The official OpenVPN client OpenVPN Connect also
can fetch client configuration files (.ovpn files) by HTTPS, usually from an
OpenVPN Access Server.
ovpnd serves those .ovpn files files as well by implementing the official
REST API.
You need the following:
- directory with .ovpn files a.k.a. connection profiles in unified format
- for each .ovpn file a corresponding .txt file in the same directory that includes an unecrypted password (required for user authentication)
- TLS certificate and key
ovpnd is distributed as
docker image for easy deployment.
Getting help:
$ docker run --rm bjoernalbers/ovpnd -h
Running ovpnd:
$ ls tls
cert.crt cert.key
$ ls profiles
johndoe.ovpn johndoe.txt
$ cat profiles/johndoe.txt
secret
$ docker run --rm -p 443:443 -v $(pwd)/tls:/tls -v $(pwd)/profiles:/profiles \
bjoernalbers/ovpnd -cert /tls/cert.crt -key /tls/cert.key /profiles
Testing:
$ curl https://openvpn.example.com/rest/GetUserlogin
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Type>Authorization Required</Type>
<Synopsis>REST method failed</Synopsis>
<Message>Invalid username or password</Message>
</Error>
$ curl -u johndoe:secret https://openvpn.example.com/rest/GetUserlogin
content of profile
Running ovpnd without TLS if a reverse-proxy already takes care of TLS:
$ docker run --rm -p 80:80 -v $(pwd)/profiles:/profiles \
bjoernalbers/ovpnd -no-tls /profiles
If you add / remove .ovpn files or change passwords you have to restart the
container so that ovpnd picks up the changes!