Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ARMv8 compile and integration with latest openvpn core #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,17 @@
# OpenVPN-web-ui


## Changes

Modifications allowing to:
- use on ARMv8
- bandwidth consumed (didn't work on original code)
- integration with current OpenVPN version (use docker-openvpn repo)
- default pass to different - static in "models/model.go "OhLaVache2020"

Credits for software go to original author - mine is just little port to ARMv8.


## Summary
OpenVPN server web administration interface.

Expand Down
38 changes: 24 additions & 14 deletions build/assets/generate_ca_and_server_certs.sh
Original file line number Diff line number Diff line change
@@ -1,25 +1,35 @@
#!/bin/bash -e
#!/bin/bash -ex

CA_NAME=LocalCA
SERVER_NAME=server
EASY_RSA=/usr/share/easy-rsa
OD=$PWD
export EASYRSA_BATCH="true"

mkdir -p /etc/openvpn/keys
touch /etc/openvpn/keys/index.txt
echo 01 > /etc/openvpn/keys/serial
cp -f /opt/scripts/vars.template /etc/openvpn/keys/vars
dd if=/dev/urandom of=/etc/openvpn/pki/.rnd bs=256 count=1

cd $OVDIR

$EASY_RSA/clean-all
source /etc/openvpn/keys/vars
export KEY_NAME=$CA_NAME
echo "Generating CA cert"
$EASY_RSA/easyrsa init-pki
cp -f /opt/scripts/vars.template $OVDIR/pki/vars
dd if=/dev/urandom of=/etc/openvpn/pki/.rnd bs=256 count=1 > /dev/null 2>&1

$EASY_RSA/easyrsa build-ca nopass

# only temporarily for tests as it takes ages... use existing one

# $EASY_RSA/easyrsa gen-dh

#$EASY_RSA/build-ca
export EASY_RSA="${EASY_RSA:-.}"
#export EASY_RSA="${EASY_RSA:-.}"

$EASY_RSA/pkitool --initca $*
# build server key
echo "Generating server cert $SERVER_FQDN"
export KEY_NAME=$SERVER_FQDN
$EASY_RSA/easyrsa build-server-full $SERVER_FQDN nopass

export KEY_NAME=$SERVER_NAME
$EASY_RSA/easyrsa gen-crl

echo "Generating server cert"
#$EASY_RSA/build-key-server $SERVER_NAME
$EASY_RSA/pkitool --server $SERVER_NAME
echo "Missing is still ta.key"
echo "openvpn --genkey --secret /root/easy-rsa-example/pki/ta.key"
11 changes: 8 additions & 3 deletions build/assets/start.sh
Original file line number Diff line number Diff line change
@@ -1,15 +1,20 @@
#!/bin/bash
#!/bin/bash -x

set -e
OVDIR=/etc/openvpn
export OVDIR=/etc/openvpn

cd /opt/

if [ ! -f $OVDIR/.provisioned ]; then
echo "Preparing certificates"
mkdir -p $OVDIR
mkdir -p $OVDIR/pki
./scripts/generate_ca_and_server_certs.sh
# openssl dhparam -dsaparam -out $OVDIR/dh2048.pem 2048
openssl dhparam -dsaparam -out $OVDIR/dh2048.pem 2048
openssl dhparam -dsaparam -out $OVDIR/dh4096.pem 4096
# touch $OVDIR/dh4096.pem
cd $OVDIR/pki/
ln -s ../dh4096.pem dh.pem
touch $OVDIR/.provisioned
fi
cd /opt/openvpn-gui
Expand Down
142 changes: 68 additions & 74 deletions build/assets/vars.template
Original file line number Diff line number Diff line change
@@ -1,80 +1,74 @@
# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="/usr/share/easy-rsa"
# Easy-RSA 3 parameter settings

# HOW TO USE THIS FILE
#
# This variable should point to
# the requested executables
# vars.example contains built-in examples to Easy-RSA settings. You MUST name
# this file 'vars' if you want it to be used as a configuration file. If you do
# not, it WILL NOT be automatically read when you call easyrsa commands.
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# It is not necessary to use this config file unless you wish to change
# operational defaults. These defaults should be fine for many uses without the
# need to copy and edit the 'vars' file.
#
# All of the editable settings are shown commented and start with the command
# 'set_var' -- this means any set_var command that is uncommented has been
# modified by the user. If you're happy with a default, there is no need to
# define the value to its default.

# A little housekeeping: DON'T EDIT THIS SECTION
#
# Easy-RSA 3.x doesn't source into the environment directly.
# Complain if a user tries to do this:
if [ -z "$EASYRSA_CALLER" ]; then
echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
echo "This is no longer necessary and is disallowed. See the section called" >&2
echo "'How to use this file' near the top comments for more details." >&2
return 1
fi

# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# DO YOUR EDITS BELOW THIS POINT

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="/etc/openvpn/keys"

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"

# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="NY"
export KEY_CITY="New York"
export KEY_ORG="dummy"
export KEY_EMAIL="[email protected]"
export KEY_OU="IT"

# X509 Subject Field
export KEY_NAME="iXa-CA"

# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234

# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"
#set_var EASYRSA "${0%/*}"
#set_var EASYRSA_OPENSSL "openssl"
#set_var EASYRSA_PKI "$PWD/pki"
set_var EASYRSA_PKI "/etc/openvpn/pki"

# Update as required
set_var EASYRSA_REQ_COUNTRY "FR"
set_var EASYRSA_REQ_PROVINCE "Soleil"
set_var EASYRSA_REQ_CITY "Mer"
set_var EASYRSA_REQ_ORG "Private"
set_var EASYRSA_REQ_EMAIL "[email protected]"
set_var EASYRSA_REQ_OU "Yours"

set_var EASYRSA_KEY_SIZE 4096

# The default crypto mode is rsa; ec can enable elliptic curve support.
# Note that not all software supports ECC, so use care when enabling it.
# Choices for crypto alg are: (each in lower-case)
# * rsa
# * ec

#set_var EASYRSA_ALGO rsa

# Define the named curve, used in ec mode only:

#set_var EASYRSA_CURVE secp384r1

set_var EASYRSA_CA_EXPIRE 7200
set_var EASYRSA_CERT_EXPIRE 7200

set_var EASYRSA_CERT_RENEW 120

set_var EASYRSA_CRL_DAYS 180

#set_var EASYRSA_NS_SUPPORT "no"
#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate"

# Experimental
#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
set_var EASYRSA_DIGEST "sha512"

set_var EASYRSA_REQ_CN "yours.domain.and.not.dkadds2.domain"

#set_var EASYRSA_BATCH "true"
2 changes: 1 addition & 1 deletion controllers/certificates.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ func (c *CertificatesController) Get() {
}

func (c *CertificatesController) showCerts() {
path := models.GlobalCfg.OVConfigPath + "keys/index.txt"
path := models.GlobalCfg.OVConfigPath + "pki/index.txt"
certs, err := lib.ReadCerts(path)
if err != nil {
beego.Error(err)
Expand Down
2 changes: 1 addition & 1 deletion controllers/ovconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func (c *OVConfigController) Post() {
lib.Dump(cfg)
c.Data["Settings"] = &cfg

destPath := models.GlobalCfg.OVConfigPath + "/server.conf"
destPath := models.GlobalCfg.OVConfigPath + "/openvpn.conf"
err := config.SaveToFile("conf/openvpn-server-config.tpl", cfg.Config, destPath)
if err != nil {
beego.Warning(err)
Expand Down
8 changes: 3 additions & 5 deletions lib/certificates.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,13 +94,11 @@ func trim(s string) string {
}

func CreateCertificate(name string) error {
rsaPath := "/usr/share/easy-rsa/"
varsPath := models.GlobalCfg.OVConfigPath + "keys/vars"
rsaPath := "/usr/share/easy-rsa/easyrsa"
cmd := exec.Command("/bin/bash", "-c",
fmt.Sprintf(
"source %s &&"+
"export KEY_NAME=%s &&"+
"%s/build-key --batch %s", varsPath, name, rsaPath, name))
"cd /etc/openvpn/ && "+
"%s build-client-full %s nopass", rsaPath, name))
cmd.Dir = models.GlobalCfg.OVConfigPath
output, err := cmd.CombinedOutput()
if err != nil {
Expand Down
12 changes: 6 additions & 6 deletions models/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func initDB() {
}

func createDefaultUsers() {
hash, err := passlib.Hash("b3secure")
hash, err := passlib.Hash("OhLaVache2020")
if err != nil {
beego.Error("Unable to hash password", err)
}
Expand Down Expand Up @@ -107,9 +107,9 @@ func createDefaultOVConfig() {
Management: "0.0.0.0 2080",
MaxClients: 100,
Server: "10.8.0.0 255.255.255.0",
Ca: "keys/ca.crt",
Cert: "keys/server.crt",
Key: "keys/server.key",
Ca: "pki/ca.crt",
Cert: "pki/server.crt",
Key: "pki/server.key",
},
}
o := orm.NewOrm()
Expand All @@ -119,9 +119,9 @@ func createDefaultOVConfig() {
} else {
beego.Debug(c)
}
path := GlobalCfg.OVConfigPath + "/server.conf"
path := GlobalCfg.OVConfigPath + "/openvpn.conf"
if _, err = os.Stat(path); os.IsNotExist(err) {
destPath := GlobalCfg.OVConfigPath + "/server.conf"
destPath := GlobalCfg.OVConfigPath + "/openvpn.conf"
if err = config.SaveToFile("conf/openvpn-server-config.tpl",
c.Config, destPath); err != nil {
beego.Error(err)
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.