eduVPN documentation
Switch branches/tags
Clone or download
Latest commit c044cff Dec 15, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app fix windows screenshot link Jun 5, 2018
attic doc updates Feb 26, 2018
auto-update update auto update files Nov 20, 2018
discovery mention DEB package Dec 15, 2018
img Changed filenames and improved md to conventions Nov 15, 2018
release update release scripts Nov 23, 2018
resources more Debian Apache SAML path fixes Nov 14, 2018
rpm-dev update dev specs Dec 15, 2018
rpm update specs Dec 5, 2018
2FA.md mention how to configure 2FA Nov 28, 2018
ACL.md smallA ACL document update Nov 26, 2018
API.md improve API text Nov 27, 2018
ARCH.md update ARCH Oct 31, 2017
BRANDING.md update BRANDING Sep 30, 2018
CLIENT_COMPAT.md talk about split tunnel on Linux Nov 9, 2018
CONTRIBUTE_TRANSLATIONS.md small fixes Sep 11, 2018
CUSTOM_BRANDING.md document artwork Aug 20, 2018
DEPLOY_CENTOS.md we no longer have the "switch php" script Oct 31, 2018
DEPLOY_DEBIAN.md Grammar Nov 23, 2018
DEPLOY_FEDORA.md be more clear you need to have a DNS entry and can not use IP address Oct 17, 2018
DEVELOPMENT_PRACTICES.md update links to repos Jun 5, 2018
DEVELOPMENT_SETUP.md mention tagging Oct 30, 2018
DNS_FILTERING.md Ignore error on first run Nov 16, 2018
GUEST_USAGE.md update template text Sep 30, 2018
LDAP.md update LDAP documentation to mention authorization Aug 15, 2018
LOCAL_DNS.md update local dns doc Oct 17, 2018
MULTI_PROFILE.md update MULTI_PROFILE.md Sep 14, 2018
OVERVIEW.md Changed filenames and improved md to conventions Nov 15, 2018
PORT_SHARING.md fix port sharing for Debian Aug 28, 2018
PROFILE_CONFIG.md add blockLan description Nov 11, 2018
RADIUS.md update RADIUS documentation Mar 29, 2018
README.md update README Nov 23, 2018
SAML.md update SAML documentation for SURFconext Nov 14, 2018
SCALING.md fix line length Oct 25, 2018
SECURITY.md fix date Nov 1, 2018
SELINUX.md be more explicit when SELinux is used Nov 1, 2018
STATS.md add STATS documentation Aug 2, 2017
USER_DELETE.md update documentation Sep 10, 2018
backup.sh update documentation Sep 10, 2018
deploy_centos.sh typo fix Oct 18, 2018
deploy_debian.sh remove link to old repo Nov 23, 2018
deploy_fedora.sh typo fix Oct 18, 2018
development_setup.sh update development documentation Nov 25, 2017
lets_encrypt_centos.sh rename Let's Encrypt script Apr 19, 2018
lets_encrypt_debian.sh also use system hostname for lets_encrypt as initial value Feb 26, 2018
openvpn_disable_stop_remove.sh update reset scripts Sep 5, 2018
openvpn_generate_enable_start.sh update documentation Sep 10, 2018
reset_instance_centos.sh update reset scripts Sep 5, 2018
reset_instance_debian.sh update reset scripts Sep 5, 2018
update_system_centos.sh no longer require running update scripts with sudo, sudo is inside now Sep 25, 2018
update_system_debian.sh no longer require running update scripts with sudo, sudo is inside now Sep 25, 2018
update_system_fedora.sh no longer require running update scripts with sudo, sudo is inside now Sep 25, 2018

README.md

Introduction

This is the eduVPN/Let's Connect! documentation repository. This repository targets administrators and developers. It contains information on how to deploy the VPN software, but also (technical) details about the implementation needed to (better) integrate it in existing infrastructure, and how to modify the software for one's own needs.

NOTE: if you are an end-user of eduVPN and want to contact someone, please contact eduvpn@surfnet.nl.

Features

This is an (incomplete) list of features of the VPN software:

  • OpenVPN server accepting connections on both UDP and TCP ports;
  • Uses multiple OpenVPN processes for load sharing purposes;
  • Scales from a Raspberry Pi to many core systems with 10GBit networking;
  • Full IPv6 support, using IPv6 inside the tunnel and connecting over IPv6;
  • Support both NAT and publically routable IP addresses;
  • CA for managing client certificates;
  • Secure server and client configuration out of the box;
  • User Portal to allow users to manage their configurations for their devices;
  • Admin Portal to manage users, configurations and connections;
  • Multi Language support in User Portal and Admin Portal;
  • Authentication to portals using "static" username and password, LDAP, RADIUS and SAML;
  • OAuth 2.0 API for integration with applications;
  • Two-factor authentication TOTP and YubiKey support with user self-enrollment for both access to the portal(s) and the VPN;
  • Deployment scenarios:
    • Route all traffic over the VPN (for safer Internet usage on untrusted networks);
    • Route only some traffic over the VPN (for access to the organization network);
    • Client-to-client (only) networking;
  • Group ACL support with SAML and LDAP;
  • Ability to disable all OpenVPN logging (default);
  • Support multiple deployment scenarios simultaneously;
  • SELinux fully enabled;
  • Guest Usage scenario;
  • Native applications available for most common platforms.

Client Support

See Client Compatibility for more information about the supported OpenVPN clients.

Deployment

NOTE: if you plan to run eduVPN/Let's Connect! please consider subscribing to the mailing list here. It will be used for announcements of updates and discussion about running eduVPN/Let's Connect!.

You can also use IRC for support & feedback: freenode, channel #eduvpn.

Supported Operating Systems

NOTE: we expect ALL software updates to be installed and the server rebooted before you install the software!

Experimental

Development

See DEVELOPMENT_SETUP.

Security Contact

If you find a security problem in the code, the deployed service(s) and want to report it responsibly, contact fkooman@tuxed.net. You can use PGP. My key is 0x9C5EDD645A571EB2. The full fingerprint is 6237 BAF1 418A 907D AA98 EAA7 9C5E DD64 5A57 1EB2.