Skip to content

Kronus-Lab/vsm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github
.github
 
 
.vscode
.vscode
 
 
automation
automation
 
 
config
config
 
 
cypress/e2e
cypress/e2e
 
 
static
static
 
 
templates
templates
 
 
test
test
 
 
.coveragerc
.coveragerc
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
coverage-badge.svg
coverage-badge.svg
 
 
cypress.config.js
cypress.config.js
 
 
diagram.drawio
diagram.drawio
 
 
diagram.png
diagram.png
 
 
docker-compose-common.yml
docker-compose-common.yml
 
 
docker-compose-e2e.yml
docker-compose-e2e.yml
 
 
docker-compose-integration.yml
docker-compose-integration.yml
 
 
liccheck.ini
liccheck.ini
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pyproject.toml
pyproject.toml
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements.txt
requirements.txt
 
 
tests-badge.svg
tests-badge.svg
 
 
vault_create_role.sh
vault_create_role.sh
 
 
vsm.py
vsm.py
 
 

Repository files navigation

VPN Server Manager

Badges

img img img

What is this?

This project aims to provide a system to allow self-serve, short lived VPN access for users I host servers for. The diagram below illustrates the flow of information.

img

  1. Users reach the VSM portal
  2. When hitting the login button, they get redirected to an OIDC Identity Provider (IdP)
  3. Upon successful login, the user is prompted to select a VPN configuration from a list of allowed VPN endpoints.
  4. VSM asks a Hashicorp Vault backend to generate a certificate for the appropriate VPN configuration, pulls the VPN config metadata from the same vault, generates the vpn configuration file, returns the generated ovpn file to the user.
  5. Once the user has retrieved the config, they can now initiate their VPN connection and access their servers.

How to deploy?

Download a copy of the docker-compose.yml file from this repository, tweak it to what you need. The docker-compose.yml is set to deploy a local development copy of the whole stack (Vault, Keycloak, Redis, VSM and HAProxy).

*.local.kronus.network is already set to 127.0.0.1 in the global DNS, thus the default mapping is as follows:

  • kc.local.kronus.network => Keycloak
  • hcv.local.kronus.network => Hashicorp Vault
  • vsm.local.kronus.network => VPN Server Manager

rule of thumbs

  • the folder /home/vsm/config/vsm contains the vpn_group_mapping.json and app.json files needed to configure VSM itself. In K8s this can be a configmap
  • the folder /home/vsm/config/haproxy contains the HAProxy configuration file needed for development purposes.
  • the folder /home/vsm/static contains a single file called logo.png which can be overridden
  • the folder /home/vsm/templates containes the templates used to render the site. index.html is the file loaded by the app. template.ovpn contains the VPN configuration template file that gets rendered with the given parameters. You shouldn't need to change it as the vpnmetadata is pulled from vault.

About

OpenVPN Community Server OIDC authentication portal

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages