Net-Openvpn
Net-Openvpn is a gem for configuring a local OpenVPN installation.
Usage
Server configuration
Modifying the config for a server (config file will be called auckland-office.conf
):
server = Net::Openvpn.server("auckland-office")
server.set :port, 1194
server.save
Host Configuration (read: client-config-directive)
Technically this is a client, and I should have named it Client
instead of Host
, but I don't want to break existing apps using this gem. So I aliased Net::Openvpn::Client
to Net::Openvpn::Host
so you can use the former. However, objects returned by initialization will still be of the type Net::Openvpn::Host
.
This is how you set the IP address of a VPN host with the hostname optimus
:
host = Net::Openvpn.host("optimus")
host.ip = 10.8.0.24
host.network = 10.8.0.0
host.save
You can also use a ActiveModel kind of initialization to allow you to create a host in one fell swoop:
Net::Openvpn::Host.new("optimus", ip: "10.8.0.10", network: "10.8.0.0").save
This would create a file at /etc/openvpn/ccd/optimus
containing the following:
ifconfig-push 10.8.0.24 10.8.0.0
So that any host connecting to the VPN with a hostname of optimus
get assigned 10.8.0.24
.
There are also some other handy methods on the host object:
host.file # where is the file kept?
host.remove # get rid of the host (delete the file)
host.exist? # does the file exist?
host.new? # has it been saved yet?
host.ip # what is the ip of this host
host.network # what is the network of this host
Rails Permissions
If you are running rails and you want to give the rails user access, you could do it like this:
groupadd openvpn
chown root.openvpn /etc/openvpn -R
chmod ug+rwx /etc/openvpn -R
chmod o-rwx /etc/openvpn -R
cd /etc/openvpn
chmod g-rwx easy-rsa *.key *.crt *.pem
usermod -aG openvpn rails-app-user