This repository was archived by the owner on Jan 3, 2023. It is now read-only.
Change config file name#160
Open
sandmanstorm wants to merge 239 commits into
Open
Conversation
creating .htpasswd and generating secure password for client-config
some installation visual touchups
removed FD0 device from system to prevent errors in the logs
…sers UX (E) Option A – Dark Admin Theme with Sidebar: - Replace top navbar with a fixed dark left sidebar (navy/indigo palette) - Sidebar nav items use data-toggle="tab" to drive the existing tab-content panels - Dark topbar with Get Config / Configurations / Logout actions - Tab panes styled as white cards with subtle shadow on a light-grey canvas - URL-hash tab persistence re-wired to sidebar active state Option B – Dashboard Stats Panel: - Four stat cards (Total Users, Online Now, Disabled, Log Entries) at the top of the main content area, loaded via a new ?select=stats AJAX endpoint - Stats refresh automatically after add/delete/enable-toggle user operations Option E – Improved Users Table UX: - Password column now shows masked bullets (••••••) plus a "Reset" button; clicking Reset opens a Bootstrap modal for the new password - Enabled column replaced with a CSS toggle switch (no raw checkbox) - Rows where user_end_date is in the past are highlighted in light red - Delete actions on users and admins now show a Bootstrap confirm modal instead of the native window.confirm() dialog https://claude.ai/code/session_01WZEZB3qbYnaXPXj3eB9P1j
…all scripts - install.sh: add Debian to the OS guard, add a Debian package installation block (mariadb-server, php, php-mysql, php-zip, apache2, openvpn, net-tools), and extend the firewall-persistence case to Ubuntu|Debian so iptables rules are saved persistently on both distros - online-install.sh: add Debian to the OS guard - uninstall.sh: replace the hard-coded /etc/php/7.3 path with a dynamic php_version variable so the php.ini cleanup works on any PHP version (fixes breakage on Debian and Ubuntu 21+) - README.md: update prerequisites to list Debian 11/12 and add it to the Tests section https://claude.ai/code/session_01WZEZB3qbYnaXPXj3eB9P1j
Parsing PRETTY_NAME with cut/sed is fragile and can silently produce the wrong value depending on locale, distro variant, or whitespace differences (e.g. Debian's PRETTY_NAME is "Debian GNU/Linux 12 (bookworm)" which requires a different word position than Ubuntu's). Switch both install.sh and online-install.sh to source /etc/os-release directly and read the standardised ID field (guaranteed lowercase, no spaces), then title-case it with awk to preserve the existing case statements (Ubuntu, Raspbian, Debian). Also switch OS_Version_Major/Minor to use VERSION_ID instead of carving up PRETTY_NAME. https://claude.ai/code/session_01WZEZB3qbYnaXPXj3eB9P1j
online-install.sh was cloning https://github.com/arvage/OpenVPN-Admin, causing all changes in this fork to be silently discarded — users ended up with the old unpatched code every time. Update the clone URL to ringmor/OpenVPN-Admin so the Debian-compatible install.sh is actually used. Update README.md Method 1 (wget) and Method 2 (git clone) URLs to match. https://claude.ai/code/session_01WZEZB3qbYnaXPXj3eB9P1j
- Replace JS tab navigation with server-side ?page= routing so pages survive browser refresh - Unify login and config download into a single page - Add mail, phone, and enable fields to admin table (matching user UX) - Mask admin passwords with reset button instead of raw hash display - Aggregate logs per user with session count and totals - Auto-refresh stats and user table every 5 seconds - Update installation configs with server IP and keepalive settings Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…oahl69q695u-JYzou Claude/explain codebase mlvb1oahl69q695u j yzou
…ve dashboard - Migrate UI from Bootstrap 3 + Bower to Bootstrap 5 + Bootstrap Icons via CDN (removes bower/npm dependency entirely) - Replace x-editable with Bootstrap 5 modal-based row editing - Add role-based admin access: super-admin (full control) vs read-only - Add live connection dashboard that parses OpenVPN status log - Add per-user certificate management via EasyRSA (generate, revoke, download .ovpn) - Add SMTP configuration page with send-test functionality - Add email notification toggles (on-connect, on-disconnect, account-expiry) - Add include/mailer.php: lightweight dependency-free SMTP client - Add include/notify.php: CLI script called from OpenVPN connect/disconnect hooks - Add sql/schema-10.sql: admin role column, smtp_settings table, fix missing admin cols - Update install.sh and update.sh to remove bower dependency - Wire connect.sh and disconnect.sh to call notify.php for email alerts - All forms updated to Bootstrap 5 card layout with Bootstrap Icons Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ry Pi OS Issues fixed: - Remove PHP 7.4 forcing via ondrej PPA; use system PHP (8.1 on Ubuntu 22, 8.3 on Ubuntu 24, 8.2 on Debian 12) and auto-detect version for a2enmod - Detect Raspberry Pi OS 64-bit (reports ID=debian) via /proc/cpuinfo - Remove nodejs/npm from all package lists (no longer needed; Bower removed) - Add php-mbstring and iptables-persistent to all OS cases - Fix openvpn --genkey: use tls-auth syntax for OpenVPN 2.5+, --secret for older - Fix deprecated comp-lzo and cipher directives for OpenVPN 2.5+ - Fix iptables-save: remove invalid -f flag, use redirect instead - Fix IP forwarding persistence: use /etc/sysctl.d/99-openvpn.conf on all distros - Fix Raspbian: add apt-get update, add iptables persistence, fix sysctl - Fix NIC detection: replace deprecated 'route' command with 'ip route' - Fix MySQL/MariaDB setup: detect engine and use correct ALTER USER syntax (mysql_native_password for MySQL 8, SET PASSWORD for MariaDB) - Fix service name: use $DB_SERVICE variable (mysql vs mariadb) - Fix mkdir: use -p flags to avoid failure if directories exist - Fix EasyRSA download: use browser_download_url from API, glob for mv - Fix rmmod floppy: skip on ARM, make non-fatal on x86 - Remove slow dpkg-reconfigure initramfs-tools call - Remove risky apt-get upgrade from install flow - Remove double 'sudo' inside already-root script - Add sudoers entry for easyrsa so web UI cert management works - Add /var/log/openvpn/ with 644 status log for www-data readability - Add systemctl enable openvpn@server for persistence across reboots - Add a2enmod rewrite for Apache - Improve summary output with detected PHP version and DB engine info - Set ~/OpenVPN_Creds chmod 600 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace Amiga ASCII art containing non-ASCII UTF-8 chars (rendered as '?' in non-UTF-8 terminals and could corrupt wget | bash piping) with a clean ASCII-only banner - Add set -e so the script exits immediately on any failure - Fix 64-bit Raspberry Pi OS detection (/etc/os-release reports ID=debian; now also checked via /proc/cpuinfo BCM2/Raspberry Pi hardware marker) - Guard needrestart config edit: only run if the file actually exists (needrestart is Ubuntu 22+ only; the unconditional sed failed on Debian/RPi) - Remove apt-get upgrade: auto-upgrading all packages mid-install is risky and slow; package list update is sufficient - Fix DEBIAN_FRONTEND: prefix on the apt-get call itself so it passes through sudo correctly - Handle existing clone directory: git pull instead of erroring on re-run - Add explicit cd error check so subsequent commands don't run from wrong dir - Use $HOME/openvpn-admin (INSTALL_DIR variable) consistently instead of hardcoded path - Remove mc from the pre-install package list (no longer needed) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add color variables (NC, Red, Yellow, Green, Bold) - were missing entirely; the script used inline \033[1m but had no color definitions - Fix MySQL root auth: try socket auth first (default on MySQL 8 / MariaDB), only prompt for password if socket auth fails; eliminates the infinite loop on modern systems where root has no password by default - Fix DROP USER quoting: wrap user and host in single quotes, add IF EXISTS to handle partial installs gracefully (same for DROP DATABASE) - Fix iptables rules: hardcoded eth0 replaced with ip route NIC detection, matching how install.sh sets the rules up; each -D is || true so missing rules don't abort the script - Fix iptables persistence: save updated ruleset with iptables-save after removing our rules (preserves any other existing rules) - Fix IP forwarding cleanup: remove /etc/sysctl.d/99-openvpn.conf (new location used by install.sh) and also clean up old-style sysctl.conf entry for backwards compatibility - Add missing cleanup items: /etc/sudoers.d/openvpn-admin, /var/log/openvpn/, /etc/iptables/rules.v4, /etc/apache2/sites-available/openvpn.conf - Stop and disable openvpn@server service before removing files (was never done; removing files from a running service causes errors) - Fix rm commands: use -rf with individual files instead of brace expansion glob (dh*.pem inside braces is unreliable); all removals are now safe to run even if files are missing from a partial install - Fix PHP cleanup: revert date.timezone line to commented-out default, and keep old "added by openvpn-admin" removal for backwards compatibility - Fix PHP version detection: use php -r instead of fragile php -v | cut - Show clear summary of what will be deleted before the yes/no prompt - Add note that packages are not removed (intentional) - Use exit 1 on errors instead of bare exit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tches
- Add color variables (NC, Red, Yellow, Green) - were missing entirely
- Add pre-update backup to /root/openvpn-admin-backup-<timestamp>.tar.gz
so the installation can be restored if anything goes wrong
- Fix user/group detection: replace fragile ls -l with stat -c '%U'/'%G'
- Add config.php existence check before extraction to fail fast with a
clear error instead of silently using empty user/group in chown
- Add sudoers entry creation (/etc/sudoers.d/openvpn-admin) if missing
so existing installs upgrading to this version get web UI cert management
- Create /var/log/openvpn/ with 644 status log if missing (required for
the new live dashboard page to read the OpenVPN connection status)
- Patch server.conf for OpenVPN 2.5+ if not already done:
comp-lzo -> compress lz4-v2
cipher AES-256-CBC -> data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
status openvpn-status.log -> absolute path /var/log/openvpn/openvpn-status.log
log-append old path -> /var/log/openvpn/openvpn.log
Each patch is guarded so it only runs if the old value is present
- Restart openvpn@server only when server.conf was actually changed
- Guard OpenVPN script update: skip with warning if /etc/openvpn/scripts/
does not exist (partial/custom install)
- Add PHP availability check before migration.php call; print manual
command if php is not in PATH
- Add apache2 reload after PHP file update so changes take effect
- Use exit 1 instead of bare exit on error conditions
- Print summary with backup path and admin panel URL on completion
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
README: - Rewrite title and summary to reflect current feature set - Add feature table: dashboard, cert management, SMTP, roles, notifications - Update supported platforms table (Ubuntu 22/24, Debian 11/12, RPi OS 32/64-bit) - Add Admin Panel section documenting every page and its functionality - Document certificate management workflow and sudoers requirement - Document role-based access (super-admin vs read-only) - Document email notification setup and requirements - Update update.sh section to describe backup, migration, and auto-patching - Update uninstall.sh section to describe confirmation prompt and scope - Add How It Works architecture diagram - Update libraries table: Bootstrap 5, Bootstrap Icons, bootstrap-table 1.22, jQuery 3.7; remove Bootstrap Datepicker and X-editable (no longer used) - Remove Bower/npm references throughout - Add Reporting Issues section with required info checklist CHANGELOG: - Add v1.0.0 entry covering all changes made in this release Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ctions
functions.php line 88: str_contains($line, "\t") requires PHP 8.0+;
replaced with strpos($line, "\t") !== false (PHP 5+)
functions.php line 130: match($status){...} requires PHP 8.0+;
replaced with array lookup using isset() ternary (PHP 7.0+)
mailer.php lines 23-24: fn() => arrow function syntax requires PHP 7.4+;
replaced with regular closures using use(&$conn) (PHP 5.3+)
All PHP files now require PHP 7.2+ at minimum, covering:
Debian 10 (PHP 7.3), Debian 11 (PHP 7.4), Debian 12 (PHP 8.2),
Ubuntu 20.04 (PHP 7.4), Ubuntu 22.04 (PHP 8.1), Ubuntu 24.04 (PHP 8.3),
Raspberry Pi OS Bullseye (PHP 7.4), Bookworm (PHP 8.2)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The sed -i on /etc/needrestart/needrestart.conf was running without sudo. online-install.sh runs as a regular user so it cannot write to /etc/, causing: "sed: couldn't open temporary file /etc/needrestart/sedcXXXXX: Permission denied" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The previous approach (sed -i on /etc/needrestart/needrestart.conf) failed with "Permission denied" even with sudo because sed -i creates a temp file in the target directory, which can fail in certain pipe/sudo contexts. New approach: export NEEDRESTART_MODE=a before any apt-get calls. needrestart respects this environment variable and runs in automatic mode (no interactive prompts) without requiring any file to be written. - online-install.sh: remove needrestart config file edit; export NEEDRESTART_MODE=a and DEBIAN_FRONTEND=noninteractive at the top; use sudo -E for all apt-get and install.sh calls so the environment is preserved through sudo - install.sh: add export NEEDRESTART_MODE=a alongside DEBIAN_FRONTEND so it is suppressed when install.sh is run directly as well Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a machine has multiple PHP versions installed (e.g. php7.4 from a prior attempt and php8.4 from the current install), Apache may load an old PHP module that doesn't match the CLI PHP version, causing parse errors for version-specific syntax. install.sh: before enabling the target PHP module, iterate over all currently loaded PHP modules (via apache2ctl -M) and disable any that don't match the CLI PHP version. This prevents conflicts when upgrading from a previous installation. update.sh: after updating files, detect the Apache-loaded PHP module version and compare it to the CLI PHP version. If they differ, disable the old module and enable the correct one before restarting Apache. This automatically self-heals the mismatch on every update run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sidebar: add 'by Armin' GitHub link below the signed-in user block, styled as a subtle credit with hover highlight. Login page: add small 'by Armin - github.com/arvage/OpenVPN-Admin' link below the login card. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… runner ADD COLUMN IF NOT EXISTS is MariaDB-only syntax. MySQL raises error 1064 (syntax error) when it encounters it, breaking the migration on any MySQL-backed installation. sql/schema-10.sql: remove IF NOT EXISTS from all four ALTER TABLE ADD COLUMN statements. CREATE TABLE IF NOT EXISTS is kept (valid MySQL syntax). include/functions.php: add execMigrationSql() helper that splits a SQL file on semicolons and executes each statement individually, silently skipping MySQL error 1060 (Duplicate column name) and 1050 (Table already exists). This makes migrations idempotent and safe to re-run on both MySQL and MariaDB without IF NOT EXISTS support. migration.php: switch from bdd->exec($sql) to execMigrationSql() so the per-statement error handling applies to all future migrations. index.php: same change in the first-time web installer flow. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The previous check (SHOW TABLES LIKE 'admin') returned true as soon as the admin table was created by the SQL migration, even when no admin users existed yet. This caused the installation page to redirect to login immediately after a fresh migration run, with no way to create the first admin account. Now queries COUNT(*) FROM admin instead — returns false if the table is missing (exception caught) or empty, true only when at least one admin user exists. This correctly represents the real "installed" state. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove redundant redirect-gateway directive from all client templates; the server already pushes redirect-gateway def1 via server.conf. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace deprecated comp-lzo with compress lzo on server and all client templates. The old directive uses a different framing format in newer OpenVPN builds, causing "Bad LZO decompression header byte" mismatches. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The server was being migrated to compress lz4-v2 by install.sh/update.sh but client configs kept comp-lzo, causing "Bad LZO decompression header byte" errors. Change all templates to compress lz4-v2 and add client config patching to both install.sh and update.sh so server and clients always stay in sync. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
It would be nice to change the client.ovpn file name to "username".ovpn