Here is a patch to openvpn-2.1_beta14 which allows a web browser to connect to OpenVPN's management interface. Most systems now have at least one web browser so this patch could lessen the need for a separate OpenVPN management GUI. http://cns.utoronto.ca/~pkern/ovpn-mgmt-http/ Based on a suggestion by Richard Sanford, CNS, UToronto. Windows binaries provided by Greg Chambers. Paul Kern, CNS, UToronto. pak {At} cns.utoronto.ca 2006/08/29. ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== Included in this patch: - code to extract management commands from HTTP format messages. - code to HTML-wrap management replies and send as HTTP messages. - a simple built-in default "home page". - two new options: management-http, management-http-home Example usages: 1) - configure a patched OpenVPN with ... management localhost 7505 management-query-passwords management-hold management-http <--[NEW] - point your web browser at "http://localhost:7505/" eg. % lynx localhost:7505 2) - design a custom web page which includes links like ... http://localhost:7505/manage?log=all http://localhost:7505/manage?status http://localhost:7505/manage?state=all - configure a patched OpenVPN as in example 1) but add ... management-http-home {URL} ... where {URL} is the location of the custom web page. - point your web browser at the custom {URL}. Note: real-time messages are not available due to the nature of HTTP. Compiled+tested: FreeBSD, RedHat Linux, Windows XP Browsers tested: Lynx, Mozilla, Opera, MSIE. ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== added configuration options: ---------------------------- --management-http Allow a web browser to connect to the management interface. Commands sent to the management interface are expected to be in HTTP format. Output from the management interface is wrapped in HTML. Use this option in conjunction the "--management IP port" option. --management-http-home URL HTML-wrapped output from the management interface includes a link which directs the user to the next possible step/action/command. The default URL for that link points to a simple built-in web page. Use "--management-http-home" to set an alternate URL for that link. With this option, management can be guided by custom HTML pages. This option implies "--management-http". ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== some HTTP examples: ------------------- 1) the HTTP request ... | GET /manage?echo=on HTTP/1.1 | Http-header1: .... | Http-header... [ ... etc, etc ... ] ... translates to the management command ... echo on 2) the HTTP submission ... | POST /manage HTTP/1.1 | Http-header1: .... | Http-header2: .... | Http-header... | | command=username&Auth=jack&command=password+Auth&+=easypass ... translates to two management commands ... username Auth jack password Auth easypass 3) the following HTTP requests ... GET / HTTP/1.1 - or - GET /manage?default=nnnn.... HTTP/1.1 ... result in a check for pending conditions (special states). Any pending special-state messages (eg. waiting for hold release) are sent in reply at this time. If there are no pending messages, then the reply contains either the built-in "home page" or a link to the alternate home URL configured with "--management-http-home". The "default=" request is used as a way to create unique URLs so as to foil caching by some web browsers (eg. lynx). miscellaneous: -------------- - browser requests for "favicon.ico" result in an automatic HTTP 404 error reply. - requests for "index.htm" or "index.html" cause the built-in "home page" to be sent in reply. ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== =====