A few years ago, I wrote a little application to help with some openvpn services. Then some things changed, and I never got a chance to put it into production. So I thought I'd check here and see if anyone might find it useful, or be interested in trying it out, or might even want to improve on it.
It uses the management interface and connects to one or more openvpn instances. It has a few features that I think are kind of neat. It handles authentication, and authenticates against ldap, can have a list of allowed source IP's, and can do OTP. When doing OTP, it only checks on initial connection, not on reauth (so you don't have to put in your OTP every time openvpn re-authenticates). It uses client-config-dir style configs, but can also do templating (so user-* all gets the same config, for example). It does some fun things with iptables. It can register your CN with DDNS. Perhaps the most nifty thing it does is to capture ifconfig-push and iroute directives, and then sends those out as RIPv2 routing updates, which can adjust routes on a rip daemon running on localhost to dynamically update the server's routing table, and/or be redistributed into another routing protocol (such as OSPF), so that you can have multiple openvpn servers in multiple locations, and clients with static IP addresses and/or irouted subnets behind them will get routing right no matter where they connect. If this sounds intriguing, my code and an example config is at https://github.com/j-m-patterson/ovpnherder. I haven't tested anything in years, but so far as I know, it should still work. Let me know what you think. Thanks! -Joe _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
