Admin Configuration - georgi-dev215/openvpn-web-manager GitHub Wiki

Client Management

Comprehensive guide to managing OpenVPN clients through the web interface.

Overview

The Client Management system allows you to:

  • Create and manage individual clients
  • Perform bulk operations
  • Organize clients with groups and profiles
  • Track client activity and history
  • Manage certificate lifecycle

Creating Clients

Single Client Creation

  1. Navigate to ClientsAdd New Client
  2. Fill in client details:
    • Client Name: Unique identifier (alphanumeric, hyphens, underscores)
    • Expiry Period: Certificate validity (30, 90, 365 days, or custom)
    • Client Group: Organizational grouping
    • Profile: Access level and restrictions
  3. Click Create Client
  4. Download the generated .ovpn configuration

Bulk Client Creation

  1. Go to ClientsBulk Operations
  2. Choose Bulk Create
  3. Upload CSV file with format: 
    client_name,group,profile,expiry_days
employee_001,staff,standard,365
employee_002,staff,standard,365
contractor_001,external,restricted,90
  4. Review and confirm creation

Client Profiles

Available Profiles

  • Standard: Basic VPN access with standard bandwidth
  • High Bandwidth: Optimized for streaming and large downloads
  • Restricted: Time-limited access with bandwidth restrictions
  • Mobile Only: Optimized for mobile devices
  • Admin Access: Full network access with elevated privileges
  • Guest Limited: Temporary access with strict limitations

Creating Custom Profiles

  1. Go to SettingsClient Profiles
  2. Click Create New Profile
  3. Configure settings:
    • Bandwidth Limits
    • Access Hours
    • Network Restrictions
    • Session Duration

Client Groups

Group Management

  • Purpose: Organize clients by department, project, or access level
  • Benefits: Bulk operations, policy application, reporting
  • Examples: employees, contractors, guests, admins

Group Operations

  1. Create Group: Settings → Client Groups → Add New
  2. Assign Clients: Select clients → Actions → Assign to Group
  3. Group Policies: Apply common settings to all group members

Certificate Management

Certificate Lifecycle

  1. Creation: Automatic during client creation
  2. Active: Certificate is valid and client can connect
  3. Expiring: Certificate nears expiration (30-day warning)
  4. Expired: Certificate no longer valid
  5. Revoked: Certificate manually revoked

Renewal Process

# Automatic renewal (30 days before expiry)
- System sends notification
- Admin can approve auto-renewal
- New certificate generated
- Client receives updated config

# Manual renewal
1. Select client(s) in web interface
2. Click "Renew Certificate"
3. Choose new expiry period
4. Download updated configuration

Bulk Operations

Available Operations

  • Bulk Create: Create multiple clients from CSV
  • Bulk Revoke: Revoke multiple client certificates
  • Bulk Renew: Renew multiple certificates
  • Bulk Export: Export multiple client configurations
  • Bulk Group Assignment: Move clients between groups

Export Formats

  • Individual .ovpn files: Standard OpenVPN configuration
  • ZIP archive: Multiple configurations bundled
  • QR codes: For mobile device easy setup
  • Configuration statistics: CSV report with client details

Client Activity Tracking

Connection History

  • Current Sessions: Real-time active connections
  • Session History: Historical connection data
  • Data Usage: Bandwidth consumption per client
  • Login Attempts: Successful and failed authentication

Activity Reports

  1. Individual Client Reports: Detailed usage statistics
  2. Group Reports: Aggregated group activity
  3. Time-based Reports: Daily, weekly, monthly summaries
  4. Custom Reports: User-defined date ranges and filters

Troubleshooting Client Issues

Common Problems

  1. Client Can't Connect

    • Check certificate status
    • Verify server configuration
    • Check firewall rules

  2. Slow Connection

    • Review bandwidth limits
    • Check server load
    • Verify network routing

  3. Authentication Failures

    • Verify certificate validity
    • Check client configuration
    • Review server logs

Diagnostic Tools

  • Connection Test: Built-in connectivity checker
  • Certificate Validator: Verify certificate integrity
  • Configuration Validator: Check .ovpn file syntax
  • Log Analyzer: Parse and analyze connection logs

Best Practices

Naming Conventions

# Good examples
user_firstname_lastname
dept_project_001
temp_guest_20241201

# Avoid
user1, test, temp, admin

Security Recommendations

  • Regular certificate rotation (annual)
  • Use appropriate profiles for access levels
  • Monitor client activity regularly
  • Revoke unused certificates promptly
  • Implement group-based policies

Performance Optimization

  • Limit concurrent connections per client
  • Use appropriate certificate key sizes
  • Monitor and manage bandwidth usage
  • Regular cleanup of expired certificates