Web interface for openvpn uses Freeipa as Certificate Authority.
- Generate/Revoke user certificates
- Generate openvpn config
- Update certificate revocation lists
Requirements: You need openvpn installed.
-
Install Docker and docker-compose.
-
Download docker-compose.yml.
-
Change
https://ipa.example.comto your FreeIPA server. See other options.command: > --ipa-server=https://ipa.example.com -
Run docker container:
sudo docker-compose up -d
-
Create openvpn server config - http://127.0.0.1:8080/config. To access the user interface, use the freeipa credentials.
-
Start systemd service:
cd /etc/openvpn sudo systemctl start openvpn-server@server sudo systemctl enable openvpn-server@server
| Name | Default | Descriptions |
|---|---|---|
| --addr | "0.0.0.0:8000" | Listening and serving address |
| --ipa-domain | Domain with IPA servers. Ignored if set --ipa-server. (search by SRV record) |
|
| --ipa-server | FreeIPA server with a scheme | |
| --ipa-allowgroup | "admins" | IPA group with allowed access |
| --ipa-usergroup | Show users included in this ipa user group | |
| --ipa-hostgroup | Show hosts included in this ipa host group | |
| --ipa-cacn | "ipa" | Name of issuing CA |
| --ipa-ca-profile | IPA Certificate Profile to use | |
| --ovpn-serverconf | "/etc/openvpn/server/server.conf" | Path to openvpn server.conf file |
| --ovpn-keys | "/etc/openvpn/keys" | Path to folder with user keys |
| --version | Show version. |
