images
/
ovpn-certman
8
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity
30 Commits 2 Branches 0 Tags 229 KiB
Go 97.4%
Dockerfile 2.2%
JavaScript 0.4%
Go to file
paul e524d47f4a Bump go version 2021-02-06 23:51:36 +01:00
assets Build project from this github repository 2019-05-15 18:18:54 +02:00
handlers Switch from gitlab to gitea format 2021-02-06 23:44:14 +01:00
middleware Update SCS session manager 2019-05-15 19:25:51 +02:00
models Refactor code, delete old references 2018-02-03 18:26:54 +01:00
router Update SCS session manager 2019-05-15 19:25:51 +02:00
services Update SCS session manager 2019-05-15 19:25:51 +02:00
settings Move database and sessions to services 2018-01-26 14:49:03 +01:00
views Build project from this github repository 2019-05-15 18:18:54 +02:00
.gitignore Refactor code, delete old references 2018-02-03 18:26:54 +01:00
.gitlab-ci.yml Build project from this github repository 2019-05-15 18:18:54 +02:00
Dockerfile Bump go version 2021-02-06 23:51:36 +01:00
README.md Update SCS session manager 2019-05-15 19:25:51 +02:00
docker-compose.yml.example Make fully configurable for other networks 2018-04-22 20:34:51 +02:00
main.go Update SCS session manager 2019-05-15 19:25:51 +02:00
usage.md Remove very deployment-specific usage guide 2019-05-15 18:10:51 +02:00

README.md

Certman

Certman is a simple certificate manager web service for OpenVPN.

**For usage tips, please consult usage.md

Installation

Binary

There are prebuilt binary files for this application. They are statically linked and have no additional dependencies. Supported plattforms are:

  • Windows (XP and up)
  • Linux (2.6.16 and up)
  • Linux ARM (for raspberry pi, 3.0 and up) Simply download them from the "artifacts" section of this project.

Docker

A prebuilt docker image (10MB) is available:

docker pull zombi/certman

From Source-Docker

You can easily build your own docker image from source

docker build -t zombi/certman .

Configuration

Certman assumes the root certificates of the VPN CA are located in the same directory as the binary, If that is not the case you need to copy over the ca.crt and ca.key files before you are able to generate certificates with this tool.

Additionally, the project is configured by the following environment variables:

  • OAUTH2_CLIENT_ID the Client ID, assigned during client registration
  • OAUTH2_CLIENT_SECRET the Client secret, assigned during client registration
  • OAUTH2_AUTH_URL the URL to the "/authorize" endpoint of the identity provider
  • OAUTH2_TOKEN_URL the URL to the "/token" endpoint of the identity provider
  • OAUTH2_REDIRECT_URL the redirect URL used by the app, usually the hostname suffixed by "/login/oauth2/redirect"
  • USER_ENDPOINT the URL to the Identity provider user endpoint, for gitlab this is "/api/v4/user". The "username" attribute of the returned JSON will used for authentication.
  • APP_LISTEN port and ip to listen on, e.g. :8000 or 127.0.0.1:3000
  • VPN_DEV which device is used by the network, either tun or tap (check server cfg)
  • VPN_HOST Hostname or IP address of the server
  • VPN_PORT Port of the VPN server
  • VPN_PROTO Protocol of the VPN server, either tcp or udp

There are some files that need to be mounted inside the container:

  • /ca.crt the certificate of the server PKI
  • /ca.key the key of the server PKI, unencrypted
  • /ta.key shared HMAC secret of server and client
  • /clients.json the generated certificates for each client

There is an docker-compose.yml example you can use as a base for your own docker-compose service.