- Provides a small web service to generate credentials for an OpenVPN PKI
- Supports multiple VPN endpoints using the same CA
- It is not wise to expose this to the public - preferrably use intranet or an IP filter
- List certificates
- Revoke certificates
- Password generation
- Initialize a certificate authority, e.g. using easy-rsa
- Create
config.yml
usingconfig.yml.dist
as reference - Create and set Github client secrets if you want auth, must be set in env
- Install dependencies:
npm install
- Run server:
node server.js
- So far this depends on an existing OpenVPN CA structure initialised by easyrsa
- Location of the PKI and OpenSSL config generated by easyrsa must be provided
- For testing docker-compose.yml will provide a dummy CA
- See setup-certs.sh for how to generate your own CA
- Will build and run this app on
localhost:9000
- OpenVPN container providing the PKI certs
- Useful for development, not intended for production
- Note: the
ca
container will only init the PKI and exit with code0
export GITHUB_CLIENT_ID=<your-client-id-here>
export GITHUB_CLIENT_SECRET=<your-secret-here>
make up
- Technically extensible/pluggable
- So far only a Github OAuth provider is included
- So far supports Github OAuth server side flow
- You need to register an app to obtain a client id and secret
- Set
GITHUB_CLIENT_ID
andGITHUB_CLIENT_SECRET
in your shell
-
Generate cert:
DATA='{"name": "someuser", "passphrase": "abc123", "endpoint": "my-vpn"}' curl -XPOST -d "$DATA" -H"Content-type: application/json" localhost:9000/certs
-
Get openvpn config:
curl localhost:9000/configs/my-vpn/someuser.ovpn