

INSTALLATION

See the file REQUIRED.txt for a list of all required packages.  These packages
MUST be installed before configuring the system, since the system 
configuration is dependent on the locations of some of the packages.

One of the items on the TODO list is to create an installer/quick start 
wizard.  Until then, please follow these instructions:



1.  Untar the file into a convenient temporary directory.  Check the 
    settings at the top of the Makefile, then type:

        make install

    is /home/openvpn.  These instructions will assume the default directory
    for purposes of discussion.

    The scripts are currently set up to work with a base 
    directory of  /home/openvpn


    If you want to be able to install servers on the local system from 
    the web page, you will need to add a line to the sudoers file to
    allow Apache to run a script as root.  This line is in the file:
    
        setup/sudoers

    
2.  Add a virtual host to Apache using the file:

        setup/openvpn
        
    WARNING:  THE FILE IS SET TO USE STANDARD HTTP.  THIS IS A BIG SECURITY HOLE
    
    There is a sample SSL file called:
    
        setup/openvpn.ssl
        
    
    Unless this is installed on a totally secure server in a totally secure
    environment, you should use SSL and set it up securely.

2.5 If you are going to be using authentication (highly recommended),
    copy the file setup/check_user  to  /etc/pam.d
    You may need to modify these settings for the PAM on your system
    
3.  Cd to the install directory.

    Run the shell script:   setup.sh

    Change   the   owner/group   to  your   Apache   user.   Example:   
        chown   -R www-data.www-data /home/openvpn


    In the directory called "setup" you will find some sample Apache config
    files.  I highly recommend that you use ssl to access this, since some
    scripts have to run as root.  Once installed, restart Apache.
    
    The file "sudoers" in the same directory contains a sample entry for your
    sudo file.  Use visudoers to edit the sudoers file, and copy the line.


4.  cd /home/openvpn/www/status


There are currently 3 configuration files to edit:


5.  Edit the file config.inc.  Edit the entries as necessary.

        Make sure that the library paths for www, smarty, validate and Home are
        correct (first 4 lines in the config file)
        
        The two most important lines are:
        
        $config['Home'] = '/home/openvpn/';
        $config['openvpn']['folder']     = '/etc/openvpn/';
        
        
        If you want the status page only, change the mode to 
        say  status  instead of  full
        
        First, because the project HAS to read openssl and openvpn configuration,
        give the www group (or what is your apache group) read right to:
        
         openssl.cnf
         $config['openvpn']['config']
         $config['openssl']['folder']
         $config['openvpn']['status']
        
        The following files/dirs require rw access:
        
         $config['openssl']['serial']
         $config['openssl']['database']
         $config['openssl']['folder']


    Authentication is optional.  As of now, you can authenticate either
    with PAM or ldap.  The authentication is controlled by the following
    settings in the config file:
    
            admin_users
            pam_allow_login
            ldap_allow_login
            ldap_host
            ldap_port
            ldap_version
            ldap_base_dn
            ldap_search_user
            ldap_search_pass
            ldap_user_filter

    If you use PAM, set the pam_allow_login = "yes", otherwise set the
    ldap_allow_login = "yes".  If using ldap, then fill in the other
    ldap parameters as required by your ldap configuration.  
    
    See the notes in the REQUIRED document if you are using PAM.  There
    are specific instructions for Ubuntu 9.10 and Centos 5.4
    
    Right now the user has to be listed in the admin_users entry in order
    to gain access to the system.  Eventually this will become more
    automatic
    
5.1 IMPORTANT - If using PAM authentication, you will need to compile a 
    small C program in openvpn/www/status/pam/check_user.c  There is a
    Makefile available.  You will need a C compiler, as well as the 
    PAM development libraries.  To install the PAM development libraries,
    use one of the following:
    
        On Centos use:   yum install pam-devel
        On Ubuntu use:   apt-get install libpam0g-dev
    


6.  Edit the file plugins/win32installer/local.inc:

        Make sure that the two entries are pointing to the correct locations:
        
        The 'openvpnguipath' need to point to where the win32 installer is located
        The 'makensis' need to be pointing to the makensis executable


7.  Edit the file plugins/revokecrt/local.inc

        Make sure that the two entries are pointing to the correct locations.
        See the comments in the file for specific information
    
 
8.  There are several other files you need to check to set various
    paths.  They are:
    

        scripts/make_install_client.sh: OPENVPNHOME
                                        OPENVPN_VERSION_21
                                    
    
        scripts/make_install_server.sh  OPENVPNHOME
                                        OPENVPNBIN
                                        OPENVPN_VERSION_21
                                    
    
        scripts/revoke_client.sh    OPENVPNHOME
        
        easy-rsa/vars.in            OPENSSL
                                    EASY_RSA
    
        www/status/config.inc:      www
                                    smarty
                                    validate
                                    home
                                    mode
                                    DownloadUrl
                                    Company_Name
                                    Company_Logo
                                    URL_Home_Page
                                    
                                    admin_users
                                    pam_allow_login
                                    ldap_allow_login
                                    ldap_host
                                    ldap_port
                                    ldap_version
                                    ldap_base_dn
                                    ldap_search_user
                                    ldap_search_pass
                                    ldap_user_filter
    
                                    openvpn->folder
                                    openvpn->restart
                                    
    
              
