A secure OpenVPN authentication portal with Google OAuth2
Project description
๐ OpenVPN Authentication Portal
A secure, user-friendly authentication portal for OpenVPN configuration distribution. This application provides Google OAuth2 authentication and domain-restricted access to OpenVPN configuration files.
๐ Features
- ๐ Secure Google OAuth2 authentication
- ๐ฅ Domain-restricted access control
- ๐ฆ Automated OpenVPN config generation
- ๐จ Clean, responsive web interface
- ๐ Easy deployment and configuration
๐ฆ Installation
Via pip
pip install gcp-ovpn-portal
Development Setup
- Clone the repository:
git clone https://github.com/ranson21/gcp-ovpn-portal
cd gcp-ovpn-portal
- Install with Poetry:
poetry install
๐ง Configuration
Google OAuth2 Setup
- Go to the Google Cloud Console
- Create a new project or select an existing one
- Enable the Google OAuth2 API:
- Go to "APIs & Services" > "Library"
- Search for "Google OAuth2"
- Click "Enable"
- Configure the OAuth consent screen:
- Go to "APIs & Services" > "OAuth consent screen"
- Choose "Internal" if using Google Workspace, or "External" if not
- Fill in the application name and other required fields
- Add the necessary scopes (email, profile)
- Create OAuth 2.0 credentials:
- Go to "APIs & Services" > "Credentials"
- Click "Create Credentials" > "OAuth client ID"
- Choose "Web application"
- Add authorized redirect URIs:
- For local development:
http://localhost:8081 - For production:
https://your-domain.com
- For local development:
- Save your Client ID and Client Secret
Environment Variables
The following environment variables are required:
CLIENT_ID: Google OAuth2 client ID (obtained from steps above)ALLOWED_DOMAIN: Authorized email domain (e.g., "company.com")EXTERNAL_IP: VPN server's external IP addressOPENVPN_DIR: Directory containing OpenVPN configuration files (default: /etc/openvpn)
Create a .env file:
cp .env.example .env
# Edit .env with your configuration
Example .env file:
CLIENT_ID=your-google-client-id.apps.googleusercontent.com
ALLOWED_DOMAIN=yourcompany.com
EXTERNAL_IP=203.0.113.1
OPENVPN_DIR=/etc/openvpn
๐ Usage
Running as an installed package
# Run the VPN portal
ovpn-portal
Running in development mode
# Using Poetry
poetry run ovpn-portal
# Or using make
make run
๐ Project Structure
openvpn-auth-portal/
โโโ ovpn_portal/
โ โโโ app/
โ โ โโโ main/
| โ โ โโโ __init__.py
| โ โ โโโ routes.py
โ โ โโโ __init__.py
โ โ โโโ config.py
โ โ โโโ middleware.py
โ โ โโโ vpn.py
โ โโโ run.py
โโโ static/
โ โโโ css/
โ โโโ images/
โ โโโ js/
โ โโโ favicon.ico
โโโ templates/
โ โโโ index.html
โโโ tests/
โโโ pyproject.toml
โโโ .env.example
โโโ .gitignore
โโโ README.md
๐ ๏ธ Development
The project includes a Makefile to help with common development tasks:
First Time Setup
make dev-setup # Install Poetry, initialize git, and install dependencies
Common Commands
make install # Install project dependencies
make run # Run development server
make test # Run test suite
make coverage # Run tests with coverage report
make format # Format code with black and isort
make lint # Run linting checks
make clean # Clean temporary files and builds
Test Coverage
To run tests with coverage reporting:
make coverage
This will:
- Run all tests with coverage tracking
- Generate a terminal report showing missing lines
- Create an HTML coverage report in
coverage_html/
View the HTML coverage report:
make coverage-open # On macOS
# Or open coverage_html/index.html in your browser
Package Management
make build # Build package distribution
make develop # Install package locally in editable mode
Publishing
make publish-test # Publish to Test PyPI
make publish # Publish to PyPI
You can also use Poetry directly for development tasks:
poetry install # Install dependencies
poetry run pytest # Run tests
poetry run black . # Format code
poetry run flake8 # Lint code
๐ Security Considerations
- All authentication is performed through Google OAuth2
- Configuration files are generated temporarily and immediately deleted after download
- Domain restriction ensures only authorized users can access the portal
- HTTPS is required in production
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
๐ค Author
Abigail Ranson
- Website: abbyranson.com
- GitHub: @ranson21
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gcp_ovpn_portal-0.0.2.tar.gz
(31.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gcp_ovpn_portal-0.0.2.tar.gz.
File metadata
- Download URL: gcp_ovpn_portal-0.0.2.tar.gz
- Upload date:
- Size: 31.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.5 CPython/3.8.20 Linux/5.10.0-32-cloud-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4b3d8d8f576127b1502b8c38a66a2901b2490093dfc59ca7b1f1ad99abdf94fe
|
|
| MD5 |
886481dbe3a472b35a268981d4392811
|
|
| BLAKE2b-256 |
4e7fa8f1322b1ce0787183e9c6925ed1687fcecfcaa67d8b2f8355966fe5be2d
|
File details
Details for the file gcp_ovpn_portal-0.0.2-py3-none-any.whl.
File metadata
- Download URL: gcp_ovpn_portal-0.0.2-py3-none-any.whl
- Upload date:
- Size: 26.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.5 CPython/3.8.20 Linux/5.10.0-32-cloud-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a6f487b1ce2a7fbd7e22350de8f73486aecec8ee409ed7b4feb993d758117ad1
|
|
| MD5 |
69e3288e80f71874d7e7441853ce6503
|
|
| BLAKE2b-256 |
bf4233d790b03b244585b51af2faea366cac7d46256e172cc110b5f8bb973b11
|
