{"id":49086948,"url":"https://github.com/dionipe/openvpn-manager","last_synced_at":"2026-04-20T16:08:31.302Z","repository":{"id":344879677,"uuid":"1183549098","full_name":"dionipe/openvpn-manager","owner":"dionipe","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-16T18:12:21.000Z","size":6593,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-17T05:12:21.361Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dionipe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-16T18:07:25.000Z","updated_at":"2026-03-17T00:14:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/dionipe/openvpn-manager","commit_stats":null,"previous_names":["dionipe/openvpn-manager"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/dionipe/openvpn-manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fopenvpn-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fopenvpn-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fopenvpn-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fopenvpn-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dionipe","download_url":"https://codeload.github.com/dionipe/openvpn-manager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dionipe%2Fopenvpn-manager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32054673,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-20T11:35:06.609Z","status":"ssl_error","status_checked_at":"2026-04-20T11:34:48.899Z","response_time":94,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-20T16:08:28.825Z","updated_at":"2026-04-20T16:08:31.295Z","avatar_url":"https://github.com/dionipe.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenVPN \u0026 Wireguard Web Manager\n\nWeb UI berbasis Go untuk mengelola OpenVPN server — start/stop/restart service,\nmonitor koneksi aktif, generate \u0026 revoke client `.ovpn`, serta manajemen group + rules.\n\n---\n\n## Screenshots\n\n| Login | Dashboard |\n|---|---|\n| ![Login](ss/login.png) | ![Dashboard](ss/dashboard1.png) |\n\n![Dashboard — Client Management \u0026 Groups](ss/dashboard2.png)\n\n---\n\n## Daftar Isi\n\n1. [Prasyarat](#1-prasyarat)\n2. [Instalasi OpenVPN \u0026 EasyRSA](#2-instalasi-openvpn--easyrsa)\n3. [Inisialisasi PKI \u0026 Sertifikat Server](#3-inisialisasi-pki--sertifikat-server)\n4. [Konfigurasi Server OpenVPN](#4-konfigurasi-server-openvpn)\n5. [IP Forwarding \u0026 NAT](#5-ip-forwarding--nat)\n6. [Instalasi Web Manager](#6-instalasi-web-manager)\n7. [Konfigurasi Manager](#7-konfigurasi-manager)\n8. [Systemd Service](#8-systemd-service)\n9. [Deploy ke Server Lain (Multi-Server)](#9-deploy-ke-server-lain-multi-server)\n10. [Referensi Konfigurasi](#10-referensi-konfigurasi)\n\n---\n\n## 1. Prasyarat\n\n| Kebutuhan | Versi minimum |\n|---|---|\n| OS | Debian 11 / Ubuntu 22.04 atau lebih baru |\n| Go | 1.21+ (hanya untuk build dari source) |\n| OpenVPN | 2.6+ |\n| EasyRSA | 3.x |\n| Akses | `root` atau `sudo` |\n\n---\n\n## 2. Instalasi OpenVPN \u0026 EasyRSA\n\n```bash\napt-get update\napt-get install -y openvpn easy-rsa\n```\n\nSalin EasyRSA ke direktori konfigurasi OpenVPN:\n\n```bash\ncp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa\n```\n\n---\n\n## 3. Inisialisasi PKI \u0026 Sertifikat Server\n\n```bash\ncd /etc/openvpn/easy-rsa\n\n# Inisialisasi PKI (hapus PKI lama jika ada)\n./easyrsa --batch init-pki\n\n# Buat Certificate Authority\necho \"openvpn-server\" | ./easyrsa --batch build-ca nopass\n\n# Buat request \u0026 tanda-tangani sertifikat server\n./easyrsa --batch gen-req server nopass\n./easyrsa --batch sign-req server server\n\n# Generate Diffie-Hellman parameter (butuh beberapa menit)\n./easyrsa gen-dh\n\n# Generate TLS Auth key\nopenvpn --genkey secret pki/ta.key\n```\n\nSalin semua file ke direktori server:\n\n```bash\nmkdir -p /etc/openvpn/server\nmkdir -p /etc/openvpn/clients\nmkdir -p /var/log/openvpn\n\ncp pki/ca.crt              /etc/openvpn/server/\ncp pki/issued/server.crt   /etc/openvpn/server/\ncp pki/private/server.key  /etc/openvpn/server/\ncp pki/dh.pem              /etc/openvpn/server/\ncp pki/ta.key              /etc/openvpn/server/\n\nchmod 600 /etc/openvpn/server/server.key \\\n          /etc/openvpn/server/ta.key\n```\n\n---\n\n## 4. Konfigurasi Server OpenVPN\n\nBuat file `/etc/openvpn/server/server.conf`:\n\n```conf\n# ── Dasar ────────────────────────────────────────────────────\nport 1194\nproto udp\ndev tun\n\n# ── Sertifikat ───────────────────────────────────────────────\nca   /etc/openvpn/server/ca.crt\ncert /etc/openvpn/server/server.crt\nkey  /etc/openvpn/server/server.key\ndh   /etc/openvpn/server/dh.pem\n\n# TLS Auth (0 = server side)\ntls-auth /etc/openvpn/server/ta.key 0\nkey-direction 0\n\n# ── Jaringan ─────────────────────────────────────────────────\n# Subnet VPN 10.8.0.0/24 (sesuaikan jika bentrok)\nserver 10.8.0.0 255.255.255.0\n\nifconfig-pool-persist /var/log/openvpn/ipp.txt\n\n# Arahkan semua traffic client melalui VPN\npush \"redirect-gateway def1 bypass-dhcp\"\n\n# DNS untuk client\npush \"dhcp-option DNS 8.8.8.8\"\npush \"dhcp-option DNS 8.8.4.4\"\n\n# Izinkan komunikasi antar client\nclient-to-client\n\n# ── Stabilitas ───────────────────────────────────────────────\nkeepalive 10 120\npersist-key\npersist-tun\n\n# Turunkan privilege setelah start\nuser nobody\ngroup nogroup\n\n# ── Enkripsi ─────────────────────────────────────────────────\ncipher AES-256-GCM\ndata-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC\n\n# Kompresi dinonaktifkan (mitigasi VORACLE)\ncompress stub-v2\npush \"compress stub-v2\"\n\n# ── TLS Mode ─────────────────────────────────────────────────\ntls-server\nremote-cert-tls client\n\n# ── Log ──────────────────────────────────────────────────────\nstatus /var/log/openvpn/openvpn-status.log\nlog-append /var/log/openvpn/openvpn.log\nverb 3\nmute 20\n```\n\nAktifkan dan jalankan service:\n\n```bash\nsystemctl enable --now openvpn-server@server\nsystemctl status openvpn-server@server\n```\n\n---\n\n## 5. IP Forwarding \u0026 NAT\n\n```bash\n# Aktifkan IP forwarding sekarang\nsysctl -w net.ipv4.ip_forward=1\n\n# Buat permanen (aktif setelah reboot)\nsed -i 's/#\\?net\\.ipv4\\.ip_forward\\s*=.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf\nsysctl -p\n```\n\nTambahkan aturan NAT iptables (ganti `eth0` dengan interface yang mengarah ke internet):\n\n```bash\nIFACE=$(ip route get 1.1.1.1 | awk '{print $5; exit}')\n\niptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o \"$IFACE\" -j MASQUERADE\niptables -A FORWARD -i tun0 -o \"$IFACE\" -j ACCEPT\niptables -A FORWARD -i \"$IFACE\" -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT\n\n# Simpan iptables agar persistent\napt-get install -y iptables-persistent\nnetfilter-persistent save\n```\n\n---\n\n## 6. Instalasi Web Manager\n\n```bash\n# Clone atau copy ke server\ncp -r . /opt/openvpn-web-ui\ncd /opt/openvpn-web-ui\n\n# Build binary\ngo build -o openvpn-manager .\n```\n\n---\n\n## 7. Konfigurasi Manager\n\n### 7.1 File utama — `manager.toon`\n\nSalin ke lokasi yang dibaca binary:\n\n```bash\ncp data/manager.toon /etc/openvpn/manager.toon\nchmod 640 /etc/openvpn/manager.toon\n```\n\nIsi penting yang perlu disesuaikan:\n\n```toml\nadmin_user: admin\nadmin_pass: \u003chash-bcrypt\u003e           # lihat cara generate di bawah\novpn_service: openvpn-server@server # nama unit systemd\npublic_ip: \u003cIP-PUBLIK-SERVER\u003e       # ditulis ke .ovpn client\nlisten_port: 8080                   # port web UI\n\npaths:\n  easy_rsa:    /etc/openvpn/easy-rsa\n  clients:     /etc/openvpn/clients\n  server_certs: /etc/openvpn/server\n```\n\n**Generate hash password:**\n\n```bash\ncd /opt/openvpn-web-ui\n./openvpn-manager --hash-pass passwordbaru\n# Salin output ke admin_pass di manager.toon\n```\n\n### 7.2 File per-server — `manager.env`\n\nDigunakan untuk override tanpa mengubah `manager.toon`.\nBerguna saat deploy ke banyak server.\n\n```bash\ncp data/manager.env /etc/openvpn/manager.env\nchmod 640 /etc/openvpn/manager.env\n```\n\nEdit minimal:\n\n```ini\nOVPN_PUBLIC_IP=\u003cIP-PUBLIK-SERVER\u003e     # wajib diubah per server\nOVPN_PORT=8080\nOVPN_SERVICE=openvpn-server@server\n```\n\nKosongkan `OVPN_PUBLIC_IP` untuk **auto-detect** via `api.ipify.org` saat startup.\n\n### 7.3 Prioritas konfigurasi\n\n```\nEnv var shell  \u003e  manager.env  \u003e  manager.toon  \u003e  built-in default\n```\n\n---\n\n## 8. Systemd Service\n\n```bash\ncp openvpn-manager.service /etc/systemd/system/\nsystemctl daemon-reload\nsystemctl enable --now openvpn-manager\nsystemctl status openvpn-manager\n```\n\nCek log:\n\n```bash\njournalctl -u openvpn-manager -f\n```\n\n---\n\n## 9. Deploy ke Server Lain (Multi-Server)\n\n```bash\n# Di server baru:\nrsync -av /opt/openvpn-web-ui/   server-baru:/opt/openvpn-web-ui/\nrsync -av /etc/openvpn/manager.toon \\\n          /etc/openvpn/manager.env  server-baru:/etc/openvpn/\n\n# Di server baru — sesuaikan identitas server\nnano /etc/openvpn/manager.env\n# → ubah OVPN_PUBLIC_IP ke IP publik server tersebut\n# → ubah OVPN_SERVICE jika nama unit systemd berbeda\n\nsystemctl restart openvpn-manager\n```\n\n---\n\n## 10. WireGuard\n\n```bash\n# Install\napt install wireguard\n\n# Generate server key\nwg genkey | tee /etc/wireguard/server_private.key | wg pubkey \u003e /etc/wireguard/server_public.key\n\n# Buat /etc/wireguard/wg0.conf minimal:\n# [Interface]\n# PrivateKey = \u003cserver_private_key\u003e\n# Address = 10.8.1.1/24\n# ListenPort = 51820\n\nsystemctl enable --now wg-quick@wg0\n```\n---\n## 12. Iptables\n\n```bash\n# apabila ada ethernet yang belum di masquerade Izinkan traffic antar interface:\niptables -A FORWARD -i wg0 -o eth1 -j ACCEPT\niptables -A FORWARD -i eth1 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT\n```\n---\n\n## 11. Referensi Konfigurasi\n\n### `manager.toon`\n\n| Key | Default | Keterangan |\n|---|---|---|\n| `admin_user` | `admin` | Username login |\n| `admin_pass` | `changeme` | Plain-text atau bcrypt hash |\n| `ovpn_service` | `openvpn-server@server` | Nama unit systemd OpenVPN |\n| `public_ip` | *(auto-detect)* | IP publik untuk `.ovpn` client |\n| `listen_port` | `8080` | Port web UI |\n| `session_ttl` | `24h` | Durasi sesi login |\n| `paths.easy_rsa` | `/etc/openvpn/easy-rsa` | Direktori EasyRSA |\n| `paths.clients` | `/etc/openvpn/clients` | Direktori simpan `.ovpn` |\n| `paths.server_certs` | `/etc/openvpn/server` | Direktori sertifikat server |\n\n### Environment Variables\n\n| Variabel | Keterangan |\n|---|---|\n| `OVPN_USER` | Override `admin_user` |\n| `OVPN_PASS` | Override `admin_pass` (plain-text) |\n| `OVPN_SERVICE` | Override nama unit systemd |\n| `OVPN_PUBLIC_IP` | Override IP publik server |\n| `OVPN_PORT` | Override port web UI |\n\n### Struktur Direktori\n\n```\n/opt/openvpn-web-ui/\n├── main.go                     # Source code utama\n├── go.mod\n├── openvpn-manager             # Binary hasil build\n├── openvpn-manager.service     # Systemd unit (template)\n├── data/\n│   ├── manager.toon            # Template config utama\n│   └── manager.env             # Template per-server env\n└── public/\n    ├── index.html              # Dashboard\n    └── login.html              # Halaman login\n\n/etc/openvpn/\n├── manager.toon                # Config aktif\n├── manager.env                 # Env override per-server\n├── manager-groups.json         # Data group (auto-generated)\n├── easy-rsa/                   # PKI \u0026 EasyRSA\n│   └── pki/\n├── server/                     # Sertifikat server\n│   ├── ca.crt\n│   ├── server.crt / server.key\n│   ├── dh.pem\n│   ├── ta.key\n│   └── server.conf\n└── clients/                    # File .ovpn client (auto-generated)\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdionipe%2Fopenvpn-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdionipe%2Fopenvpn-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdionipe%2Fopenvpn-manager/lists"}