Commit fd731a14 authored by ale's avatar ale
Browse files

add README

parent a9cdc027
AutoVPN
=======
A simple self-service OpenVPN infrastructure (with X.509 PKI).
Installation
------------
The 'autovpn' Python package is bundled with 'autoca'.
Once you've got the autoca/autovpn sources, just run::
$ sudo python setup.py install
from the top-level directory.
Configuration
-------------
How to run the AutoVPN web application will depend on the deployment
method that you choose (mod_wsgi, FastCGI, standalone HTTP server...).
Examples of a few different drivers can be found in the apps/
directory.
In all cases though, you'll need to create a configuration file and
point the application at it (for example using the VPN_APP_CONFIG
environment variable). This file should define the following variables
(using Python syntax):
VPN_ENDPOINT
DNS name for the VPN server (use more than one A record for
crude load balancing)
VPN_SITE_URL
The public URL for the AutoVPN web application
VPN_CERT_VALIDITY
How many days should the generated certificates be valid for
(default: 7)
VPN_DEFAULT_SUBJECT_ATTRS
A dictionary containing X.509 attributes to use as defaults for
the subject of the generated certificates. For example::
VPN_DEFAULT_SUBJECT_ATTRS = {'O': 'My VPN', 'C': 'IT'}
The app will only set the 'CN' attribute.
There are two different options to connect to the CA, you can either
connect to a remote autoca web application:
VPN_CA_URL
URL of the remote autoca web application
CA_SHARED_SECRET
(optional) the shared secret to use for authentication
Otherwise, you can instantiate a CA that is local to the AutoVPN
application itself (for simpler deployments):
VPN_CA_ROOT
Base directory for the CA storage -- keep it private!
VPN_CA_BITS
How many bits to use for the CA RSA key (default 4096)
VPN_CA_SUBJECT
Dictionary with the X.509 CA subject attributes
In this latter case, the autoca web application will be available
under the /ca/ URL prefix.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment