Use existing openvpn server with ovpn-admin

[evergreen-shankar]

I am already running cli of openvpn server. I would like to use ovpn-admin using existing openvpn server. Could you please tell me the steps to get this? @sprait Thanks in adavance

[sprait]

Hi, I think it may not be easy to do as it is currently. At the moment, ovpn-admin and openvpn share some directories:

./easyrsa_master
./ccd_master

If you're using your own OpenVPN server, you should also set up similar access there. In addition, you will need to specify environment variables/flags values according to your openvpn server values. But I will note that we have not tested this scenario.

[marcomusso]

For what it's worth, in my very time limited tests, I was able to make it work by specifying quite a lot of command line parameters to match my specific setup:

PATH=/etc/openvpn/easy-rsa:$PATH ./ovpn-admin --ovpn.network="10.8.0.0/24" --ovpn.server=192.168.7.1:443:tcp --mgmt=main=127.0.0.1:445 --easyrsa.path=/etc/openvpn/easy-rsa --log.level="trace" --listen.port=8082 --ccd --ccd.path=/etc/openvpn/ccd/

The PATH was needed because otherwise oven-admin expects easyrsa to be in PATH which is not my case (I expected it to use the path passed as a parameter but it seems not to).
Also in the UI I didn't see correctly listed my two connected clients so I postponed the adoption of it until I have some more time...

[sprait]

@marcomusso you can check that the openvpn management interface (--mgmt flag) is correctly specified and that it is available:

telnet 127.0.0.1 445
status

this command should show active clients,

example

bash-5.1# telnet 127.0.0.1 8989
Connected to 127.0.0.1
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
status
OpenVPN CLIENT LIST
Updated,2023-09-12 10:05:40
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
test3,172.19.0.1:53270,3473,3504,2023-09-12 10:05:13
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
192.168.100.2,test3,172.19.0.1:53270,2023-09-12 10:05:13
GLOBAL STATS
Max bcast/mcast queue length,0
END

[marcomusso]

If I remember correctly the output of the status command can be of different type: here is mine (for some reasons I think I changed it probably because some other tool needed this format):

TITLE,OpenVPN 2.x.y x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 16 2023
TIME,2023-09-12 12:14:55,1694513695
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID,Data Channel Cipher
CLIENT_LIST,client1,x.y.z.w:49192,10.8.0.10,,346592,388246,2023-09-12 08:10:09,1694499009,UNDEF,6864,0,<cipher>
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,10.8.0.10,client1,x.y.z.w:49192,2023-09-12 12:14:42,1694513682
GLOBAL_STATS,Max bcast/mcast queue length,2
END

[starikov-aa]

I had the same problem on Ubuntu 20.04 & openvpn 2.4.7. It occurs because in the systemd unit the openvpn server is started with the "--status-version 2" parameter, which adds additional fields.

The problem can be solved by adding "status-version 1" to the openvpn config.

[pashcovich]

Yes, you're right. this will be fixed in future versions. we are already aware of this problem