Enhanced Web Front End
Posted: Sun Nov 25, 2012 11:28 pm
I have been trying to build a server that simplifies the process of setting up layer 2 (TAP) bridged VPN connections. I want to be able to deliver this as a service to end users. So far I have brought up a working OpenVPN-AS instance, I have it authenticating against FreeRADIUS, and I am using DaloRadius to create and manage user accounts.
The user creation process is totally manual:
1. I create a subnet for the user by making a bridge on the server. Like 10.10.10.0/24
2. Then I create the user in OpenVPN-AS so that it gets bound to the subnet
3. Then I create a user in Radius.
4. Then the user can log into OpenVPN-AS and download his ca, server cert and user cert, along with the OpenVPN Connect app.
5. Then he can connect.
What I want to be able to do is:
1. Let a user create his own user account using web. This user can then either create other users, or subnets and attach his users to the subnets he created.
2. I want the web app to create the bridge interfaces on the server.
3. I want to automate the process of adding users to OpenVPN-AS from Radius accounts as they are created.
4. I need billing information, such as connect time, number of connections, total transfer, etc to log back to radius as radius accounting.
5. I want to be able to limit user traffic by individual user or groups of users.
6. Obviously this needs a hierarchial structure for user and subnet permissions.
7. Need to accept electronic payment up front, so hooks to payment networks would be required.
Is there a product already out there that I can buy that does this? If not, how hard would it be for someone to write the glue?
I would like to be able to run these on VPS machines on Xen and create redundancy and failover.
So far I have not found anything like this. Any help is greatly appreciated.
OpenVPN is an awesome system.
The user creation process is totally manual:
1. I create a subnet for the user by making a bridge on the server. Like 10.10.10.0/24
2. Then I create the user in OpenVPN-AS so that it gets bound to the subnet
3. Then I create a user in Radius.
4. Then the user can log into OpenVPN-AS and download his ca, server cert and user cert, along with the OpenVPN Connect app.
5. Then he can connect.
What I want to be able to do is:
1. Let a user create his own user account using web. This user can then either create other users, or subnets and attach his users to the subnets he created.
2. I want the web app to create the bridge interfaces on the server.
3. I want to automate the process of adding users to OpenVPN-AS from Radius accounts as they are created.
4. I need billing information, such as connect time, number of connections, total transfer, etc to log back to radius as radius accounting.
5. I want to be able to limit user traffic by individual user or groups of users.
6. Obviously this needs a hierarchial structure for user and subnet permissions.
7. Need to accept electronic payment up front, so hooks to payment networks would be required.
Is there a product already out there that I can buy that does this? If not, how hard would it be for someone to write the glue?
I would like to be able to run these on VPS machines on Xen and create redundancy and failover.
So far I have not found anything like this. Any help is greatly appreciated.
OpenVPN is an awesome system.