From c83dabc86185e75cb5a0ee4ff5c969cc13911a33 Mon Sep 17 00:00:00 2001 From: blaize stewart Date: Mon, 10 Apr 2017 12:42:53 -0400 Subject: [PATCH] first commit --- download.sh | 12 ++ images/add-client.png | Bin 0 -> 8843 bytes images/download-revoke.png | Bin 0 -> 11764 bytes images/logon.png | Bin 0 -> 18703 bytes index.sh | 82 +++++++++++ license.txt | 21 +++ lighttpd.conf | 48 +++++++ openvpn-template.json | 234 ++++++++++++++++++++++++++++++ openvpn.sh | 281 +++++++++++++++++++++++++++++++++++++ readme.md | 101 +++++++++++++ 10 files changed, 779 insertions(+) create mode 100644 download.sh create mode 100644 images/add-client.png create mode 100644 images/download-revoke.png create mode 100644 images/logon.png create mode 100644 index.sh create mode 100644 license.txt create mode 100644 lighttpd.conf create mode 100644 openvpn-template.json create mode 100644 openvpn.sh create mode 100644 readme.md diff --git a/download.sh b/download.sh new file mode 100644 index 0000000..9ff1d3e --- /dev/null +++ b/download.sh @@ -0,0 +1,12 @@ +#!/bin/bash +#Downloads the config file for the client. + +eval `echo "${QUERY_STRING}"|tr '&' ';'` +client=$(echo $client | tr -d '\r') +echo "Content-type: text/plain" +echo "Content-Disposition: attachment; filename=\"$client.ovpn\"" +echo "" +while read c; do + echo $c +done Tvwo^KdIff zTl=c^{qd^yk9%)--*ayFIo*Bw`}%gc@)v1zR3cP3I5>1!83|Q5IKc1MbSnz{>%A;W zF!uEUa8{KTgR2}R*?-L-T6|Xg3K}Opd4i2O19~Yp{zS#7&kkCa^ z%SFxJ+{NA4$qdfH_?w*ztDTt(1ve`@D+d=hg02@F9OZ+o#AkI6gJbAOESIcr-;>hO zHBEmgiPVPVM;aLs2X;#2zf?VgGzg*n5jX>4m>KCwaM;v9Ln;BRGmnL%$^}UyDr#n6 z2R0^iM~-+PJ0K8XHWwGigN3-;8mr_7(qGX()z{DT%p@GUaVENvpMjP7T~!!@G;dtU zUX2TbhkrFX9tZ@$QDCFc!@)_w1CZdrG8EZxaF}lqap2&n0>JQaKx$0oS7F3|3M0O? z^y`PzoLBkByYR0V_;YKQyGuJ}_VfMV{@_2f)x2#wZg%sIwyc%kBeZ`qx1XqM`?KCz zn7|3|(4FZtY*7rT$VsAvUv?~lubD|2Q#fAbne*_)s;|nFa6qzMDMr+Jx|%I#%WB`n z59Yd&=I~{&j3Q79umYp?t%b?OF|t-82uwK&%Q8nhY3UE#(Eb=9JzBlvNJp1=D@XPn zOvYQoq{wqjjjvfVVlsI{OuJ^`+>o^HICYUm6FA@}r}yKO z{JMv6hI1V(y@((tmr6&gQdcvxt}Pe|EphgQ=oHN3hd5oM@hTgR)@`^Ge>pCrz=#Et z&23JqA=gyw({+C)n;O#sMhAWpdv!)_e=(n1c`(UU%n~uI%VpcnxCz&DkE%GoM`q7T z*qO6J|JyWsNzzO~O$mR+1jXgjf>{w)G-mzO17lbhLpFDmstKNl#p**rin=zDWLD>z z%9D=|yww}7XI3p9sc`=d59t9uwc11p<>g-Smdw9$YN^p~b=~a)(??_{u8Q{G9S{~H zmufFTn89kmnqO{-AqS&14A!EDpl$K|tqnU72}TbEc&q-LqQA*FQ^4@v@J;=0`U3qv zZY}UGaW?|uH1Ak_7~Y5R{Yguan4-^ANSA5%jA6fNvcLW;&UW;3(Tg5!QXz{3r>!({ z>F`LOwXonMl+EOYCzDf}GZ0&c_EoH6(Mte(7{P&rPn>{)XCr+Wjh?Y(1~?ZcBBcjk zI`X-=hZy<+-U~WkSYpgX(RZb#XNYy9x1nKDMh^3ESUGRJ4Sx#iDp19Jj9-@$K)tTc-C;en+eua+sd^$Q`!5@(H=hi(; zPcA?cTv?^pCtPy#kvf|D)=COBi(};~8mq+|-}Gxui5d)QZe90iTMb2wL50v)OO90w zBe2fx53g$c#ul~1-!wK<|Aw~IHF(tDNI&CPUpR{+OO5}Xqmi(ENIX4Qd1o}*vEf_J z!YG7CS^g6pTCvbO9`lQ3@E`L^{-3Y|9NqI^;)Z4^@fVt+lxPpCfu6AAYp2Uz_>$Za zjjCB0Bk3A%edr3MuELv7@vPB;6+)%DK>g=YBi-60cj9tH8{n8bnzh++@|4XS?Xn(+7@&PS)&gsU1`HrRqh26Ff-~S^vdKTN`WwBCu*` z0vTgs|3N(Y?1$E&0&8iuQ;gkfUk;?>K^w>L{WP8a$rON6dmz5p9c$JOlIhg;>j*5j zT7-Z=02&hGVht%fpf^Cc6$YtV?Oe)TW^&h3LW3DSM4U2Hrysgt#cc7 zr!vNqOJAL<&Lid9F~FOx>|>rW_=MuwpS^*nY>}tw5(+6+%JD>Ka+FN-tloxkPIy$} zHuqjf&74(I%l3bUv>bRQL)2<2PmxiIO_N%1G^J%{gGjZ6g7kmcYT0XA_o5&dtKN3U zE~K1l4z8*tC-x*R5Qpw@i(viiHh_4G6`sDUS^Xtge}quWS4NrLQeBRam;uK}AqFf7 zqq_mgnSe?&9|w(E=WU!3@&^08%2;w~dsyKJodH1|AL@GEsgNq(2v+y5l2tIR(Pc;c zWTmGZr5HV{XQV)AM=sIZ&4)#OO|0>g$_I0h_e?0m5Jh}LTSt0a3nc&gW_pV(kV zMS+O2bIr7NbRh7wE=h}TVfyD#$&tHPzFB-h1LqRrFB^NcEFy~)oh6Pa@4$aHxKwWF zee=~YN+Q&rQ42BAp;(VaVHr#h5N?F+EH$0X3?|^SyyIgpwaF+Hz7CvKnHnsm9r^a% zHpMh`QS6~V#vEmjyH(C>if1AJ$hg4{VCG?1g{!scovY%(EFzB(rp{({PQYxFe8E{* zCWT9&O#qc`&s|WQcA~e+LoXh*Dpc`7=1uxGQDBA6uoe$gx%jMI93x!sD8S;X)~Hn|$`eW}5TChdfr4zm4%7sg1I$R=hYBIG_mKXDVuP;u zXr@d2g{Ya|g?QYw=Oa=Cilv6@N@Bu?w#~muQ+KL92eoflqzow^bAB4!tBVlFwweoP zbr$dSaz128pTFjkb^lpO!0BtDbyyMP9~tg@Vb!*Ll-73HA@^Vd-gJgk|QeS+2n~=kJ9S71Td7+@k94rt>U`z*)o)XEkSST=|pXI zJ{nGi8LM{|8{~-+Xzra%jjw;LW*4GSeAg`yP}sRj&0TO_XKi%Keq@|t-poF1RxH2= zV#?{ecEZFm+zE-gnxYJ@WA;$5t8TLz=GRNP!ZX-qEGHN(gurtVrVUsO!|nRAST1PR z5=}EJmq}J&*9%!YqnUb~)79RFwpJ9CI)a=H1o z=fI(@!Qwh0-n964q^HFu$zp+Gar#J3XZ`$ApxjxHwEUvF95MS0)b?nL}}C~dh(|srnba@it+6>>CI(+}DhaIgzt2 zM4K!U$s@67oG!7Ea#KdB9yDk4$&SOGxD`<<0?5<+%K;`ehh1vu*kAq&Y(;%I)Hn z4&7j8bYPs_*O;S9O*0&Y*hw@NWao1;yMF%PtjKl2;}9l&DX#iB1YC_MiXj$bONVfI z4=8j}Gnyys%r!P{bh~@fw9P4FeB!mjw=nRVRC@cy2{!xxV4uxq;Wn;6_5m4Y=Zxdc z&^IPq9-3c`!co6xPT~P%1$Sjl(F{$mMrQrl@9m$kx*ugvTi9SUuKF6JbCT7KL~(Ew z)MkaZ98a+CTl&ixxO-uQalML3*_H?Wqk+ziLcipG_<~Wbj=bZYI5K0cmy=vxvWKOe zVq1RP%-vE%`PTW~((^FdHr$#J>pWdu*rgT3FwPez$oBq>-c`PkEU_E%+MjBl^wU4Q zL5T>N7(U+04td|d{@^yFVW+YYXuVffm{7vTj}tfjzE%!>Pfz3*t#yP?p3owL-FA@* z@axESm*QtLwI4YFG3eJjfHjOjhkew<1`PgJM>${t7`G`EbzcTh|qliMT zDBW3jg-V5#yC#CNS~S(r@_1&EXVY|tk71^}u_@Wo#4SHw+i_H!pz0yBS&hj<=_9QL z(!*)?h8o$O9~ZHkiJKQ6#aK#OXv=(zTbk}23YId)1FV>MpZqh~P3mPV1*tFSec12; z&n(Yk3@H|Tnu~Nq?cka91I}j|fnS~}0X!?pmztN@+b^sK(H#`93qOsyVvVO`9M3BE zIy;F};>DW%o|-qMpxW6f_f9QTYMn7cg3bsxN{0e;y4SE(3M2YKN_yxk^#iGtey?OBr#qwMhj&a@1>{(p%?R74sVvC!Ez%U_CD$cOGR-eN_b`4hT<8I6T zBQb{q&`I^P*@ibW{M2*+q2|i0671w~ZM|eCBsF<$?Zz9^3?jOSU61rfgAo^*OmL{~ zUl6lgXbQJv)mZDA5A7bY?hD4Z9dmh$KWO6Vg`LcM-Di^5p)KKK--Ui5vaShv^1o@4 zYs&K^>_noVW|jgf9hV__-f;+hcp$!n?EG>=XZuP-F0xhY+Voh(Y4~(dkhBC1(goI1 zFlma^$nh*5zVE9k7!r-bDE;l*?fiCZ2~*^)UjWQ;wks0 z=)$UT0eT45t*%z?K$w(2IyidA7IjFV7FLRL16kd^n{KGz5JMX_R-AR}M?0}>)A+Wl z<)#PkCB=_;>9_ex>VU))**70vncp1TYsoA5`$Gfj zMTR$fFftrC9q?c0ng1nH`rjw4g~%;0gg2>>K|9T~#WgozEPx|``ATU?-UMuEFDePj zijFurQU@K|l&fF)@f^4bu1r|5VSM7nf&Iuh>1CNNLjtsZwn&Da_kj4h&fA1sO}eD>pb;>quu$7ly0M)YHM!SowQMU=`QO!4;pC z2iRG-;&_!@cXmZ=IlKP-f&}n2JxW#xvGWA!B3<@2d;r0dv9*QDc=EO~lZ3_XoWGK! z?Io!GCk!_ahG&MP%L#)-pGOCu~B^9awg|1 zo|Rm_X;~&(65d2KCK)G=Dl;|86(!kGK5G@gK+lYi^|ISC3*E8@}44;FEf(g zQLM$Eb+~3^$f&?nenU0>p!frnHd z$IJrv{JXGiPBqSVh`FtWrm9M5U?Q|&xRiuIA+Y>MqQqs*qzKEGB$Vm`)O5kFGNuFq z$A(;9DRprgW1oY8_p$`R3|0LF@Uh-zroy@MgMeM( z%$^t(nNWiLZRUS_ed+GG)ui1 zq+NwL@NA~3$Mta-P?licx%{iyV5(bfZ3gXFx_UY=S&hpTZfBjG`^Mj? zLK9^I!5Gy0WXH+yn)-$d(a03(u11wDn37VX7E|cWpjqP~iIQaXp9Ur`8yL zsr)xvv)4SzQZzS^O39}$`5&cmLa!zT#L*5z&6*0R6B#R8)3Y(ZqDgxAu&F1NaDGgV z#+q@^iYc?`E5LP~t6%g>0H4flimXXb2YP91+U1DXG02%GhO@KSlndvTUw7)pPG*BN zYtCFbP`9~R^{KfvmSg7Xe&Afs&Oe0HkU8k2V}Lnh$q>4DIQ=dS8&AKCkOELUh`GFZg92FcXVJL$YQ z&?(&73fL`tYSE(_P{rB_XGXO$nQ!Q%C@Hy)z_VqX>#}1_D;8ZNt+@+4OvV`jsp^t{ zh_)axI>UpxKOmYg+PX$d zS012I-wH@mUL_@r+MV3FOn6FbN9bC`PBWv#k{AY~vv(m`z`thU zdTy{nB3lJ@$6^=CVImape^?O!NPNI^iVRVk5*lvNlbSnFAawVS4;UPnz8=S7v6*xG zn<8HCGIVpH+L4VO&K>3danJm}51#yIU%sq6(}Y`wV{5zJC=z|zS6YRK4ABsNTz=Af z#dmo9b3KM|dLOpbv+k#ho=<0iy(mMYNGN-@uQ;ue)TtETz+>It9^Evm>PW8&#S-H7 zy7#(mkg-7m5qAvX(j)5*mmYL%H&BpzGN`Z0T{?`VjhwlT6ZL5@EDTnZlbwuO>zjv3 zx#+t8QXO>lC7Cl}s0UJH|5;=}y!5w2zYzlx-uVeP;tYykPDTaEQmwJUuvKTFUbhnt z%cG&ec5b0HS0`HYapdlYsr&|!_jaqh(x!lwQMnnYZBNc&5Ga~?E&vGZs1^Tm_4s$} z<)$Ja3JU^78)f*^lPa5lBPPCQOfMw5@afGRbFOqq&cSOmx;6z=bZtw22-x}LPxG(V zP!`?a_K7|l*1zGD(sED6?M(JLjh6*!!MFkk_z~Ngnqa>sT{kXt;(#6_jbxBV`MI7k zJA!5LqGHBFjKl2}2L0$jDoZ>us;)fv2%E*FE`3M8Q=pp=S#~#zTWgpFhNqw?(qYDX z!GfC_Tl0QcGMw^Mymxi%AAO%?Ms;`ezDEgZO#p-NBeM{G8se|aL_Bq4OV_qS%q7!m zTH7VIVi?_%=gj!Xfw* zJemDY?etm5o~AN=RN1u|Gw_Q>EhSM9Zj@wjT{N&L($xzj(bzh{%v3Rsc$uQoJq*iD ze7JJGGIQNG8^pPN`eaq8Hz}C%#zLGjyWQsNOL)Djp#4Mlb8`FRwe;$^r_;qMx$QY6S?D`oCpCE)-$+Wok=|w`_3&UQJQ0{V+bmmNbZ*K3_xi6h)wU0p zY(iO29XtCPtT)+=pV^SMi}#YSGg|wT>F(UxgMi;w!C32!t5Sk@+Z|i`n#(BaKl>FPDRI1W+@&-lxp0mV^jmxE z`(4g4^9qUl`Ua}pz4lv3v@PyWxxrZphF}ALE$=Ezc7&>aGMEt!VYq1noF8>G)?`J< zd|HOf6z7tPXy2|HaTk}fJl0!J-JsL40?s%{waB~+&a(Htb%oNcT{ULmwHx@XS3pOJ zMII|Q=Gb`2vt^%K+lEvv(#r5igYmN zU80zR2ti5mnOWqu`S&FS%52e_3s6D_-C7M^yWjI)f3HlO%Ng=p#+UQfqP6M$mNF69 z^0h9B3-4!VjFWmWwj2Rt7OYEr?83Al`)PunrMp@O<@m}=@m$GOXg&RK==INL&3UW_ zP`(+F8RRFUAw@KDZv(0oO&i85vyq-?Q3Kxf7afU}p@Y8J^EQmcsR=(_PQC1`(`7w< zr<2%ZYB^AP34uOuH1D6f`^OtH-kzx0AGMs9oZgQKP?!Xn?TX0*K%L5WKBQz;>p#R; zERwWlV-w(aVy}3W^-WD<9(C06ht{#v+IL;AI?=HZE+$mYCfo&CsW_HO;Kp%BdYKE^6v0%-@!;pR1( z&i9G9Ib68=Ki_}ZbDFtJPj@YRCkcS^L>n(`zbY6eAlI27~pBsZ$mA^Al*sxYO^g0=hbBPqc zvkLwpE?IQ$#rdt2yqJksxcEH1@w}a+-Ct>gw60ghB!5{fkZ?mGm4_TfnkLtI&g%vQLwdDD= zwHKfJX4nhv#Sc2atNQ0XuJ@}Q5>7*~i!822e0WqcG%+BcL8QNA=kJ};znA}iz=eND z_Om}7?aM^{1jY-EaDY~pe=NXiD0`x7M6d4)Uonz(XvRSv`O}_~-M^5-|5Cm0mlnC$ z)J6DbtfI)SM?#@*a6<*G{BNoq-;vo?h^pS8+M!;!!c{`;{r;x^y~_}5@53me`!{s? sKh7fjXXxkudT`~2WGNiNdN!< literal 0 HcmV?d00001 diff --git a/images/download-revoke.png b/images/download-revoke.png new file mode 100644 index 0000000000000000000000000000000000000000..e9d131faa0c8a42e1febff6a2c562a3533ac58f2 GIT binary patch literal 11764 zcmc(FRa9JCvn~V;Az=q;91=7T8VLlKgy8Pdc;oKYSVEAHMuJOY!3hpca0@i<*0{Sj z?p*f%&wt02m-}$eJr7If9Ba+`M#-$ISrw+DB>fzZ0uK!h?YXRsgc=$e`t;-bGVYVd z`!gS%*N+c$S2byIw9-MU?Z*M8-6eWOQB8&|b9veW7wFSUb3}JD9t@;$i1x=i=tU(1W0%0nKD3K5BRw?x!7=txb9_ zUMb741!11h;T}9|sQpajrm}|MclcaEP5-r3g~_lriGq_;ZqMU7tF?7kCX(_QX4d4G z&f5r&+==dxz35l@rb6HIVyKld$1~?}sk_uf5}pI?HIJ>HpB_U?9- zNl)(c@z%b%Gk#?d6S}$S+U$FI^uzWJ+5)nF1U`-jCqqNq!2#i;p`Bp>vC%$Xe*s{i zeYpDoMMul@&qSc1sfZ1O(a;KLt+*aPC-~3&++$?Lcwb5SPRVxYH-Cgh5nocjb~C>c zCiKhd_ZIWO3AbT~a@U!!$;=*x(zQxcYxrr~AO?Pu+X=8B%_#__gKH%tc(-i!`}9fl zv554birKKP$$c_Uq{Z~Ry(TRven8wXrts<1p+q^_2HMrSj;at0nBz%8foDH8&XyA|?VJQV1sHpH|BW8T~Fjt?c~tpYSSHT|o^ zocmI;S7jb)^Uqp2ms3f0+SXVxnBKf<@W@vRy=r*6b6J{C?aY=Xrrm!5X@$WhFff^m z5cf8t@@Maf0xB}IfmwuNsM*Y{nG@4I8*2?T5U0LoZ`c#+&F z9}{X)A0HIW*F!yI;UK5E7VkXiwSKOWMsvlr^ap*JWXh2FZF1342iF7`DQj11w)Vuc zTj3*&72;ueXpk{COnv!PpyrDMJShcnL2(oziX^yr@GDN@Cxh5d?+l~ z>(<*SCu(}%dALvtDHbf)@xDN(Gy<;U8m5t}XvKB%sm4391_m%KHOzkmVdLyE%c8>~ zNrMKj6?gN`K!MRGT)At%v>YrE)Q=MDyXt6U7n6p=b;cTi>lA<4a{ZJ_5$9pQb^wLf zLDIk!9FsbNZ2)!PO0@=-S?R>fO8ec|4y{VV@S8Lyqwl7N)sSp&55K0kRvR9lK?U7* zO^v6H2Mmr1%wG-ToU^C5qc+pSgka*UvkqLc?#ig_q&z|APdXd- zE~AHVi9`og&nn){II7>hMg!J7l7Mr=24#!RAy#8pCKvbSXah!d$PT~l3W9<|eR9Qj zQ|GDX5gr+VYyZnln}j3#mnPU(>e*)ZF{6l`uOc|5Jo|Z2^yj2*5 zbGOc~CtA*^Zr{1n<6*F0?N44+(Zh)O8-yq#cR>vDKrLurwgl2VW0;mfrYcv<-u z*6!6SA)hqwNMjyB(>uDtANw=KTw%+pQZn30*aXxOUpsw!w7ts>-g}#;zJF#&3U!n0PPo_~A z7Gc!JpZINGS8Rtb;qr4F-u4wwCuuc@--Wwe0)S|X`+c$2OJ*wmg{5bYqA*I-+$Sq4V zz604a3n@>8dGL+{zelRocK|_J={(h7p;Dpdn|vK8c`!%aGdLfoL}7?^e+Ij)8fm`I z_qGH1oXWTx=Ul#cx;XD-MO6pqZI7Iwx30;`lK$}Q+}m+ zrPkyuu_9mX?DWUXdzx4Xo(FfkDxrAJNt6>JelZ!ApGb@;6i93*W_u~{nA6bf*>bfT zDfVGcJ6JnBkBe5@2#TS*!7d;a0CHn9%BdPYMF>{1e6NzB1@d6D$2aegeB%t@(<)@A zH{d|wV~B& z+ao`yHj|8Eys%sbxy|$IQkst}Y<}zjW@QE5*(Bx)3b{>IMNy5zlEbmpo@i!78N2F}ivt(v4p!dWxlXTMX6l4<(KU(Exz*;N}9PCBH1GAMnV7(oCdIY)?#xPOPO znt1{NN0P7VHy0!(5gg;3k^d794-uQ5oJ9d%m5Pl{P@Ww%h4)W&#j=@tcjDx#zWR6- z3gAHHe_&C~e*bZGSZGzW$^o>i3bGT_$15hciRxSnW}Q-B&pP>ya4P+^&rYW)wytp( z%a4Uh$G|zFPUmCLXK6P6gZFVal9wfJ5P=Vsga$ zA)`xU!G133^rC5mg5G$mnTvH#gnId9(4@6Uuf*&?aU`WFke3r25N)ub0#H=DR+f$4 z$=`-wa7Dj`lSPV!tQ@0o`LE!KP2qd51#l>BJyPTk=xdibNJP%}rAHq6}J10FYx zQE*xzSzC&#)`{@uR560^Z;DEMzQ5Yuq>v-lI#^s*h&oi6W+E-z`^ju8D4d6*n;P?H zbwt(VzS}X!pRK%*wCZQnliN@#;)KSydP+j-DNP8!k7;P}#b9?9uF-oNH9RV(@mI+9 zh@?9YGE;m!om(pbznC2RJyNhM4;X0@Ol@5Xh;Vxv%$-ekc3mgtLfS5M;BM}jJv(0< z84rZlUS?~(ER-%!ert0j!@^RTrZEW>BL2yhXvZ?!0V3ve6GHE1tp3d0Vb)oAFSP(Q zVbNIa=LLCic{;kvwqc+3ekA2tc*k0Re*)-@33=aMutBjoRf~ApI28F#J3ceP+qlcj zWj%|$GRuR?Bx~P6tE-0>WH%1-zSHFO{$DAk$m_oO#Sc9Vd_|{>(YWpOHd$+;)>oL= z6XZCD-I>gFcbf7$?NPsvUNS|vyqsYbZBq%+HD$FZw@8|7yqp|G8?ls5Dza&JeU~jC z8cSjMwMX;w4j(auvOyV6pESW$nFgrJT}EVlPOMk=L$CAAi6fp?V%WE<*zcC%y&9W<8Pw=M@V*!?Um(f3~d=~2(OG#!4DRi9FoT(mQ#G*AHHFJPGhqHWr z*FVc5|D@$NtPDpv>KFigQD|KHD=Wz#hdHQ}B26KmLZOuI-6yS$s6*kANU&B{*Kd#l zvF{h<`n=s{o#wA97D9!^q@HiYy|EKKpzld%E5+CNxao5OtoWCdD=GDa38Rhk;(HsD zFVcSQttQjWYt?J2M#A-q@n$3K*~y2p6)7Htdv`PfYsH)rXk1a# zu714Hmq?Qbn(E7U%1c10v`%)%zv5mkcEuZsc&1rNa~G|Gaey1;0i!;z@5b7jH{~8q zod)4U_0~HwEL@rPWmZB~74uuUHZT`FHzNR-we*IR`bSt9%e1H7{&>qNj2a)C+-jK= z5$`b23}tM1RhQlH2`1lJwfDY{a0Pd567^L4DU48Wv4>Lv_}jJLG+7`9;Odc5)C<%B z?0fg#&R_Sqzq?UL581PD+vz^wDb+MBMJ$tw7E~p0pBd378awju2u8E3^=`6S3$G_G zyR%$#Z_|6HL<#+tj_HoG_+T{-S&zJ?M{$Wx8w@vNSr5O6|yU0`{(lA=mO?zgoUm-($-#EoKK>{jGI!o zMB95?^fYE*PvfHCNi`#s(vi97;?F%tRM4ibh|1IS%mVzLOjlvc zJo}OSg6Xb4=@~~n3iu}}-zCV+PzB{`+1#|*)M3YBn`OBpquX_Rk6rTJl0S`H!=F5} z<{{++&CUm;@ytdHicPRFLYOObp}U=sII3Jimr-ti0&RoLZcJxTb<-y0Xs){+?>;{G zPb9ZJXXx|k1a0NjFfAU|S#qs2G8>f7H!5IrMb8KrtyLBs7y=-AOh9e0LHIzX$9!}g zA5I2RcuY?V$gQ~GNuL22D%`_hD=u^(cBVxpVi^1cg#Te+&KOkequS1@f8>wxm)DLE z$<5a*Kp77jT4ZlT4&wVs;zr16RD44a{!tVk* z&WOc^>_Rxdi+FK9wU&nr^Y&J&JLtE04b?>wtHxBou431W&IkuG3qRHx#oN@`X=4}J z&g((qH%mE=}R3La%3C(L&`Z{?x%u>Li|4X}r~FKpGrS-7Xh1tYBG3 zC7JknL~W1GOR&@FBl7DoXx6CFAQ4X3XpLO(rjf9EDrZ7)*Y{ftWhougErwE>FRCZH}y@muK2O>ONw;5p@57R{nh+#+~kUB4QsB} zg)TZ*;R6>FsN-4_2t{Rt;!k_HfwSv!{Q8a%Wb{EVBKX@k7*eZ(_}T z`M=Tg5V~x5muL=a3tBXho&BNUNfEJ3_?79)D#oIth@(+3PeF1ujujER$McW3@uUM}Us8C5oyd&m6RwxT9k2qxlVIt?qW>TxSFgd$-*#$z+9 zp%k$6PySAS;PgsAjVyaTb3Y9omx(Mt6~7%|D-Nr+KIc`tIU}A@!=x3N)I2vtCMzEY z5`^>|`i;IhXal{Rc;$S0HPZCDh%-%W>8v6plFenNk_=Iz z+0*kTTMZ zaCu?gMyc^u6-~(C`c5Txii9~&C9u41_}cyQj%9C1@ax3X z1iLtOd(iABxgD^UQ4uYvL9ig&e zUF9fvQ+44TS;!R`W)EF#G zBy{i*%{DZLA;NN9CCbLxQna&Vewn- z;7{iKvM;}jk0*a^z59L=c7cfh(b%`v@4!}Y6~_bWWw*8%J>ANg>WlFBRz=9AHA8eL zGcU)|bGilhTKz7Pu(tLKBy4>ma?W&0v4ZL1tqV-RP3SMl`^2I>Lv&xg{*9V0^e&>) z<0*#Tcac=H#8TJrSdtfyK#vr+iJSbsUUQDDnDeBCJ#mkY&Z4kh>Cpq@351$*$6f4f z*2M5QAFi9R_zoEy#gE>*@Y+e2umg)4t6A&AV|=sxWce7V%N!kEtVd{F%d%^xGDyC9 z*D;}HlUtT&vJS1D$`Zr+1t97}gkW`i9RRZh#rtoAzNP&FM0vdm^gkx)$bhEpaCnNw zO{tCM%C^`FTJDs1Yo42`V2`_8 zUZVC?^)1$tjqKf!61lg^RQWP;D)1@e1y-zWdEVmN5qOf0B40^o2zzk*n~(JXu%#5V zDQs%d&8t=bOdTw}LKaMp_1lcUQd)+os-0yihYRA7SbWE4aFW#iZsNO9=H5=E+ zCksn=1Y5@O6sj*Y`IV;}#k)}h^v01NOvjlXl}z)R>~`f?%C=ska27I2BIHtrkSjTz z;3@X40LTXxjDQ2U?J7h}tURD(lDC1f#Eai_ha@0H@emiC56Qsoe)%zhydF91Zca-T zW+_m=2A#i$9;b_)NYLe5kK7Z7F?og8n@)D>#|sShkmj&7RkfZbq#P49f%{wGk46{~ zsxY{gr1o~8R|O9OuGyVkJTk+sxtpNRcwG8#96tdyIh%IB09_wLI0IaP>F$WZd;L8V zTjtK&sC5gm-mY#^uJYVV)}D!!>|LrcGXzGQmHX|HisNFYD1LQPYKW5wv5Dup^eETv zRe3zWV+9xJoO9&!nJ)#9kd-SqwY`G8*GF^PxImVuF!njG4*O;OP>24-bbCimQ(@&P zNNom0;+LCkYnTI5Wyo&C^Csp?8FnkobLc_nK)#dJs{i(l$R3w7Qf%*)2T_qSKf(22 zm4HpGtanD95Bq%{Le>Ps{#Kg`z|F~4htkRwWQ^e>8_M1rfzY6>(t2BY zu|ofkYWvz!8jZ&WLwzggnUC_CL}n{5BG>8JGs#SWOt-=9M&{*e8QDvV*<=?p`yU~< zgc$gwsg=Q7Rc7;=U_4;+5?7xMn;rDU%>lpuEsH?r=n6EK=nAu^`a=c}2f#|5#7Tb%gVoHp^1XIFx7a zqZ{c*`yWQ$QPs2OUC4;l`4qnU%Ilf2uh?L8yO5R)tl(SrvK;o`!ADNpy8j(%SDex* zhnl9ad4A?!AyM3c@Md>oS*Uvor!~C&J@+*qw+q|f8E9AXSg=83{qHH~{O82Co2RzU zPFK_UgY)O>+@5009*v$}T}B4f7X%c8?<=xd16$K*JSaj-rxKn{9*l1vxaZqe(0`gn z5#Kj1mg|}752Ew4u7hrG=RM~k^5@8#OYLT-i?M~DGOpoN%^p`*hxi4<+13@iR5}UA zRRkblix_0ypoM-kjo}`)up<}xOSJ;fQU}tfb}#rs0emsJ&`Vv-R+NpLX*KeJF8d## z@E@}g)<69mqWbAK7%@vH%7z=THd_v12nv6DwTs4Ebjc?&ag&`&7fOCVu`J3Gmr)RY zM4Qa+*@;xjV$m%Xn6TwC6&SVU>T<`c_7K@mvf)C@q{BBQPRzKC%Rz)Mg?hfj@jlv; z2X}F)MFSiISxx|qz!#`8K}Dvn`R$$}l(RJovhxXwUK=^33*}2}aZg9QRiX>`=?5vW zmGS6yuQ)l6+TcGH^Ef>wSC9aV4blLU`;@7dg!-U4zvh~u7k-eVsTiENV4F~}*M%k_ zr_hte#@n4wUjq;x=~q(-*Aw{|(H;<0hD?ie`ep+>c&8f)cHYVq3y|NNYOGG7_PCf* z@)GHjm2(}hrNsV#~u(zO2Zhe&wepY9}XAEySWcKI=WR2iK=*Lq~HjjJ!^7 z$<-zrGN25s`=nxGl)gI^>+&OQbK;tKaIdO0f(yIXP{)SBFY`^6$BVfw$dgaUDfvjU#&(Lo`l1VwTQa z3;L{=WbnqRtqicRYamn#M4h|18S@cr?!8_US`K3b3A3J4D!io@q8DJBG{67jK~Gwr z4`_i>Zy_}z=WA7E9inF4eNhW1n`)O+8Qh+i@{0uX8VAx3ZF^YFZT!C1WgOqKl2;oa zjtF9tz4t>sRalI?FE^JhiV->6QE4}mLtrdAyk`R{If&al!*1}>yXxobp(mw$CUVr? z1CE0b9IYEUx7&ThQR_?#p^@e7^s<#KxOX}7#EZnf)aVd|lg7ZAHoCInvTfCVPG7NV z|1!Py$9B%}K!fkROf;YmN;}CNqgO;ik~#@?oT)HHCS=%DPzL@*Xv0#7Z|xYnHc0|J zW7_8r0E_IZiH6-`IJH+b8Tnq(4j$NQt29bA+p|rg4*Ta-?}vsU3XGBptHIAmX-Nrt zxgW;WSx9fDrMKo}%<2G(R~;*nK7)6!=qt^G^EgkT?&4CV>|q;AHd9;1&Q{Db7w6!; znv$;zdy38E3fC11p&+)z?hZa_XkXuYW0QxGXFZO_7agegx;nE1Ifq9mL&UsptvoHq zx%P>3Mlg>VaMBF%x}>^f<4v=0@C*#$v3A3N=3wO!Mr!199<3a^FrT2MoW8MFGkT-e zczT)K;2?6+(RXTjv{xsT5iw`OUQG^cz8%+{VOb#*Zaa#8Mw@Tj`ssnb+9?~ZlKcet zf`A%d=k(RB5WSf`kExiOt35oxn4nGqqTLDQOSbJ7F^}19{>yw20MZAQ;tG1EBInO2 z*(#>W1f1o8N3XEllT^y8w3QXgvHFyCLdvjfkx-y4IP?uL2lt74gF77B!oTb4O61K7wEd)1OYNg2(YusB#-8> z051{@j*rC|kE{9hr7Hru9Sau?@srr)YsN9hBv?e{`R3V*k{>pFyR(V<-rle!QTAVN zBgpiuoMr3o=NxtJJD$<+H3G$dC(fWCEyLPXz)|4MFNwU>ay^i6y4H>PrRXf;1k zD(&7OqqAm5jfU5C zZVoM=;8ZNWS0g@eiuip${;*ku^dW+AWjavc-lf8-o3$9RWy!Ib%;6*|VB{pJP^niA zAmmj__SQDlvVnE(lS;SAU6I|)`4b#xt1Lg`_tWp5Hj`Hb14t8ZCL4!3_y}!uq3zE; zZH+$@2M+3H<>MCcS3RWCaN;Sdxft%hz?3%7=RM4&1W|EDfbGgrK)R zk4gqWFAkbh@sKXM4A1YPJjGV2k7a4EOKRraH~K$qvI~1S9L0+%3k>21_(v0l`~Luh z86%YDq7pt)v0I<))fg^!@xn4rJTvJxFJ>-i!ID3yLfyIEXs8@5r1^2m2-u@v@DPNY zeBOV)kmNy-qO^e!K8vRAp}mu~b9qN_#|xW?=e?@?YBdrZP^}D_YbK2N__5A}Cz<*f z>Db@p51SdSuhcg%_|c4ooLcWVPs3{AyhJjIqFE6axtjJm$((S~p%OnZWW^EK*=^4#VdBT=8%`fYJ0@9QE$!?|T_gM2J$ zAeT6QFqBIaEhIx}>MzMj<&N9oEH|rf%iULO z^9g=3g+(33yQYKX@pwAqyIn->qV;jLozH$753%_RPha|4jJ*MfovKszem}DR&|W8E z(2G2XmHK0|b2942)s)8q0 z&SxK>AJ>CGzWY4rz|w?^IKWNORqdh!f9Vv{t#^w_O(*k=loeM2)w^G1{%1wn%0wEp zssbul=Ab=6Er~H_j0)}YbdL@$Da(4mP1N&6`igxX%Em^iD!wGPg8p@{N;4efg3TXR zOd$55Kz9KRWa}sL-)k`WSG1&_!xZiw3ynlKguMIG`dB|MMkU&?K$sC3i*g zicf&7!0q})M*_ggxjL!y&D>A>*e&Z+Q^M6ru0kX6B|*3M!^AW+6f`XW9Oy^nFe()A zwfA*)iULz8)9vxDWpTijWq=gqw$SljZEx)Ok7OQ#)aWl5OY;p@imcIP>C~wB*~@qg zP2*yOlI4z414Gw$*T!^@NL{F`!$sjzo46)eYDtMc>Z}$%Wva;c{LkNP{-G*zx%9Oe z{lRyrrNW_kwa`dd3Va(D8u0pj=W-i^wz@b<^ho^?eW8#Q(>yBf-$cqI0A;~GDJW$U z;JLv$X2j_9qn^7VV&tOD6O>tpsnV$q)#Ar9E~dW-vn2FbRkWliW6w9meWEP3Q1Xnr zx{R=JT)XzoZviP-bI5OTblo~-i{R;zvvt`g2#cGwP}SHq2#s}f!^t$13J^H!!hV}K zB^QfVr)_Oz&D^!q*TZ$RVRx^K4(G1I7Vi`*R~B#QmFKQn)AXU*%dZcUaU5=j9T)9% z`5w+g9ekErZuR8cx?-1Kiwv*WOe;a39=y&=U4;Y2P?Jv07OWd(OmSLUnyo9nF`3uU z*H`t0`8EeXBt*wMiI-2>Bbl^HevGbsE}hRwI#!pgPlDISGIE%S&>q)zy)$NM4{Aqw zy)!DgJ9AN}t`4oZtqLFWN4aziPKuBO{UgD8FVxBda5dgB7OmxBFrfc_;Hn3Ce`&Gn z>F{vQ_}h7Vw&sE6Y1!GxO@O#w+3o6ni|PDr*9C`>31#2SL)>Yt!9XyaNX1&GY3FvHjUt)F;4nG8C+jJ$>IPg_lOoW2zwMVhJRE}6pG`<> zywGTS0a6HZVM{gDh1Q+3N_ZYypPl91dAtSKsG%hC)G?vxeP(<>r7)|4CSAKwucCA&TYLf!Nrh3Q zbl#U;Rbala`S(zb9kze5r@@-*WhZOWBY(JJi{ps%P?m1h_O3%bI^p>=M4Q9v=S&8# zds!E95RBYni)32SX3s}&tBqX3TuqDM}+FaHVd3%(s&ycNA*uXLlmCa3mW zIXT_j%)pHe5%ydREg@LEpn4E{_!P*foIm(4t1GVpFb`I6E7&@p4}3S~f=R#NfSNdI zdkN4~4u4=6>{G2V4s#*PokEsa^|khLOoEGOwV66#173brHn4?38sKA1ij{eMMH_m# z5CF+=AG3Uz<>;{Jen#XHAMoIKzdfNH(2sdh6~J-s+I(>ZlL-vC-6;xC{&TZ@^G3Bl zYI-$oC|}L;3qZT?B|Hf?%~bZz%WKjh>QBCD>cmuZd#kY3-2PeYFlLx*)ig5XyQ!Dk zr|MTZcxZYCnrrMqA-L#$=6>t=Rn!K~>J zx<~@!67xG!E_QnGY`JW93w*dT5|bemzPFS+jZg+nW(Z%ZJAYWSNb}RTv-x@bt@jHn z=lIG*t-ba7JGV&2GooX=LwB6)5v$?pK6Ys>+UfnSkE>6n@Nj!;N5}`XedDngx9imN zIVRIzF7MR*UP~&QI>z<+OEew&s}E3o7MeX$jXE&#c&u;^k=Yb3s8-jlvQ=kj*1qS9zmJIHo zalR(c$C}C|A3ep$@e1*MaRx+gQ}H^aOeJ4b+T?x8W8L)kcS#XV)s1#mA^v+CL8~gP z4!62*38b#M5l;H^VGG4bUxM;s6ndlwF<|iYvx?HERPGgaCDh_AcY@w!Cpdd~F1Kg1fP#^7_kvU$H%lO+7mi6bUZzx9LTxb840^z_lE zB6y_G`@j6N@lZr{abz$Rh-SHD;$PVIwaB}{C~OXxjNSt{{MZJc^rKBfBfrn*p#S5^o>;e+2i_FGiWLTL!vi( xUcyX{r#v6T70zA)2!5gcck~lG@WLJl!mj9X2*Pz#9*@D$WF?g(O2v%>{|EPY`7Zzf literal 0 HcmV?d00001 diff --git a/images/logon.png b/images/logon.png new file mode 100644 index 0000000000000000000000000000000000000000..0475069334667c3549bcc51bc93fd93813e487fc GIT binary patch literal 18703 zcmdpdbx>U0wl4A8cTu&cXy}J;4TSi+}#^@hsI?(-|xMu zsrP2y%+%EUGf)lHw-1-S&pl_Kwbx!dC2#v9@{NJvN+avmX0mQ^Z9g z7bzVVb$fFccOxe=BnKlakP9ow%;h~dD?2L(7xxQ2FcOlipPb|;4G-Yq5~>akAeYSn z=5@8~30oApYil@e^|C0m0M{Swg1qXWpg(TE@IN^=ENQ=eOMvVC?j5d_l%&+h&(TWJ zN|KjkpDvZAe+JM}QofZH7ssx>%P4s%EB;ZRJ^KmP)APBAu}C?ik(zxGb9%*06J2(m--PB($@;5ch3<&MTEk`0hNTbpzv9;aZ(&SM^isKfZ()jLfZd%&f1bBFwh%YUzSXihS64J-gU+HDV z#UEH%K_HOU)^4%%fH5Z($l98bnfYL6=QI8@q|R9vclWp)4x)ibGZ$fFe6*L(&%oG+ z=*SXuaedE_Rs>@B>GIZtf{>+(8OJqC$EuSDHWL#QW1qSC`H4Z|?~#$da!^&tRcmmV z<-FDu)UP992@@bymXiyiLb$Tx8N*z#9nFN7BOhGqHqyJ6n@bgrxDNbktbdZpj}VW zE@ak^o2Ti8_=hLF)VuU?eYk$;iRk!|-)$w<;)mBV`T)x6MS|uG*oo8FKUc{Xl9Sh8 zIOA%+(Jda|Sf3~)1ghq95b>$hV3e-MIy!>xc@S>3)(Hv;sjI7VadFXNqXP0JlI2(H z>+4al$m0_eBV!{>@lZ9)@X?5t!(=Zp9~*r7D+!fd`?2Y;%&T&f%NnaJLwV{91`N3N zum)9;I`twqfC>s>MMXtvX?j{(i5iTWxYaskD=RDK+ao>Q-I1JvS|i4kSIdv?ye~id z8-7QR+Z{VTVK$FuE)1)V?BFsRt+kr?>)hydo_@M8kZzTZmL!%m*q+i6B4{Y`fwIcL)mA{DHs_Nf{Kbtgl-J=>r!jl zW$&ui$xcsx|HQ>^z#)&%^;}EM?>*vCznk z7fTjK#6nFkY#)Y&n3lNGAk4!`pYUIFE`;Y(ge)Nzy}SFBL@;Iyf4lqf@`|=+s9o)N zEcD{wPy8BD&t(=W?>K5t*5p3=9mt#z0@MPZFx~8Vw?OqWFOz>tt0l&@UXH}h?czpzJf=%hJ8(}W(Ni0OLj zZ&JI89nT2$IvoG}8d0W`jp4ioh30r#Hlv%b#5jYNX==n75|s zfLvTlmaZ+5#mvM^DbadK#D`uyfe_}mHS!Ws6?c=J9r}P1Yq@4Xfm}}eFMkHA^_c=s z0P$em8wfsA7%;%Rt+IGNX7pG`3)z2*kl23FYg(*kt4=cIhXL_c;{l0!kxNDOMu962 zO$&v$;jzOSQ|Y^vsZ?|Tvn>;CI6dSe?jhWV#)Vh>-rO-r<6iftLeMY5;D{!g`lUKidDBBv_Asdad+;_saI2c z1Ge6VOFFKSoN_8&5`a%uCfiIT=hR_FxoOt`=6w*DaHrAx<{eg4O&Yq2@b+gbor_3k z{HPg`r_`E&BigtQUn`v9m3L(NZq5c;8?>d+EM|w^BN6VB~`Juz*h1>oRu?%?obq~ezO@m?kQ{cC6sC8y7oMHA`)lBOZ z2Zr|YqQ3TmE5uqk;5hlf#S#sei8)jFHX-XWX#bt|cp+g9gS&@FX^!XsEVC@jqSf{a zI_hoB^U$<>UkdTNc~J3tyo<6RBt)+hZ;LRM)ypE;lfSh4!fyX<_h_Qw9Fn0B*m_&` zr9nbZi%{M9dD>-!?(vB=?NWL*3Q!{tPyG$+vlRFXb-@=k8(94)QQ)dMqvQBr7~G?P zR#}#ojqh8+S^i-iI(Yg;9|)`BK5(kit2>5I=FB!D7jDsFDoE^NbGz-D#0B`V~rdV(rkmvGBy`IABEwua}V=O znXc`j#5QePm-|!wuvmgi=sK(yyd>r(0<}m-2?%vkW`!p^|N>aBYUsQemDuA_q{ObRT&qz zzBP_2^%$@cT*vvWlxpw7e0{EPfo#eCda>Q{@p`$A4lQx+dVEOBlu2OEVB0&Av`L-< zKJ1FjwN)-4#2-^3t$-ialn}FBKbU+R|A}_TGDEVikon?(?v}99W9g#FdoLQE8dw-K z5Kkc^EoRr>hUM#))9|=Np-m=qyg`zgd2^ylsqm4^egnWY0Zqed^zgXTcbx68n~Ocp zz}eeX@INxKS)W7Wn{V-4Y(4bZy*?eH8wgJ-J;webp0a|70m6|^OB@#KLp{HJo01K@ zXB-a+6huOikw1sD6- zh#+Q=%IK1wD_4-EX)m1w0@QwA{5M#(Rc&Y@inn^rEYj+=o9e|pFx7&Zqpk4$c%S%j zRIhPzC!HHU+JgM|^!BW}p)6mWkE}*XQUajs?hW}I&hRW(b(`hs7q8GBFXkdYVjpu0 z5IMj^P0wP!Ib$}(wCrIo*HyY>^Ti55@}{pO}n z$l^YrbyKY{KauR&HSduMu`iJHoILgcaa_*^>QBl?g2!Z>hhy@{gO+`_R370OVm|z? zdy`ROsgFa8WNyzKJ?k#C1M}Qtb9oHQ8}A*mqi#3HBU5R%r(mrP`1W^)J+Sm4G7q%E z%az7GoAb^$-<+@}3mmT|3soZ8m?SmU%i!juKg=;Ns}v_w-Mu=hZdsqv#iM3GH!{&2 zbZ&;~k<7mK(jIQA7V+(1h$^3!rGfLAfgGB!I)@$QL(@Noix2JOc=gZCD=Oiz$HOGQ z2k{$jf}F~$n>)YzYp%Q%#%8xPM6}0S%J;VO6YHzZ_E!+iSXU8)aI{J>(vA<$H--rn z?amchtGt91w-hil365^xGmz9^bi?j9AAY3U)5R`s@WVMQU+K<7}uwuhO_0e z=N6=J_KQoj$CIc!)|fsytl#$OOQ%cjHA9u#47_A@af}{3So+MOGyJludXA&N64=tA zEl+2gi7hXDlqo8A?R^n39v&~m$DVuxuZ@D;eHENdOneTb4ihyv)XpK4nApe&4^Z%$ zaz|y)5jMmZYkc~+uVSlc`)BD#c4xMB3Uu-XE}xtCbz0WbQQkMN$VEqW*qz_;y-(yB zNvp-uB(>S;yb1;g6Zb9Slnb9J5Oz0am^61M4N=dy&+z51GPqH*`<1gym4MAb)H+vw zb4@bi9pkk5Hs!0P?~Ga8>bNVfThe01Qsd^Tb%zi1i&EE~W_f*^@WnnyuX;+*SkNWH31hz!}ryoz~qQn6_cn9XXAOOsn3pW^!N z;>GFT2{;ZF^RZklTs%a&MSBJ^nNRS~Qd}S?<-OvZ|Mgt)WhnFT&=9-RQS|& z%2^(-*!@Y@M3IV@mlqQwBhUz69X4+;FA8Tvb03Rp#B``%Xc&_P`c`-5>BuUvmlBHJl(Gx+Px5_ch>7WLI!xz% z_$nXI6w(xBvdBB4>$wIp!pkct&zONS`#AJj|130umuL>iw%fvQl3H>}5}2%FFGG9d z(u%8oIz<|9{M{tL%@!d@aXI@UXsE%N8RAP(7q_!|J$wbnghVv7>~jh8`Q_Sn)+jG< zHOGqr_t}aT#^biFdmp9BUp>^L)vN2OJx8291uTD^2zq2lJX4eYbL1{ zZfNC;hhh(}%l0Ty3_A>K`TF`vGxmW~$-&2&4^@3qo7;}Ax@QV);+%D z)p~_|Pc%HM_tk(!wxljRGK zg#(;b&#Ca#H(Q^4Qj40o&A-DDd!4YT?_iYWd>`5bZjjDwQOptb(VW7M^5H$ z4vV;W1+NPdqp`5z1pvpGcaKJsxNmmD*Lv4o))&{#Y>4;Hk72ErZEg#1yxmc7=3WjN z?>!5ZKogz8hEBdO;n;6Z_!T_K=W! z)w*8~$nu77-j~<6`#(*a{LzS2@Dd^tct>z)4-_6*nHcHFhEHw-k) z0xvGFs%yx>8Rl)&nl{$_`!#IsV|?sOmd=;mZJdc~a{k)UPz~*Bc`6m=tipytmMjr@ zdiVg%l2RZ?MGGJE=)~RGzI_ttr{gI`cn^B3FCIdvh9oV($Xd+1N=BwIttr&XEXR*4l*j#qlKxvq~e>8epvq2oYb1=mlY zPbS+xKhW{zHU?|zrNu5cDz;0GPYf4-2B^q-c@DV>+@NQk;jlr}XMdHk4)-Z4D=Vq^X{i0O+{abTDQu$s z^w5K&!4!W5cjM9CGAlISh@W(l>N3m)dYSurij=06<;~9xf1qSj9Oz}KFt2xaE9R4L zTei^B;~g~*HK%6KjWm1P<^$Q1$9Bp`z0s)hh*!>Sh=1LrG!?i}_8~H8N~i47{39>n zO)aFsEx;}IanGEiUlyYeVzrBPK2Sm;@cmn9U~N21x*|rggh>{D!1}8f1&#fk;wW@WWzq!7t0(vk#%R@ou{UvXFew?p}iYIJ^^ zM;d)y!@Mtv9Q-UH72OBDr3HEJUAIL3TRF`+sVJFTo;CRqc=B6hq_{3H{ylx9n`Z;>eZTl^J}V(f0_SP z^RaV(g>q(PV{&6-GT3v|R*jZ{rG49|={y|fUyI`IGeQBgI#kbf%XmEp_smK9Zmg!J zj$=aAN)~lg6_O2;q{)C2iR#+^Bo-;C@ddWrG$cz-|a8n!-+z9PKM9 zx3MXcClvgI03;t^J}}@A!NkH<*nDVLMJkb(wk7&Nvvr)mGNw@JIMDj-%&5Me!*jq#=EcVMHV)jwL+pSnwZ-&*oXa4l>8&?$HpYTaif2^0Q#VO^D* z;Dnv`i9p*Py_7ts^&3!wI49=eK4?;i0Dh>(!#c^q6Dz8eR*%yCr%4Ym8b>05BVvss z$oZ~PbRa6dUm&OuABFW5azK-sp3Sf%x=*r(0oQaJdJE@{AWGjKZ*!vnCXv$`j~>;m zL8CaN{VD0G9$0V!9BLN?e}$kZc3i_#f$E-++;8TTr<16Fie)^tXD#2Y={T2d0$Q`23?+E zvkXmIns$`c@ILl$Wp&*3p*tz)rJu-sUKTa6rtwLA+_z7QdP!@#CB|s#IGb?V&U;tP zkP`pL>(|UM1Dy*ZhU`9*nb8%zffmxy|3PUX16Xs1`8tnXFLJvmYs`e(vFTQzOBKAJ z$taJ)dEsxY#u;ZU-b#k4d!Raaho0lMaj`p!N_xO(=Ni}98`1p5ZJbSzflGk*HnAqp zm`X0MP6@rd0ZD-Q@G!?szMgNmNhc?gmJTvk#^x4Q6T zvQR|fWTkV#7b?GXsMDj6Wp#OGKOhvli!|OpnPZQL+jhV zAeY`MuSpCOQ2<2jKHI)v5x0h@h5UfcvE&rur%Fn z_+3Oo^{cUR?}r5#j|oze!z~xxSnplB2P-kQi0wr1RM|eKbbY48sbGM0Xkkh)5pMkai>3%FD&G!3lnh$eC{_(dfQ5cRs z)B6mz%^7-_tM0+urOu?@4NlZj{?N=(E0csEgSqB|1AqMXfYhDUcrgco_H^s#Q^_3W zr(9R#!uS23H3UCS)8n7adx|p%m@99Ju(hPn^9cT!kC|rP!m8BkWsEqjpFd3LDPY>* z8gIkHk=rXTU>a+Dl|D`4nHaY-F;8yowauf>=ZSar=VFT-Me)MznkjKltxdU7pIA%C znEpdBwY-`fTh;)b`)eX8c8Xhr#V@4#1^oT~evjUUmMj8foTx4Qi*^l2*bL z;8-2Dk)Mk5*b9OBA2Pyag0Tc5TM+))e4dHwd9QS=gWhDg)3mil*x+A?vX(6F zruqH&QH0eu=Clv>irSksqd`dQAdPq2;aw%`5X|uyw7oJ3CWnjWE}KFzD*-z#h11q- z6qap_5z-~^l{PdBJr<7H9hnZO)+;!;V+EBk)!~&)ZZu!EZjbIx2>c%P4NqmeXC?}L zv#*-uJ|dpG{epc|%(u4ZMD?)K;gIS0$RVc*!BM4ui0^s#efHrdtzBKgg3jnq}XK6Cri&SskvPJKC)A8 zh?P$hOi0T5xvBbRN>ixV{?szJKDT#&p&jc3X-+!&_nI+ zWvU$#xZIJl1pw*;M~`E%=K9%es!{*Vj*({F+eTpP(INn#rcIHbK&M~qYiBm^85@}K#p=^ z3D#$HCL;EERP6eM<@5PA`k#s3KlaVHqzq?02Kkzr3%oW+3oS|g5mbiz{)tnA@Frn| zsq@bTwbJ6V5-(qwcG0w@@(+dWSgk&5r6T@a=;DLra%lY3=i(m9FSNNQ9f&GQBBDC%Ng*ZkLT{ zt+idKJJ8C^*8W`{c_qeiuz{wB25PG0JJGmQa`y=;@;7FdE1t<%&`9#`0!?@S)CCv3 zflrr^{n#^}czvh}13uVdutZFw%3}lJJ{|tfQIgXR*Wz+2&YwErEG|;S7^M0%u0i@s z?0zTU0#@V^|1QB0P~bpfj?JfTi~L1Vo{>G@30W_i+H|5JDgZq-SEp6V&1SR^ii*Wa zz|bo!;f6HBcGm@S?U(BERM|9(1K!1+leJDkuw7d77^N;muq8tT+jzht5Fb3GHo{@h zB<~Zmx43kCZPsNTUo+aS5$qLZQl$pumvzAmN7MKk}s1k zhObXa`ta-xhADw=jSk&jnL^WHqu0o$Mq;DkJXE%I-O`po=243lrxq9LNx@%v-$23* zCn+*qo>9&4?Q)wCeZsDgWc)%9*nF(#PE**_QqF$6c1tVso3WW@@~TbBUB65lbY6Kx zF8mi$)^1}m!PJIMlFqEhMXoAxEb3_Qw+>d&ye_@8UrRGmNKoGe>QAqSHxidHh=V-i zgAa+rYUUQ(m){XXmeKaEzA6qfwr;l`wG5F9OrplV*0l*!QVozOpy)%p*sh~h|fNWK)4#w1h5eS^QN+~>v3OZ8t}}d=zqx%b^;v% zO}Gy>2AcOKyd#-)+*4fgYST1bw&PF715G=ySzO&uh*J1$6A8)awLk1qs#@3qlr`vf zE#cFV9%$?`mQlBtdloj9R{0f$eCqFydryIP7-i2(0ydCKez-1uv6j@%AM5-jl~P>y z{%jFE(KRVR&jwL!ZuZ#?HOi1|Sc@N{*h=wa7`8a?N{dW{QAC)8)gG%V92aobWiT^T zvOXlj!wa_Vlw%y(iRibbNi*6k2gnyjkvU(+g*9!4Xfw~)w^i_)`gV0?J8KDz(8mg? zufHL>`S{2Gim+{yKRF!0OwEzv?O8Kc_KJkXTcMd7A2KX*I}=rAV4qo|Yh-O%J9Znd zqR61lyvdgoAOJD|arTT_M%=81eM5DqT7ihaN=7G?c}tV>KQ(aWlV zAV%y5F=y?q*?Sy*>4s4g_^bEph;vfm)eIa7vXG`G=Y4+SF0Ux%g-@$epGR9m2N?GF zFewiYO@*7CA3F=7VOu^|Z8yKrC>fNzA+0L2m;4Vw=g(@62}US47wj?~*88eLkR$Wb zV99PiSEKqgQm4ffnkIHfWZOO@1Zl&3%jV8oZqGe)j8$~|%}gxwqc!o|jUKQ~9t6(u z%Q%D_Sl?It5Il(?hIl8$cH1cd|A5nvtQu_EPM;lCm6NJt-3T87_Z<1cVdjK z)MZUGF}19o+S;JC=*bBlK#`Lws}4X*EOd_8VwpE~-U=z+J}S#{miecqA~D zcZ=HIUR(!nh;}~)9dSStE0+U?j8kqqGS&3r6`)IYJg-txnr`437fE`5lK?^Avj_{` z(h7DVE|Hq-+;0*?ldS}|^p@Iv9w3?G0c_bh07Ie#btz;@F zd~GlUUP_g}!0D)N2LhepD@NR>l9P2s!kF#x+~rMbO z_^6vJ>>#C%Yg5akMm9ByTxTV}CpEbD`v84UN=h?=^w#Kkf^Y92Q#rF2AvYoW1+xzT zXl^a7W#sB(qgT3?{&|SBQKP$-z)m}e82mz-VwT8Ja`@rYNMd*FWd%9a@&2K8MSe?tap>55 znKwlGg(ktKTFBQ4_Iul6)mA;l1q#5FPGVBQ&b!UP@_!I{04A;7uC+NXF1OpbjCe%~ zzOBLKbcJPU*v#4Z>E$wvK!T02U@j`MFeKk9xvBn$WZGdvt_K( zvcD_Fy8IHWYI=Hd%K14O`qERy&LZ&xOwFoG;S1GAd==~7wXs%DfbhKuLo3Imm~|IT zo@m(fz2#PfA~4zeue9iYA`bk&C0PH*lEeQ8ca`{q$a?*e;>d!#RDlz5DAj~P(F))C zOk*XHlk=~=eeLYZseaHAm~x;~CW#{yY-g>{6~$>HW1zijatIw{9D;-f+|zx;?=lT$ zmd5WuMTk%4D8pi)_Rmc@6y17_O;6JhYQXztOA^_-h;(avCd_Agx-qg=5oGFKq=IojkT8I&hVSy} z*df;%)K03ljeA)CdRH?9;wj zUkOQrs+fJRkG14mh)~!X=Bwj(<7!b7fSe#|$MMb!AQT2eYtNO|kxiRW=A+Gc$yXo_ ztPq8>#TKXCHP_(QYLb@uv*Y{46r}z}DZUP|=1TC9Gfy zq!A3j{gy>lV_E`*tK-$1bx$;{+4P8#w`wG^2qn`bN${ZJzjNm*^0dOz);n|M+tfJX zk%v{2$)4FZ>Ggc?1-i{f=+OM6Sgh}2-tcRN0DA^|Bg2#C8iO=PpNZ&L{RgftYKbYa z*tW1uN==lDZEf#a(#t~0sxjFhi>lU^HagntVgK-82-a_JQY^iBNiNysey`N(?@{G7 zPMAMNWEGT}ogZea17YI;W=rK3>+@klZPGW2eM3JmT&fI&MlQZSr07-6?T&q`kSXWQ zP_(0ltEFY!go9u46pFT;Ugfyf*cEiC!-X2!H?S9@7~BN zJV*&V-5h#oxfv|Hhv<-;=@Rp*|3ESA^HfYua%w`>f5S*X&2Li@tjR{h4JdD+{~o5hLpJ6>FlUAMdP)2nGs_eNhb0HhL&-g=~!NXG!=? zFYZ6AYAm+2`wSG|CVqTe$5JtE-3ti2WJ0dF-hp)po@SR{^{E470P*XEQCsQC*@^k- zu?|;D&LgI1+%?yOdr?{~Vh4L(XA&LR3=4OI$m=8t*J@b6m(|xwBgVca;7$RbuxMSY zjxrUhHFr0K{QKLD7UeLqT#{?-6n#1)JQ>e}wBz(8W#b8>DKUIQb%-=(4^5ukaGad%7A{{gyk7!`rL6hrLJQw1!vytSgyO2;(w>}Xlc|OGKwj{X3 zn<>$@BE!(IR?#vyLoc`XLRjpdoqJRmOm0CCiKw3gl}d`5c7GoZBcvqyf)g(X^syJBoIJwQZo;&p+X-JTl|g;h`AtkuZcoqV`xc0axM`nbkb7=04gS;BR|bc-7sPZyAPX z(ZNw~0K(X51Pz!prN~p030JNhoc0;)Fc;DGFYM<+`&{26?SHzRMg35b4{x>d^M3e( zkEJQk;;A=u!BVhIT3kS)Wm*%XOOstsj5dU*?z}lR0D{~^l9pH!`-O<)p3y_%z2_&Q z-R?Hhm#$EF5AB$mH|w>$@UikMZ?UThyHTn=&Md0JwUZ8P#Cqt0Ak5ioP26XU?>+qtqXQ*Rg+X))Om~c{Zd`Fh< zMN=KrMIaAOMSEUhPed8Edr@FRq>mjjn#(aUXpCSI|CrUSHkDOSY(Ce@d|IwU+l}}B zZDH!UP&Vs8Td5>o&VXK}*J^FqP6$93^k>ezM@Sqtr}7P|xH&}MsgBX^Cds{Gfx5FT z*oxw+F&!kG2w>b;-6$G$lqG569+~qzxoFYzSi1nPmdv9_OZ2HM%UR^*7#D0-5QYEJi29@j&GVD6FxJpY5i#ivGWjn;SWe##wd=e;cok^c=wMkguA5z z?rSS+1cywv&zjJ-*_P{JtJMR$)S>a-REMBmEa&BpG1IYosGi-he%sNCZ6q@?qBPs_ z3}G|^>2Cx#lXE>~zFb*6R^&YvbrqqhDvS#cEx6x`W$!5;P(sLi%Q?inIoNX|*%Gc$ z0Z|hohi>J3z>obi{{rXj~tGY!079OEg=)ArEIU6Tx!7M~o`NxWk}H&T6-7cm540c}jE@ZXQJ;ni}< zLwEx5;CA|MUIwT|S3MMWcg=vIz>BPxfHll^Nmnb&nxbkT&}L|bmpBY*1O;*Qn{rq+ zYK#y4s}QfOG&0C$QtKMJ!vJW~SnR4`LX_B*{wbB8;X)q}_>{b+nO(@Ak*&mf<8{8N z@chJZ*`!CJ-PhWr9*~+LebS{{od*8K2ZTp$215y+DG(xnlxFz!*0eRaUAs-qTCPdl zSxzr(gYA^`RcHQpW?!!AYrA0Ppgv4MII}O#`!J(w34H1>*h_@o?;sk1Quv-#6VeGG z&hu-fum9z+CR{>vFH{V z*oP6OP8!KILWEzL7yp~E>VGioqZj^_ll9qghJw91t6C62-%UiqZl-$)O~0AA!WdK8 zn~x->rwh?gY;x+Uh5oO+J)<5I?O{1LcG#Q!sKM5UJ~Mw2*k;veCiMGOH7>=1N2F5> zXRB;?`G-(`r<(f^r<75(i#MguN09;dyrxyjn#5qU^+{^cK1pN6;)eBS`%9v<2K`ew z=u`6~TF8%^fA59Z@Rg!Mzvtju92@Wie{ltE6 z>#8Zu{LDSO)Yih2sIVpPWba*TpbbMAS7P1YxAG=*FlvZV82*F4t{nqa$^U(MJGiq@ zWT!gy#xJEGb<20DXb>!-YBvlhFPW0r9z?xtZxj=WK1c=D7k6?aN9&p5%tk$^KO>`L^i!Tth^! zz!j`kgq?19so!|NA^@E7Lpy8JJ$yb75_l+3si2Kpj`wdRXP>RNzSpEsEQDCe>XTQ) zyr91DhMs)U%1JIo=4-vMBg18D&+G6065cp%F^Rd_+IXF^(NKFMe1#@W4q)&_WP!u0 z!$BF<<<&kbqSKg$kp;a<$DvjEn~1s9ZC%nVldSWfKY zo@J~k9~}eo!?uA@fwX}9aKkLH-2lo{@_PKI#6JhsD12pznhe^Fl0c3H?~wpSd~~X! zb+gYeqpT+9=j!7y*i`fZ=+4k@!JFm-CD)TGWle#o$jXkc0)2;0wVC%x9koJ)`B*t# zeL?_mzCK`is2G7b!+So2w0bZ#m2eA9o=f{CP3O{!Yng$wWh7Olj24xmyp){Er7C|i zevNq_2CHXIeABe4N?vcnJZ$b<@J|isD6#j}?D>{NM;J-Cf2nM8kYP=_t6-iC9sT|* z;r8MzSTebTGK?x;Yo2XC?#Fe;l1SNF3pu{@jC{a@$dDA4zT)&k=B#oe4Vk9nCz&L} z;mvCK<7RsUBZ{R?`Y8nHQ})EZX>1?wkk9R1`&Vr&I=0g+K^nMFe`9QnW+-m2bK1Fi z?bKZNw>iRD6M&Ot%UiMvxYwY=cjG?)^Wf9Abb#NkXfuZO;6vprr0_mT?q#c%G8<1j z8Sw9BB1A=mwZ1j=^S=TGWMtR?5M{A@niAX`4BF7IfawXHawo%j8W)xpcF6Df;aliq)<`b9_&Kw+IyK5q} zAexYQ{2mOTb#HY?k6i09^}v6j$okKwOc+tkFErc0*XBEwG|gw&EgO0LADDWL=l!<< zWbhlvDv&_=fSs=fKD4ctr|GMpIo%drT4X!a0CJKmPU`(%ko94+1v%u2u*R*hc)M&1 zy6>zzWXc-|LoXnlcF%ro1)PI8hsUE*!8O^FD>`I9LO4bx3m@WQ-o8YBBjPqxN zzWnp10%3v4-GG~0!dp26u8|jw;v!!<{|RduulWAvJ+6CFC3h*larir9H_!Z@idPj);&A3f*D2b&xe@aD>LLMHk1Iws z;qu?v;R{31_y10Us=aHVns)VvyqlBmH4_>BQMwy@q0mCOyNqcw9jtl!pMi^ZN4$2D z?*O=4?cAqmZH|*uc{qY!&}%GFq&^1&Tg^*FUHRuj_pyqk#%E2`CbO|+8D8>cz&wlk zh_RZA(k)zMV8(EmQYiXF@9cYITA9WmL6~Rw#gFrz?@YKOhT-V{B&%3B4Kw0Z5ee0soxchy#WL z&M$7`N~w^oPyYTN)@X1*aj2KE#JHAsVxjjoK-k<9=q7CqHvc5`LhpS+VVKuHyj$p; zIh{)WwYai8aQMRq%Y%Fh=jh8bJwn=AkevsI^nXn&qmMYP0in; zoBUrYtAD!v526Dt4h^v{5uk$Ne-l*vm&0hnw7u>>t`YtN0uX@UBLcY4w`BquBTxOa z`X1G19wj}MRLK7yus(?P)&Fnq`msZY8DwKat!=NMfOhjxPbpJAIyRPb5TlyYg4;c7 zU=qNLyhDG56xT=djyguR_qYK=!20{hHq#NzLflR9 z<0Oq)cP4bFqRM@SFh(#2dQwk)h1BHIXSO&qBXd;SfP+fFIj?!yTRdv;XST&A96<&4 zV=ZlPCdwD|>m43S{4Rh%Hp&L+4$=CQYyuku=7?) z`Lv^Jf39|Zl3v=HnZShUL*%}vu-RN`VJY*`p>a|-n4&@7UeI~CHIU@8`K2izoN*=s ztAtM?-LRSo(RsVRSTkcdR0Y3#(xEnsSMO z`Ye?fs2+LMQ=GSxBxT0L$6vn}P%^zhtu*ez3Wf=O3j zPozAWA&irp)FK5R>@z$)wlA+rMphqadOZLZ7gUq*y^YUL)B5TTzqk9UP2n`RvigZ_Q*vMarS?w1?`OEL`Q} z-oz0@Iz7$;?jIys_iS%wc6 zhK2W)PY)_jw*#<8*R9ZpPi7+3iqCdjq`nRKxBF?Mk+$leB2r!5;?(EI^CxT2(5YIJ$R}`=~Gj%=Mvq#Z! zKXfdn3a5v|%xCPQ_iVQ+46z z`_MBo#3};~z9WBn>|%JjU$&t8rP+UI_-B83t)lzlBVShr)_m^=4}ORa&5C0)cvB^- zSE%IJYhkEXWj8zO{-Oj++i>_Gx;LxWi@2s0p%gM;JH)FKi)^d9x{EX75x%80{Wy5M zF-aRFz~a_8GfVArR%%-E#qi|IG>JeB>(d(**@$aVK`hh&<#Nj>aEWt#>`0 zFGQIONfxS?`kpsbVnXZtGDQ=d@|N*4P~HWkcr)iJ@~ZHDCYVch z_=DlebD$r-1x&ERV<-b`r>eNz1-@a~JpDvKYUggN4=-On*qyw?aor$jP=-;!9s^P* z-_{KLW=-48khMB4_FeJ&ed0ldpa{W3IN}Iq&g6WR?eYF*5KwF1e!GF-xD>@p5YYx_ z{@RqIgJH&N+py?YfZC3E^N0hmE-QJ2f5epCR3v^%h_!jVD!@)s|j z9ba)>#aT0yggBKxL6}P5YI8Qnb zzs2Mj1O#XsvVTnZGb1ODcGHJJ52KESh@K7%pSIU|KvDe0a_$Pl0P|8vBjBFCq>xDPsi!&o48A}qxa?#9c*-LUa3PFze|Y@i{91KE!9}d;R$IVJoaB8G7N?wim{>SBGd?R+-egT{$?KBFXsf zoCcPCe-+ZKM?p|flvKxg{(QJR)1BA*+6}Y-_umb{Xv5vYqfB*{X>!Z<2nV{&1xhD zN{lcXZc(MrnsC9LM03+Z-k{s@$8sy(6K(qFXNwbGgC>o&U;3U=o$au=L|i%VWyP>^ zFiMoZ4SrlPUai(20|E1TaMjr2O}DuWtBm$*n%v70Mf(@%{~1N0nW_19(p25qU9tTg1aEvr5GSY zukbKPDIq}C{q=@vT(hDg^l7DL{kB8`#M&ifV0&l3*7o-XrW{jlw^{D@ zADd-vBpzz8HaS##F+cSCtK(vk7tK>m^}VRfDgAF-xJ`ZQWmo1_e~-Jfw(b!C*PW`& zwz*r@E#&@rX3qiU|3Ch&U*@w=P5<8CGa0vE&gSf2d6TrX$K(lvt}bo5K)na3ZwxVV4^TzFm)KmTaoK0Bf3 zk&%%=n?P;mtH1+hA~rNo zlNcBhBvM_})R!+=vSj)4=TDx5gobjmFikpoDo6HUMx@WN8@9H#JZ#NJJ|1r8_f$$x zNtpm#7I&6`VS$%mzlwS%FpAv!<)%)bK3Om~KK}lT_&b8iX@-t*K5fVD-o3ka?b?(L zzD_&Wty?F?z~JUqG-*j{ZLRI(lTQjP_U_%A5@Y>~h1D=hY_j;|!mU1PlRZ?FCU)>_ zK4~BcRPBB#NJFISDDdbUId1{s#i@pls}vR|Pdd@{+}J~pnc;x(!~-gtf6lCb!)B}8 zE$R`=!0=(u6iF+#zopr05jYe A#sB~S literal 0 HcmV?d00001 diff --git a/index.sh b/index.sh new file mode 100644 index 0000000..e73eb1c --- /dev/null +++ b/index.sh @@ -0,0 +1,82 @@ +#!/bin/bash + +#The admin interface for OpenVPN + +echo "Content-type: text/html" +echo "" +echo " + + + +Simple OpenVPN Server + +" + +echo "

Simple OpenVPN Server

" + +eval `echo "${QUERY_STRING}"|tr '&' ';'` + +IP=$(wget -4qO- "http://whatismyip.akamai.com/") + +newclient () { + # Generates the custom client.ovpn + cp /etc/openvpn/client-common.txt /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn + cat /etc/openvpn/easy-rsa/pki/ca.crt >> /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn + cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn + cat /etc/openvpn/easy-rsa/pki/private/$1.key >> /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn + cat /etc/openvpn/ta.key >> /etc/openvpn/clients/$1.ovpn + echo "" >> /etc/openvpn/clients/$1.ovpn +} + +cd /etc/openvpn/easy-rsa/ + +case $option in + "add") #Add a client + ./easyrsa build-client-full $client nopass + # Generates the custom client.ovpn + newclient "$client" + echo "

Certificate for client $client added.

" + ;; + "revoke") #Revoke a client + echo "" + ./easyrsa --batch revoke $client + ./easyrsa gen-crl + echo "" + rm -rf pki/reqs/$client.req + rm -rf pki/private/$client.key + rm -rf pki/issued/$client.crt + rm -rf /etc/openvpn/crl.pem + cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem + # CRL is read with each client connection, when OpenVPN is dropped to nobody + echo "

Certificate for client $client revoked.

" + ;; +esac + +NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V") +if [[ "$NUMBEROFCLIENTS" = '0' ]]; then + echo "

You have no existing clients.

" +else + while read c; do + if [[ $(echo $c | grep -c "^V") = '1' ]]; then + clientName=$(echo $c | cut -d '=' -f 2) + echo "

Revoke Download $clientName

" + fi + done + +New Client: + +" + +echo "" +exit 0 diff --git a/license.txt b/license.txt new file mode 100644 index 0000000..7d89a3f --- /dev/null +++ b/license.txt @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 Nyr, blaize + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/lighttpd.conf b/lighttpd.conf new file mode 100644 index 0000000..66d0cee --- /dev/null +++ b/lighttpd.conf @@ -0,0 +1,48 @@ +server.modules = ( + "mod_access", + "mod_alias", + "mod_compress", + "mod_redirect", + "mod_cgi", + "mod_auth" +) + +cgi.assign = ( ".sh" => "/bin/bash" ) + +server.document-root = "/var/www/html" +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/var/run/lighttpd.pid" +server.username = "www-data" +server.groupname = "www-data" +server.port = 443 + +ssl.engine = "enable" +ssl.pemfile = "/etc/lighttpd/ssl/server.pem" + + +index-file.names = ("index.sh", "index.php", "index.html", "index.lighttpd.html" ) +url.access-deny = ( "~", ".inc" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +compress.cache-dir = "/var/cache/lighttpd/compress/" +compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) + +# default listening port for IPv6 falls back to the IPv4 port +## Use ipv6 if available +#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port +include_shell "/usr/share/lighttpd/create-mime.assign.pl" +include_shell "/usr/share/lighttpd/include-conf-enabled.pl" + +auth.debug = 2 +auth.backend = "plain" +auth.backend.plain.userfile = "/etc/lighttpd/.lighttpdpassword" + +auth.require = ( "/" => + ( + "method" => "basic", + "realm" => "Password protected area", + "require" => "user=admin" + ) +) + diff --git a/openvpn-template.json b/openvpn-template.json new file mode 100644 index 0000000..787572d --- /dev/null +++ b/openvpn-template.json @@ -0,0 +1,234 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "adminUsername": { + "type": "string", + "metadata": { + "description": "Username for the Virtual Machine." + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Password for the Virtual Machine." + } + }, + "dnsNameForPublicIP": { + "type": "string", + "metadata": { + "description": "Unique DNS Name for the Public IP used to access the Virtual Machine." + } + } + }, + "variables": { + "storageAccountName": "[concat(uniquestring(resourceGroup().id),'storage')]", + "imagePublisher": "Canonical", + "imageOffer": "UbuntuServer", + "OSDiskName": "openvpn-vhd", + "imageSKU": "16.04.0-LTS", + "nicName": "openvpnNic", + "addressPrefix": "10.0.0.0/16", + "subnetName": "openvpnSubnet", + "subnetPrefix": "10.0.0.0/24", + "storageAccountType": "Standard_LRS", + "publicIPAddressName": "openvpnPublicIP", + "publicIPAddressType": "Dynamic", + "vmStorageAccountContainerName": "vhds", + "vmName": "openvpnVM", + "vmSize": "Basic_A0", + "virtualNetworkName": "openvpnVNET", + "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]", + "subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]", + "apiVersion": "2015-06-15" + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('storageAccountName')]", + "apiVersion": "[variables('apiVersion')]", + "location": "[resourceGroup().location]", + "properties": { + "accountType": "[variables('storageAccountType')]" + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('publicIPAddressName')]", + "location": "[resourceGroup().location]", + "properties": { + "publicIPAllocationMethod": "[variables('publicIPAddressType')]", + "dnsSettings": { + "domainNameLabel": "[parameters('dnsNameForPublicIP')]" + } + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "location": "[resourceGroup().location]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetPrefix')]" + } + } + ] + } + }, + { + "apiVersion": "[variables('apiVersion')]", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('nicName')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[concat('Microsoft.Network/networkSecurityGroups/', 'openvpn-nsg')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]" + }, + "subnet": { + "id": "[variables('subnetRef')]" + } + } + } + ] + } + }, + { + "name": "['openvpn-nsg']", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2016-09-01", + "location": "[resourceGroup().location]", + "properties": { + "securityRules": [ + { + "name": "default-allow-ssh", + "properties": { + "priority": 1000, + "sourceAddressPrefix": "*", + "protocol": "TCP", + "destinationPortRange": "22", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + }, + { + "name": "default-allow-openvpn", + "properties": { + "priority": 1100, + "sourceAddressPrefix": "*", + "protocol": "UDP", + "destinationPortRange": "1194", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + }, + { + "name": "default-allow-https", + "properties": { + "priority": 1200, + "sourceAddressPrefix": "*", + "protocol": "UDP", + "destinationPortRange": "443", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "[concat(variables('vmName'),'/', 'openvpn-setup')]", + "apiVersion": "['2015-06-15']", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]" + ], + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": "[split('https://raw.githubusercontent.com/theonemule/simple-openvpn-server/master/openvpn.sh', ' ')]", + "commandToExecute": "[concat('bash openvpn.sh --host=', parameters('dnsNameForPublicIP'), '.', resourceGroup().location, '.cloudapp.azure.com --adminpassword=', parameters('adminPassword'))]" + } + } + }, + { + "apiVersion": "2016-04-30-preview", + "type": "Microsoft.Compute/virtualMachines", + "name": "[variables('vmName')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]", + "[concat('Microsoft.Network/networkInterfaces/', variables('nicName'))]" + ], + "properties": { + "hardwareProfile": { + "vmSize": "[variables('vmSize')]" + }, + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[variables('imageSKU')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": "true", + "storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), variables('apiVersion')).primaryEndpoints.blob)]" + } + } + } + } + ], + "outputs": { + "httpSite": { + "type": "string", + "value": "[concat('Browse to: ', parameters('dnsNameForPublicIP'), '.', resourceGroup().location, '.cloudapp.azure.com and logon with u:admin p:', parameters('adminPassword'))]" + } + } +} \ No newline at end of file diff --git a/openvpn.sh b/openvpn.sh new file mode 100644 index 0000000..35102e4 --- /dev/null +++ b/openvpn.sh @@ -0,0 +1,281 @@ +#!/bin/bash + + +ADMINPASSWORD="password" +DNS1="8.8.8.8" +DNS2="8.8.4.4" +PROTOCOL=udp +PORT=1194 +HOST=$(wget -4qO- "http://whatismyip.akamai.com/") + + +for i in "$@" +do + case $i in + --adminpassword=*) + ADMINPASSWORD="${i#*=}" + ;; + --dns1=*) + DNS1="${i#*=}" + ;; + --dns2=*) + DNS2="${i#*=}" + ;; + --vpnport=*) + PORT="${i#*=}" + ;; + --protocol=*) + PROTOCOL="${i#*=}" + ;; + --host=*) + HOST="${i#*=}" + ;; + *) + ;; + esac +done + + +# Detect Debian users running the script with "sh" instead of bash +if readlink /proc/$$/exe | grep -qs "dash"; then + echo "This script needs to be run with bash, not sh" + exit 1 +fi + +if [[ "$EUID" -ne 0 ]]; then + echo "Sorry, you need to run this as root" + exit 2 +fi + +if [[ ! -e /dev/net/tun ]]; then + echo "The TUN device is not available. You need to enable TUN before running this script." + exit 3 +fi + +if grep -qs "CentOS release 5" "/etc/redhat-release"; then + echo "CentOS 5 is too old and not supported" + exit 4 +fi + +if [[ -e /etc/debian_version ]]; then + OS=debian + GROUPNAME=nogroup + RCLOCAL='/etc/rc.local' +elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then + OS=centos + GROUPNAME=nobody + RCLOCAL='/etc/rc.d/rc.local' +else + echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS" + exit 5 +fi + +# Try to get our IP from the system and fallback to the Internet. + +IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) +if [[ "$IP" = "" ]]; then + IP=$(wget -4qO- "http://whatismyip.akamai.com/") +fi + + + +if [[ "$OS" = 'debian' ]]; then + apt-get update + apt-get install openvpn iptables openssl ca-certificates lighttpd -y +else + # Else, the distro is CentOS + yum install epel-release -y + yum install openvpn iptables openssl wget ca-certificates lighttpd -y +fi + +# An old version of easy-rsa was available by default in some openvpn packages +if [[ -d /etc/openvpn/easy-rsa/ ]]; then + rm -rf /etc/openvpn/easy-rsa/ +fi +# Get easy-rsa + +wget -O ~/EasyRSA-3.0.1.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz" +tar xzf ~/EasyRSA-3.0.1.tgz -C ~/ +mv ~/EasyRSA-3.0.1/ /etc/openvpn/ +mv /etc/openvpn/EasyRSA-3.0.1/ /etc/openvpn/easy-rsa/ +chown -R root:root /etc/openvpn/easy-rsa/ +rm -rf ~/EasyRSA-3.0.1.tgz +cd /etc/openvpn/easy-rsa/ + +# Create the PKI, set up the CA, the DH params and the server + client certificates +./easyrsa init-pki +./easyrsa --batch build-ca nopass +./easyrsa gen-dh +./easyrsa build-server-full server nopass + +# ./easyrsa build-client-full $CLIENT nopass +./easyrsa gen-crl + +# Move the stuff we need +cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn + +# CRL is read with each client connection, when OpenVPN is dropped to nobody +chown nobody:$GROUPNAME /etc/openvpn/crl.pem + +# Generate key for tls-auth +openvpn --genkey --secret /etc/openvpn/ta.key + +# Generate server.conf +echo "port $PORT +proto $PROTOCOL +dev tun +sndbuf 0 +rcvbuf 0 +ca ca.crt +cert server.crt +key server.key +dh dh.pem +tls-auth ta.key 0 +topology subnet +server 10.8.0.0 255.255.255.0 +ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf +echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf + +# DNS +echo "push \"dhcp-option DNS $DNS1\"" >> /etc/openvpn/server.conf +echo "push \"dhcp-option DNS $DNS2\"" >> /etc/openvpn/server.conf +echo "keepalive 10 120 +cipher AES-256-CBC +comp-lzo +user nobody +group $GROUPNAME +persist-key +persist-tun +status openvpn-status.log +verb 3 +crl-verify crl.pem" >> /etc/openvpn/server.conf + +# Enable net.ipv4.ip_forward for the system +sed -i '/\/c\net.ipv4.ip_forward=1' /etc/sysctl.conf +if ! grep -q "\" /etc/sysctl.conf; then + echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf +fi + +# Avoid an unneeded reboot +echo 1 > /proc/sys/net/ipv4/ip_forward +if pgrep firewalld; then + # Using both permanent and not permanent rules to avoid a firewalld + # reload. + # We don't use --add-service=openvpn because that would only work with + # the default port and protocol. + firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL + firewall-cmd --zone=trusted --add-source=10.8.0.0/24 + firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL + firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24 + # Set NAT for the VPN subnet + firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 -j SNAT --to $IP + firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 -j SNAT --to $IP +else + # Needed to use rc.local with some systemd distros + if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then + echo '#!/bin/sh -e +exit 0' > $RCLOCAL + fi + chmod +x $RCLOCAL + # Set NAT for the VPN subnet + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP + sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL + if iptables -L -n | grep -qE '^(REJECT|DROP)'; then + # If iptables has at least one REJECT rule, we asume this is needed. + # Not the best approach but I can't think of other and this shouldn't + # cause problems. + iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT + iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT + iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + sed -i "1 a\iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT" $RCLOCAL + sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL + sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL + fi +fi +# If SELinux is enabled and a custom port or TCP was selected, we need this +if hash sestatus 2>/dev/null; then + if sestatus | grep "Current mode" | grep -qs "enforcing"; then + if [[ "$PORT" != '1194' || "$PROTOCOL" = 'tcp' ]]; then + # semanage isn't available in CentOS 6 by default + if ! hash semanage 2>/dev/null; then + yum install policycoreutils-python -y + fi + semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT + fi + fi +fi + +# And finally, restart OpenVPN +if [[ "$OS" = 'debian' ]]; then + # Little hack to check for systemd + if pgrep systemd-journal; then + systemctl restart openvpn@server.service + else + /etc/init.d/openvpn restart + fi +else + if pgrep systemd-journal; then + systemctl restart openvpn@server.service + systemctl enable openvpn@server.service + else + service openvpn restart + chkconfig openvpn on + fi +fi + +# Try to detect a NATed connection and ask about it to potential LowEndSpirit users + + +# client-common.txt is created so we have a template to add further users later +echo "client +dev tun +proto $PROTOCOL +sndbuf 0 +rcvbuf 0 +remote $HOST $PORT +resolv-retry infinite +nobind +persist-key +persist-tun +remote-cert-tls server +cipher AES-256-CBC +comp-lzo +setenv opt block-outside-dns +key-direction 1 +verb 3" > /etc/openvpn/client-common.txt + +# Generates the custom client.ovpn +mkdir /etc/openvpn/clients/ + +#Setup the web server to use an self signed cert +mkdir /etc/openvpn/clients/ + +#Set permissions for easy-rsa and open vpn to be modified by the web user. +chown -R www-data:www-data /etc/openvpn/easy-rsa +chown -R www-data:www-data /etc/openvpn/clients/ +chmod -R 755 /etc/openvpn/ +chmod -R 777 /etc/openvpn/crl.pem +chmod g+s /etc/openvpn/clients/ +chmod g+s /etc/openvpn/easy-rsa/ + +#Generate a self-signed certificate for the web server +mkdir /etc/lighttpd/ssl/ +openssl req -new -x509 -keyout /etc/lighttpd/ssl/server.pem -out /etc/lighttpd/ssl/server.pem -days 9999 -nodes -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" +chmod 744 /etc/lighttpd/ssl/server.pem + + +#Configure the web server with the lighttpd.conf from GitHub +mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.old +wget -O /etc/lighttpd/lighttpd.conf https://raw.githubusercontent.com/theonemule/simple-openvpn-server/master/lighttpd.conf + +#install the webserver scripts +rm /var/www/html/* +wget -O /var/www/html/index.sh https://raw.githubusercontent.com/theonemule/simple-openvpn-server/master/index.sh +wget -O /var/www/html/download.sh https://raw.githubusercontent.com/theonemule/simple-openvpn-server/master/download.sh +chown -R www-data:www-data /var/www/html/ + +#set the password file for the WWW logon +echo "admin:$ADMINPASSWORD" >> /etc/lighttpd/.lighttpdpassword + +#restart the web server +service lighttpd restart \ No newline at end of file diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..44f4e9b --- /dev/null +++ b/readme.md @@ -0,0 +1,101 @@ +Simple OpenVPN Server +==== + +OpenVPN is a one of the most popular VPN platforms for a lot of good reasons. It's free, open source, and there are clients for just about every platform imaginable. For these reasons, OpenVPN is the choice for organizations and individuals alike. + +There are dedicated appliances for OpenVPN that work well for enterprises, but for smaller organizations and individuals, these are overkill. This little project grew out of a desire to create a simple, web based UI for managing OpenVPN while as well as creating a fully automated installer of the the software on a rather lower-powered Linux host, such as an entry level VM on Azure, a Virtual Private Server (VPS) or even a container. + +A special thanks goes out to the folks behind [openvpn-install](https://github.com/Nyr/openvpn-install) for their wonderful project, which serves as an interactive installer on the command line. Much of the heavy lifting for the installer is in the script there. This project isn't technically a fork, but it does use a substantial amount of the inner workings of the script. + +The scripts assumes that there is NOT an instance of OpenVPN already installed on the machine and that port 443 is not in use by another web server for HTTPS. Likewise, this script was built for Redhat 6+ and current Debian/Ubuntu distros. + + +## Installing OpenVPN + +Optionally, you can do a completely automated deployment to Azure and skip past the installation to **Managing Clients**. + + + +Otherwise, use the installer: + +1. Pull up a terminal or SSH into the target server. + +1. Logon as root + + ```` + sudo -i + ```` + +1. Download the installer script. + + ```` + wget https://raw.githubusercontent.com/theonemule/simple-openvpn-server/master/openvpn.sh + ```` + +1. Make the script executable + + ```` + chmod +x openvpn.sh + ```` + +1. Run the script. + + ```` + ./openvpn.sh [options] + ```` + + Example: + + ```` + ./openvpn.sh --adminpassword=mypassword --host=myvpn.example.com + ```` + + + There are number of options the script will accept + + **adminpassword** -- This is the admin password for the website for managing clients. The default is **password**. + + **dns1** -- The first dns server assigned to the clients. The default is **8.8.8.8**. + + **dns2** -- The first dns server assigned to the clients. The default is **8.8.4.4**. + + **vpnport** -- The port to be used by OpenVPN. 1194 may be blocked by some firewalls, so this is customizable. The default port is **1194**. + + **protocol** -- The protocol to be used by OpenVPN. This accepts **udp** or tcp. The default is **udp**. + + **host** -- The host name of the server. The script attempts to detect the external IP of your server if the host is not specified. ***It is highly recommended that you use a host name if your sever is not using a static IP address***. You can get a free dynamic DNS account and use a dynamic DNS updater that keeps the DNS records for your server up to date in the event that your IPa address changes. + +1. Let the installer finish. This may take a few minutes, as the intaller generates a few keys to set up a certificate authority (CA) that is used to assign certificates to the clients. + +1. If the server you are installing this on is behind a firewall, be sure that you forward the external ports from the firewall to the ports on the server for the VPN. Optionally, if you want to be able to manage the VPN from outside the firewall, forward a port to 443 on the VPN Server. + + +## Managing Profiles + +1. Once the script is complete, point your browser to **https://[your host or IP]/**, where your host or IP is the host name or IP addressed for the VPN. You may get an error about the site not being secure even though you are using https. This is because the site is using a self-esigned certificate. Simply ignore the warning. + +1. Logon to the admin site. Use **admin** for the username and the password used for the **adminpassword** option when the installer was run. If you did not supply one, use **password**. + + ![Logon](images/logon.png) + +1. Once logged on, enter a name for the client and click **Add**. + + ![Add a client](images/add-client.png) + +1. Once added, you can click **Revoke** to revoke access or **Download** to download the client profile. + + ![Revoke or Download](images/download-revoke.png) + +## Connecting to the Server + +Once the profile is downloaded you need to configure a client: + +* **Windows**: use [OpenVPN GUI](https://openvpn.net/index.php/open-source/downloads.html). After installing the app, copy the .ovon to the **C:\Program Files\OpenVPN\config** folder. Launch the GUI from your Start menu, then right click the icon in the Tool Tray, then click **Connect**. Disconnect by right clicking and selecting **Disconnect**. + +* **MacOS** (OS X): use [Tunnelblick](https://tunnelblick.net/downloads.html). Download and install Tunnelblick. After downloading, double-click on the downloaded .ovpn file and import the configuration either for yourself or all users. Once imported, click the Tunnleblick icon on the menu bar and click **Connect**. Disconnect by clicking the Tunnelblick icon and selecting **Disconnect**. + +* **Android**: use [OpenVPN Connect for Android](https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en). Download and install the app. Next, go to the admin site and create and/or download a profile. In the app, select Import from the menu, then select **Import**, then select **Import Profile from SD card**. Find the profile in your **Downloads** folder and import the profile. Once downloaded, click **Connect**. To disconnect, open the app again and select **Disconnect**. + +* **iOS**: use [OpenVPN Connect for iOS](https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8). Install the app, then browse to the admin site in Safari. Create and/or download a profile. After the profile is downloaded, select **Open in Open VPN**. Install the profile, then select **Connect** to connect to the VPN. To disconnect, open the app again and select **Disconnect**. + +That's it! Your VPN is up and running. \ No newline at end of file