openvpn-monitor

    http://openvpn-monitor.openbytes.ie/

     

    Installation

    CentOS / RHEL
    yum install -y epel-release
yum install -y python-GeoIP python-ipaddr python-humanize python-bottle python-semantic_version httpd mod_wsgi git wget GeoIP-data GeoIP-update
echo "WSGIScriptAlias /openvpn-monitor /var/www/html/openvpn-monitor/openvpn-monitor.py" > /etc/httpd/conf.d/openvpn-monitor.conf
systemctl restart httpd

    Checkout openvpn-monitor

    cd /var/www/html
git clone https://github.com/furlongm/openvpn-monitor.git

    See configuration for details on configuring openvpn-monitor.

    Configuration

    Configure OpenVPN

    Add the following line to your OpenVPN server configuration to run the management console on 127.0.0.1 port 5555: nano /etc/openvpn/server.conf

    management 127.0.0.1 5555

    Refer to the OpenVPN documentation for further information on how to secure access to the management interface.

    Configure openvpn-monitor

    Copy the example configuration file openvpn-monitor.conf.example to the same directory as openvpn-monitor.py. cd /var/www/html/openvpn-monitor

    cp openvpn-monitor.conf.example openvpn-monitor.conf

    In this file you can set site name, add a logo, set the default map location (latitude and longitude). If not set, the default location is New York, USA.

    nano openvpn-monitor.conf

    geoip_data=/usr/share/GeoIP/GeoLite2-City.mmdb

    geoip_data=/usr/share/GeoIP/GeoIPCity.dat

    Once configured, navigate to http://myipaddress/openvpn-monitor/

    Note the trailing slash, the images may not appear without it.

    Debugging

    openvpn-monitor can be run from the command line in order to test if the html generates correctly:

    cd /var/www/html/openvpn-monitor
python openvpn-monitor.py

    Further debugging can be enabled by specifying the --debug flag:

    cd /var/www/html/openvpn-monitor
python openvpn-monitor.py -d

     

    Protected access

    cd /etc/httpd

    htpasswd -c /etc/httpd/.htpasswd vpn_monitor

    Verify, that password was created - cat /etc/httpd/.htpasswd

    nano /var/www/html/openvpn-monitor/.htaccess

    AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user

     

    Better password setting:

    nano /etc/httpd/conf.d/openvpn-monitor.conf

    WSGIScriptAlias /openvpn-monitor /var/www/html/openvpn-monitor/openvpn-monitor.py
    <directory /var/www/html/openvpn-monitor>
            AuthUserFile /etc/openvpn/vpn-htpasswd
            AuthName "Open VPN Monitor"
            AuthType Basic
            require valid-user

            ExpiresActive On
            ExpiresDefault M310
    </directory>

    htpasswd -c /etc/openvpn/vpn-htpasswd {user}

    systemctl restart openvpn-server@server.service

    systemctl restart httpd

    Tags: 
    openvpn