Skip to content

mforsetti/upmov

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
common
common
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
upmov.py
upmov.py
 
 
verify-auth.py
verify-auth.py
 
 

Repository files navigation

upmov

About

Username and Password Manager for OpenVPN

A simple SQLite-backed username and password manager and challenge verificator for auth-user-pass OpenVPN.

Requirements

  • Linux/Unix-based server
  • OpenVPN Server with auth-user-pass set
  • Python 3.6+

This script is designed without extra packages required, so a standard Python 3.6+ installation should be able to run this script.

Usage

Username and Password Management

  1. Clone this repository.

    $ git clone https://github.com/miguelforsetti/upmov

  2. Install python3, either from your distro's repository or compiling it manually.

    $ yum install python36

  3. chmod required scripts.

    $ cd upmov
$ chmod a+x upmov.py verify-auth.py

  4. Initialize upmov data directory

    $ ./upmov.py initialize

    Note: if you encounter this error:

    Cannot create data directory for upmov.py

    create upmov data directory on your own and assign permissions to it, then re-initialize upmov data directory again.

    $ mkdir -p /var/lib/upmov
$ chown $USER /var/lib/upmov
$ chmod 755 /var/lib/upmov
$ ./upmov.py initialize

  5. Start adding your users

    $ ./upmov.py register --user user1
$ ./upmov.py register --user user2

  6. To get more information about this script, run it with --help.

    $ ./upmov.py --help

OpenVPN Authentication Script

  1. Enable OpenVPN Password authentication in OpenVPN server configuration.

    # in server.conf

...
auth-user-pass-verify /path/to/upmov/verify-auth.py via-file
script-security 2
username-as-common-name
# note that client-cert-not-required is deprecated in OpenVPN 2.4 and will be removed in 2.5
client-cert-not-required
verify-client-cert none
...

    /path/to/upmov/verify-auth.py obviously points to the location of verify-auth.py in upmov directory.

  2. Make sure you already have registered users in your upmov database.

  3. Restart your OpenVPN server.

    $ sudo systemctl openvpn-server@server.service restart

  4. Try to login from your client with username and password.

Caveats

  1. This script uses SQLite as database backend, therefore it'll suffer some problems with scalability and maybe performance.
  2. If you're using user and group options, make sure user and group option values had sufficient permissions to access both data directory (default /var/lib/upmov, see common.DATA_DIR) and data file (default /var/lib/upmov/auth.db, see common.DB_FILE)
  3. Always check if your distro already has user dedicated to run OpenVPN services. Previous caveat point also applies here.

License

upmov is licensed under the terms of the Apache license version 2.0. Full text of the license can be read under LICENSE file in project root directory.

Copyrights and Trademarks

All trademarks, copyrights, product names and logos mentioned are property of their respective owners. All rights reserved.

Footnotes

  1. OpenVPN - Using Alternative Authentication Methods
  2. OpenVPN - Reference manual for OpenVPN 2.4 see auth-user-pass, auth-user-pass-verify, username-as-common-name, client-cert-not-required, and verify-client-cert

About

Username and Password Manager for OpenVPN

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages