dont know in dacker need mount volume points

[BliNeR-KeY]

@d3vilh What do you think to add a. Radius plugin connected in openvpn-ui database? https://github.com/rakasatria/ovpn-radius

[d3vilh]

@d3vilh What do you think to add a. Radius plugin connected in openvpn-ui database? https://github.com/rakasatria/ovpn-radius

I'll include 2FA based on oath-tool in release 0.9.3 which will be out later this week. Radius can be in the roadmap as well.

[BliNeR-KeY]

@d3vilh What do you think to add a. Radius plugin connected in openvpn-ui database? https://github.com/rakasatria/ovpn-radius

I'll include 2FA based on oath-tool in release 0.9.3 which will be out later this week. Radius can be in the roadmap as well.

i have build 0.9.3 i'm try to connect by radius no get success .. from .OVPN i see same Classic Auth...

i think by radius username/ password [-----BEGIN ENCRYPTED PRIVATE KEY----- ] no need be included.

example.... like surfshark

example certs files https://my.surfshark.com/vpn/api/v1/server/configurations

only auth-user-pass ... user/pass

[BliNeR-KeY]

@d3vilh i hope give this. is very Nice.

@d3vilh What do you think to add a. Radius plugin connected in openvpn-ui database? https://github.com/rakasatria/ovpn-radius

I'll include 2FA based on oath-tool in release 0.9.3 which will be out later this week. Radius can be in the roadmap as well.

i have build 0.9.3 i'm try to connect by radius no get success .. from .OVPN i see same Classic Auth...

i think by radius username/ password [-----BEGIN ENCRYPTED PRIVATE KEY----- ] no need be included.

example.... like surfshark

example certs files https://my.surfshark.com/vpn/api/v1/server/configurations

only auth-user-pass ... user/pass

[d3vilh]

yes, I just add MFA in the 0.9.3 for the Radius authentication we need to have Radius server I tested @rakasatira plugin, its cool and be good functionality hike for OpenVPN UI. But this will take even more time, because it demands the Radius server itself and standalone sqlite database. There are lot of options for integration - code plugins functionality and add openvpn-radius as a plugin itself via API or merge it inside of OpenVPN-UI itself (don't like this option), we can have it running in separate container, etc.

I justness to live with it and decide regarding architectural design and all the efforts I can spend on it.

[babyhuey]

I'm also running into issues where when I make changes on the openvpn client page, it doesn't appear to be getting set anywhere. I am trying to comment out the #redirect-gateway def1 and it shows as commented on the "view" and the config page, but when I create a user, it is still uncommented.

Also need a way to change the group from nogroup to nobody

(Do you want me to create a separate issue with these problems?)

[d3vilh]

I'm also running into issues where when I make changes on the openvpn client page, it doesn't appear to be getting set anywhere. I am trying to comment out the #redirect-gateway def1 and it shows as commented on the "view" and the config page, but when I create a user, it is still uncommented.

Also need a way to change the group from nogroup to nobody

(Do you want me to create a separate issue with these problems?)

Thanks for the reporting, I'll focus on testing and bug fix tomorrow, no new issue is necessary.

I drop the client template editing option via the editor in the latest push(you still can view, but read only), as it is contradicts with the design. That is why I'll include all the client config options to be editable with the main template.

[d3vilh]

It is fixed now (in 0.9.4) and you have all Client's template options available for editing.

[babyhuey]

It is fixed now (in 0.9.4) and you have all Client's template options available for editing.

Fixed my issues. Thanks so much!