Though this project still functions for the most part, there have been a number of important changes in OpenVPN and EasyRSA since it was last updated in 2017. In early 2022, I started the process of bringing it up-to-date -- mostly for my own use. :-)

Late last year I did significant additional work, and am happy to say it's in great shape! All of the known issues with this outstanding original version of the project have been addressed. It's designed to work with OpenVPN 2.5.x and higher (many, many important advancements since 2.4.x), along with EasyRSA3. Certificate revocation and removal have been added. SSL is now supported, and bugs in the status page data have been fixed.

The tried-and-true AdminLTE theme has been tweaked for a dark look. Go and all of the dependencies have been brought current as well. It now supports armv7 and arm64, in addition to amd64.

Though it will work with OpenVPN in a container (TUN only), support is not limited to that. It's primarily intended to work with the PiVPN script for a host-based OpenVPN installation on Debian, Ubuntu or the Raspberry Pi OS. This allows for either TUN or TAP connections!

Here are a few screenshots:

The new repository can be found here:
https://github.com/bnhf/openvpn-admin-plus

And, a write-up can be found here:
https://technologydragonslayer.com/2023/01/11/openvpn-admin-plus-an-admin-web-user-interface-for-openvpn-servers/

Available as a multi-arch Docker container here:
https://hub.docker.com/repository/docker/bnhf/openvpn-admin-plus/general

How configure this to use a openvpn existing server?

how to install in standalone server like ubuntu or centos?

To connect to a VPN from OpenVPN client I need an .ovpn client file.
I don't find it anywhere if your installation using Docker.
How do I connect to the VPN once it's running ?

Is this repo still maintained?

Hello,

Thanks a lot for your project.

Is there functionality to remove created users (not only create) via this tool?

Regards,
Alex Kurichenko

"Connected Since" is the duration, but it is not formatted. It is only displayed as a number. It is not displayed in the duration format

Consider adding the possibility of sending user certificates via email
Regards

I can not find a proper setting to send all traffic over vpn.

Hi Adam,

Would you be able please kindly to fix the little problem with mapping fields?
[https://imgur.com/a/c9GBERj]

The KB received shows 0, the KB Sent shows value, in fact received in KBytes, Connected Since shows Sent but in B not KB, and Username shows connected since but in timestamp, not date.

Belief is that it is down to parse.go section (below is what I thought would fix it - but something is wrong with this - not sure why field[4] gets 0, hence moved on to next field.

		case c == "CLIENT_LIST":
			bytesR, _ := strconv.ParseUint(fields[5], 10, 64)
			bytesS, _ := strconv.ParseUint(fields[6], 10, 64)
//			ConnectedSinceD := time.Unix(fields[7])
			item := &OVClient{
				CommonName:      fields[1],
				RealAddress:     fields[2],
				VirtualAddress:  fields[3],
				BytesReceived:   bytesR,
				BytesSent:       bytesS,
				ConnectedSince:  fields[7],
				ConnectedSinceT: fields[8],
//				Username:        fields[9],

Hope this is a 1 minute issue for you to fix.

Thank you in advance.

Would you be able to rebuild this so that the generated client certificates are embedded in the conf file, and you should probably rename it .ovpn
Or is this project abandoned?

1，The Clients certificates generated through web-gui are not stored in the database, are they！！！
2，How do I delete an existing user！！！

hi

i have allready install this https://github.com/angristan/openvpn-install and work very nice no problems all perfeckt
only i want to monitor and get a webinterface for see statistic etc.. and try this webui
bud as i try all waht in readme i cant get running
its thare any step by step instalation for beginner for ubuntu webui

kind regarts

当客户端断开连接了，平台还是显示连接中

Federated Sign In with OIDC, SAML IDPs will be helpful to integrate it into large enterprises

I am not expert and really new with a docker but...
Docker has own network adapter... doesn't that mean that you can run openvpn with docker only like proxy server? - no access to rest of the network.

I install it in an docker and can see webgui but i can not see password (username: admin password: b3secure) not work.

Hi, would you ever consider adding WireGuard option for this tool please?

Thankyou for your effort in making it 👍

Setting the default route option (redirect-gateway def1) in client-side to redirect all traffic over the VPN it stays connected but nothing passes through even simple ping request.

And it fixed by adding masquerade rule inside openvpn container

docker exec -it openvpn /bin/bash
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.0.0/12 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE

Hello, how to compile this project correctly and run it on CentOS 7

Can anyone enlighten me on what the build/pack.sh script does? I'm including it below:

#!/bin/bash

set -e

time docker run \
    -v "$PWD/../":/go/src/github.com/bnhf/openvpn-tap-external-web-ui \
    --rm \
    -w /usr/src/myapp \
    tyzbit/beego:1.9.4 \
    sh -c "cd /go/src/github.com/bnhf/openvpn-tap-external-web-ui/ && bee version && bee pack -exr='^vendor|^data.db|^build|^README.md|^docs'"
cd github.com

Thanks!

Please consider to add the ovpn file into the zip. There is no ovpn file in the /con/keys directory, so I suggest to include an ovpn file generator and then add this file to the zip file.

The ovpn file is necessary to setup an OpenVPN connection from mobile devices with the official OpenVPN app.
Here you can find an example: https://github.com/nachovalera/easy-ovpn-generator/blob/master/easy-ovpn-generator.sh

Thank you.

Hi,

I really like the gui!
I think the following features would improve it greatly:

• set DNS server(s) (push "dhcp-option DNS x.x.x.x)
• set the vpn ip range (at the moment this is hard-coded to 10.8.0.0 255.255.255.0 in the openvpn-server-config.tpl file)
• remove clients/certificates; at the moment clients/certificates can be added but not removed.

Unfortunately I'm not much of a developer otherwise I would love to help this project along!

Kind regards,
Taco Scheltema

Hi, nice work,
do u plan an Option to use TAP instead TUN for a Server Bridged Layer 2 VPN ?

Vpn is connected but internet is not working can you please tell me what is the issue

Hi,

Is this support with ccd? i can not see the ccd part on your openvpn skeleton structure.

Thanks,

Even though I config the server as 10.99.0.0 255.255.0.0, the generated server.conf always says the server is 10.8.0.0 255.255.255.0.

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

The reason is hardcoding in openvpn-server-config.tpl:

How can I solve this error?
Environment
Platform: Raspberry Pi 3 B +
OS: linux
Architecture: arm
The source was compiled on the Raspberry Pi.

Action: Update the configuration of the default profile
Initially I had to comment on that configuration in the code because it gave me the same error.
Log

[ORM]2019/09/27 15:15:01  -[Queries/default] - [  OK / db.QueryRow /     0.2ms] - [SELECT `id`, `profile`, `port`, `proto`, `ca`, `cert`, `key`, `cipher`, `keysize`, `auth`, `dh`, `server`, `ifconfig_pool_persist`, `keepalive`, `max_clients`, `management` FROM `o_v_config` WHERE `profile` = ? ] - `default`
2019/09/27 15:15:01 [D] [utils.go:49] {
,
	"Profile": "default",
	"Port": 0,
	"Proto": "",
	"Ca": "",
	"Cert": "",
	"Key": "",
	"Cipher": "",
	"Keysize": 0,
	"Auth": "",
	"Dh": "",
	"Server": "",
	"IfconfigPoolPersist": "",
	"Keepalive": "",
	"MaxClients": 0,
	"Management": ""
} 
2019/09/27 15:15:01 [C] [panic.go:679] the request url is  /ov/config
2019/09/27 15:15:01 [C] [panic.go:679] Handler crashed with error reflect: call of reflect.Value.Int on string Value
2019/09/27 15:15:01 [C] [panic.go:679] /usr/local/go/src/runtime/panic.go:679
2019/09/27 15:15:01 [C] [panic.go:679] /usr/local/go/src/reflect/value.go:986
2019/09/27 15:15:01 [C] [panic.go:679] /go/src/github.com/adamwalach/openvpn-web-ui/vendor/github.com/astaxie/beego/orm/db.go:214
2019/09/27 15:15:01 [C] [panic.go:679] /go/src/github.com/adamwalach/openvpn-web-ui/vendor/github.com/astaxie/beego/orm/db.go:92
2019/09/27 15:15:01 [C] [panic.go:679] /go/src/github.com/adamwalach/openvpn-web-ui/vendor/github.com/astaxie/beego/orm/db.go:617
2019/09/27 15:15:01 [C] [panic.go:679] /go/src/github.com/adamwalach/openvpn-web-ui/vendor/github.com/astaxie/beego/orm/orm.go:239
2019/09/27 15:15:01 [C] [panic.go:679] /go/src/github.com/adamwalach/openvpn-web-ui/controllers/ovconfig.go:61
2019/09/27 15:15:01 [C] [panic.go:679] /go/src/github.com/adamwalach/openvpn-web-ui/vendor/github.com/astaxie/beego/router.go:787
2019/09/27 15:15:01 [C] [panic.go:679] /usr/local/go/src/net/http/server.go:2802
2019/09/27 15:15:01 [C] [panic.go:679] /usr/local/go/src/net/http/server.go:1890
2019/09/27 15:15:01 [C] [panic.go:679] /usr/local/go/src/runtime/asm_arm.s:868

If you're wondering which of the 220+ forks in this repository are worth looking at, here are the ones that have commits ahead of adamwalach/openvpn-web-ui. Also, if you're looking for a version that supports TAP -- that's what my fork is all about:

https://github.com/bnhf/openvpn-tap-external-web-ui

I already have a fine and dandy openvpn setup.

can I install this without the docker?

It is not clear in the document in the first page. It could be a potential risk. Whether it has or not, I think it should be documented

Hi, I've tried running this on a Raspberry but the docker instances keep restarting.

running docker logs openvpn
shows the following error:
standard_init_linux.go:195: exec user process caused "exec format error''

so I guess these dockers do not run on ARM. It would be great to be able to do so though. do you have any plans to add support for ARM? or maybe provide instructions on how to build it myself?

Kind regards,
Taco Scheltema

Hello,
when will removing old certs be enabled? Or is there any way now to do this without the web panel?

Hi Adam,
I've created a functional OpenVPN web UI Dashboard thanks to you but is there a startup script to run the app as a service so that we can run the app in the background.

Thanks.

while executing the command "go get github.com/adamwalach/openvpn-web-ui", i am getting error like "exec: "gcc": executable file not found in $PATH"

Kindly help me in fixing this issue.

how can I add the client-config-dir?
If i set it in the server.conf and all routes (e.g route 172.18.0.0 255.255.255.0), the server does it but
the webinterface tell me i should fix my configuration with "Mapping error MB "
How can if fix this in the webinterface?