A secure OpenVPN authentication portal with Google OAuth2
Project description
๐ OpenVPN Authentication Portal
A secure, user-friendly authentication portal for OpenVPN configuration distribution. This application provides Google OAuth2 authentication and domain-restricted access to OpenVPN configuration files.
๐ Features
- ๐ Secure Google OAuth2 authentication
- ๐ฅ Domain-restricted access control
- ๐ฆ Automated OpenVPN config generation
- ๐จ Clean, responsive web interface
- ๐ Easy deployment and configuration
๐ฆ Installation
Via pip
pip install gcp-ovpn-portal
Development Setup
- Clone the repository:
git clone https://github.com/ranson21/gcp-ovpn-portal
cd gcp-ovpn-portal
- Install with Poetry:
poetry install
๐ง Configuration
Google OAuth2 Setup
- Go to the Google Cloud Console
- Create a new project or select an existing one
- Enable the Google OAuth2 API:
- Go to "APIs & Services" > "Library"
- Search for "Google OAuth2"
- Click "Enable"
- Configure the OAuth consent screen:
- Go to "APIs & Services" > "OAuth consent screen"
- Choose "Internal" if using Google Workspace, or "External" if not
- Fill in the application name and other required fields
- Add the necessary scopes (email, profile)
- Create OAuth 2.0 credentials:
- Go to "APIs & Services" > "Credentials"
- Click "Create Credentials" > "OAuth client ID"
- Choose "Web application"
- Add authorized redirect URIs:
- For local development:
http://localhost:8081 - For production:
https://your-domain.com
- For local development:
- Save your Client ID and Client Secret
Environment Variables
The following environment variables are required:
CLIENT_ID: Google OAuth2 client ID (obtained from steps above)ALLOWED_DOMAIN: Authorized email domain (e.g., "company.com")EXTERNAL_IP: VPN server's external IP addressOPENVPN_DIR: Directory containing OpenVPN configuration files (default: /etc/openvpn)
Create a .env file:
cp .env.example .env
# Edit .env with your configuration
Example .env file:
CLIENT_ID=your-google-client-id.apps.googleusercontent.com
ALLOWED_DOMAIN=yourcompany.com
EXTERNAL_IP=203.0.113.1
OPENVPN_DIR=/etc/openvpn
๐ Usage
Running as an installed package
# Run the VPN portal
ovpn-portal
Running in development mode
# Using Poetry
poetry run ovpn-portal
# Or using make
make run
๐ Project Structure
openvpn-auth-portal/
โโโ ovpn_portal/
โ โโโ app/
โ โ โโโ main/
| โ โ โโโ __init__.py
| โ โ โโโ routes.py
โ โ โโโ __init__.py
โ โ โโโ config.py
โ โ โโโ middleware.py
โ โ โโโ vpn.py
โ โโโ run.py
โโโ static/
โ โโโ css/
โ โโโ images/
โ โโโ js/
โ โโโ favicon.ico
โโโ templates/
โ โโโ index.html
โโโ tests/
โโโ pyproject.toml
โโโ .env.example
โโโ .gitignore
โโโ README.md
๐ ๏ธ Development
The project includes a Makefile to help with common development tasks:
First Time Setup
make dev-setup # Install Poetry, initialize git, and install dependencies
Common Commands
make install # Install project dependencies
make run # Run development server
make test # Run test suite
make coverage # Run tests with coverage report
make format # Format code with black and isort
make lint # Run linting checks
make clean # Clean temporary files and builds
Test Coverage
To run tests with coverage reporting:
make coverage
This will:
- Run all tests with coverage tracking
- Generate a terminal report showing missing lines
- Create an HTML coverage report in
coverage_html/
View the HTML coverage report:
make coverage-open # On macOS
# Or open coverage_html/index.html in your browser
Package Management
make build # Build package distribution
make develop # Install package locally in editable mode
Publishing
make publish-test # Publish to Test PyPI
make publish # Publish to PyPI
You can also use Poetry directly for development tasks:
poetry install # Install dependencies
poetry run pytest # Run tests
poetry run black . # Format code
poetry run flake8 # Lint code
๐ Security Considerations
- All authentication is performed through Google OAuth2
- Configuration files are generated temporarily and immediately deleted after download
- Domain restriction ensures only authorized users can access the portal
- HTTPS is required in production
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
๐ค Author
Abigail Ranson
- Website: abbyranson.com
- GitHub: @ranson21
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gcp_ovpn_portal-0.0.4.tar.gz
(31.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gcp_ovpn_portal-0.0.4.tar.gz.
File metadata
- Download URL: gcp_ovpn_portal-0.0.4.tar.gz
- Upload date:
- Size: 31.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.5 CPython/3.8.20 Linux/5.10.0-32-cloud-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3b54eb4a29cea2a58b797c6a20ef59f3d88bff263e3a8786564f3fb7543a37b9
|
|
| MD5 |
bd95b1e742e33a43d65f3bb095f86836
|
|
| BLAKE2b-256 |
bb78d9afd55ddfda7fa7440d44c9966139144fda36b2da35a1c32cb0000f4633
|
File details
Details for the file gcp_ovpn_portal-0.0.4-py3-none-any.whl.
File metadata
- Download URL: gcp_ovpn_portal-0.0.4-py3-none-any.whl
- Upload date:
- Size: 26.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.5 CPython/3.8.20 Linux/5.10.0-32-cloud-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a974e5fa098a7570537df0f8935c56a86c8781837d44e4a02d4abd3f6ee7340f
|
|
| MD5 |
7f48d787cfbf125501de308ca7e56dd6
|
|
| BLAKE2b-256 |
eb12f181f8d8f5d9eff489d160a49e4f9d21c89fbd1a6665b9d494c6f2170251
|
