Adding Google Login #88
hellojanam
started this conversation in
Ideas
Replies: 10 comments 3 replies
-
|
Hi @hellojanam it definitely may be useful for other people. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
I have send the changes as PR , you can review it. |
Beta Was this translation helpful? Give feedback.
-
Neat. Let me test it with different arch and I'll merge it. |
Beta Was this translation helpful? Give feedback.
-
|
Do you have any information on how to configure this? I see this in the PR: What kind of Google OAuth credential should I create? Web Application? Desktop App? Something else? If a Web Application, it asks for a redirect URI. What should that be? And, finally, does the Google Login button appear if we have these environment variables set or is there additional configuration required? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hello, You can create webapp in google console. and for redirect URI, please provide the url on which this vpn ui is going to be used. like vpn-ui.xyz.com in console. and in env, put vpn-ui.xyz.com/auth/google/callback. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thank you. I dug through the code and found it in the router.go file... ;-)
…On Fri, Sep 6, 2024 at 11:40 AM NidinaKoirala ***@***.***> wrote:
Hello, You can create webapp in google console. and for redirect URI,
please provide the url on which this vpn ui is going to be used. like
vpn-ui.xyz.com in console. and in env, put
vpn-ui.xyz.com/auth/google/callback.
—
Reply to this email directly, view it on GitHub
<#88 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABVKI2DBMEMIRFHIYQ264TLZVHEGPAVCNFSM6AAAAABJ3SFBNWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJXGA4DKNQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Eric H. Raskin
914-765-0500 x120 or *315-338-4461
(direct)*
Professional Advertising Systems Inc.
fax: 914-765-0500 or *315-338-4461 (direct)*
3 Morgan Drive #310
***@***.***
Mt Kisco, NY 10549
http://www.paslists.com
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
And, I assume we add the required environment variables in
docker-entrypoint.sh?
…On Fri, Sep 6, 2024 at 11:41 AM Eric Raskin ***@***.***> wrote:
Thank you. I dug through the code and found it in the router.go file...
;-)
On Fri, Sep 6, 2024 at 11:40 AM NidinaKoirala ***@***.***>
wrote:
> Hello, You can create webapp in google console. and for redirect URI,
> please provide the url on which this vpn ui is going to be used. like
> vpn-ui.xyz.com in console. and in env, put
> vpn-ui.xyz.com/auth/google/callback.
>
> —
> Reply to this email directly, view it on GitHub
> <#88 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ABVKI2DBMEMIRFHIYQ264TLZVHEGPAVCNFSM6AAAAABJ3SFBNWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJXGA4DKNQ>
> .
> You are receiving this because you commented.Message ID:
> ***@***.***>
>
--
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Eric H. Raskin
914-765-0500 x120 or *315-338-4461
(direct)*
Professional Advertising Systems Inc.
fax: 914-765-0500 or *315-338-4461
(direct)*
3 Morgan Drive #310
***@***.***
Mt Kisco, NY 10549
http://www.paslists.com
--
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Eric H. Raskin
914-765-0500 x120 or *315-338-4461
(direct)*
Professional Advertising Systems Inc.
fax: 914-765-0500 or *315-338-4461 (direct)*
3 Morgan Drive #310
***@***.***
Mt Kisco, NY 10549
http://www.paslists.com
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hey, this is sample docker-compose with env variables. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Perfect! Thank you. Maybe this could all be added to the readme.md file?
…On Fri, Sep 6, 2024 at 11:49 AM NidinaKoirala ***@***.***> wrote:
Hey, this is sample docker-compose with env variables.
---
version: "3.5"
services:
openvpn:
container_name: openvpn
# If you want to build your own image with docker-compose, uncomment the next line, comment the "image:" line and run "docker-compose build" following by "docker-compose up -d"
# build: .
image: ecr.aws.com(use your repo here), or the main image in code docker-compose
privileged: true
ports:
- "1194:1194/udp" # openvpn UDP port
# - "1194:1194/tcp" # openvpn TCP port
# - "2080:2080/tcp" # management port. uncomment if you would like to share it with the host
environment:
TRUST_SUB: "10.0.70.0/24"
GUEST_SUB: "10.0.71.0/24"
HOME_SUB: "192.168.88.0/24"
volumes:
- ./pki:/etc/openvpn/pki
- ./clients:/etc/openvpn/clients
- ./config:/etc/openvpn/config
- ./staticclients:/etc/openvpn/staticclients
- ./log:/var/log/openvpn
- ./fw-rules.sh:/opt/app/fw-rules.sh
- ./checkpsw.sh:/opt/app/checkpsw.sh
- ./server.conf:/etc/openvpn/server.conf
cap_add:
- NET_ADMIN
restart: always
depends_on:
- "openvpn-ui"
openvpn-ui:
container_name: openvpn-ui
image: (use your ecr)
environment:
- OPENVPN_ADMIN_USERNAME=superadmin
- OPENVPN_ADMIN_PASSWORD=passwordispassword
- GOOGLE_CLIENT_ID=343443232342423.apps.googleusercontent.com(use yours)
- GOOGLE_CLIENT_SECRET=V261Mc(use yours)
- GOOGLE_REDIRECT_URL=http://vpn.xyz.com/auth/google/callback(use yours)
- ALLOWED_DOMAINS=amazon.com,lauda.com
- ***@***.******@***.***
privileged: true
ports:
- "8080:8080/tcp"
volumes:
- ./:/etc/openvpn
- ./db:/opt/openvpn-ui/db
- ./pki:/usr/share/easy-rsa/pki
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
—
Reply to this email directly, view it on GitHub
<#88 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABVKI2H6AEBBPME3PC3RX6DZVHFI7AVCNFSM6AAAAABJ3SFBNWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJXGA4TMNI>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Eric H. Raskin
914-765-0500 x120 or *315-338-4461
(direct)*
Professional Advertising Systems Inc.
fax: 914-765-0500 or *315-338-4461 (direct)*
3 Morgan Drive #310
***@***.***
Mt Kisco, NY 10549
http://www.paslists.com
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I'm not quite clear on the allowed-emails setting. The Google Client ID
for Web Application credentials asks for an input URI and a callback URI,
but no email information. What do I use it for?
…On Fri, Sep 6, 2024 at 11:53 AM Eric Raskin ***@***.***> wrote:
Perfect! Thank you. Maybe this could all be added to the readme.md file?
On Fri, Sep 6, 2024 at 11:49 AM NidinaKoirala ***@***.***>
wrote:
> Hey, this is sample docker-compose with env variables.
>
> ---
> version: "3.5"
>
> services:
> openvpn:
> container_name: openvpn
> # If you want to build your own image with docker-compose, uncomment the next line, comment the "image:" line and run "docker-compose build" following by "docker-compose up -d"
> # build: .
> image: ecr.aws.com(use your repo here), or the main image in code docker-compose
> privileged: true
> ports:
> - "1194:1194/udp" # openvpn UDP port
> # - "1194:1194/tcp" # openvpn TCP port
> # - "2080:2080/tcp" # management port. uncomment if you would like to share it with the host
> environment:
> TRUST_SUB: "10.0.70.0/24"
> GUEST_SUB: "10.0.71.0/24"
> HOME_SUB: "192.168.88.0/24"
> volumes:
> - ./pki:/etc/openvpn/pki
> - ./clients:/etc/openvpn/clients
> - ./config:/etc/openvpn/config
> - ./staticclients:/etc/openvpn/staticclients
> - ./log:/var/log/openvpn
> - ./fw-rules.sh:/opt/app/fw-rules.sh
> - ./checkpsw.sh:/opt/app/checkpsw.sh
> - ./server.conf:/etc/openvpn/server.conf
> cap_add:
> - NET_ADMIN
> restart: always
> depends_on:
> - "openvpn-ui"
>
> openvpn-ui:
> container_name: openvpn-ui
> image: (use your ecr)
> environment:
> - OPENVPN_ADMIN_USERNAME=superadmin
> - OPENVPN_ADMIN_PASSWORD=passwordispassword
> - GOOGLE_CLIENT_ID=343443232342423.apps.googleusercontent.com(use yours)
> - GOOGLE_CLIENT_SECRET=V261Mc(use yours)
> - GOOGLE_REDIRECT_URL=http://vpn.xyz.com/auth/google/callback(use yours)
> - ALLOWED_DOMAINS=amazon.com,lauda.com
> - ***@***.******@***.***
> privileged: true
> ports:
> - "8080:8080/tcp"
> volumes:
> - ./:/etc/openvpn
> - ./db:/opt/openvpn-ui/db
> - ./pki:/usr/share/easy-rsa/pki
> - /var/run/docker.sock:/var/run/docker.sock:ro
> restart: always
>
> —
> Reply to this email directly, view it on GitHub
> <#88 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ABVKI2H6AEBBPME3PC3RX6DZVHFI7AVCNFSM6AAAAABJ3SFBNWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJXGA4TMNI>
> .
> You are receiving this because you commented.Message ID:
> ***@***.***>
>
--
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Eric H. Raskin
914-765-0500 x120 or *315-338-4461
(direct)*
Professional Advertising Systems Inc.
fax: 914-765-0500 or *315-338-4461
(direct)*
3 Morgan Drive #310
***@***.***
Mt Kisco, NY 10549
http://www.paslists.com
--
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Eric H. Raskin
914-765-0500 x120 or *315-338-4461
(direct)*
Professional Advertising Systems Inc.
fax: 914-765-0500 or *315-338-4461 (direct)*
3 Morgan Drive #310
***@***.***
Mt Kisco, NY 10549
http://www.paslists.com
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Sorry, another silly question. I may have misunderstood the whole
purpose. I was looking for Google Auth for the client VPN connection. I
believe that this give us authentication to your UI.
Have you implemented SAML or something similar to give us Google
Authentication to the client?
…On Fri, Sep 6, 2024, 12:00 PM Eric Raskin ***@***.***> wrote:
I'm not quite clear on the allowed-emails setting. The Google Client ID
for Web Application credentials asks for an input URI and a callback URI,
but no email information. What do I use it for?
On Fri, Sep 6, 2024 at 11:53 AM Eric Raskin ***@***.***> wrote:
> Perfect! Thank you. Maybe this could all be added to the readme.md file?
>
> On Fri, Sep 6, 2024 at 11:49 AM NidinaKoirala ***@***.***>
> wrote:
>
>> Hey, this is sample docker-compose with env variables.
>>
>> ---
>> version: "3.5"
>>
>> services:
>> openvpn:
>> container_name: openvpn
>> # If you want to build your own image with docker-compose, uncomment the next line, comment the "image:" line and run "docker-compose build" following by "docker-compose up -d"
>> # build: .
>> image: ecr.aws.com(use your repo here), or the main image in code docker-compose
>> privileged: true
>> ports:
>> - "1194:1194/udp" # openvpn UDP port
>> # - "1194:1194/tcp" # openvpn TCP port
>> # - "2080:2080/tcp" # management port. uncomment if you would like to share it with the host
>> environment:
>> TRUST_SUB: "10.0.70.0/24"
>> GUEST_SUB: "10.0.71.0/24"
>> HOME_SUB: "192.168.88.0/24"
>> volumes:
>> - ./pki:/etc/openvpn/pki
>> - ./clients:/etc/openvpn/clients
>> - ./config:/etc/openvpn/config
>> - ./staticclients:/etc/openvpn/staticclients
>> - ./log:/var/log/openvpn
>> - ./fw-rules.sh:/opt/app/fw-rules.sh
>> - ./checkpsw.sh:/opt/app/checkpsw.sh
>> - ./server.conf:/etc/openvpn/server.conf
>> cap_add:
>> - NET_ADMIN
>> restart: always
>> depends_on:
>> - "openvpn-ui"
>>
>> openvpn-ui:
>> container_name: openvpn-ui
>> image: (use your ecr)
>> environment:
>> - OPENVPN_ADMIN_USERNAME=superadmin
>> - OPENVPN_ADMIN_PASSWORD=passwordispassword
>> - GOOGLE_CLIENT_ID=343443232342423.apps.googleusercontent.com(use yours)
>> - GOOGLE_CLIENT_SECRET=V261Mc(use yours)
>> - GOOGLE_REDIRECT_URL=http://vpn.xyz.com/auth/google/callback(use yours)
>> - ALLOWED_DOMAINS=amazon.com,lauda.com
>> - ***@***.******@***.***
>> privileged: true
>> ports:
>> - "8080:8080/tcp"
>> volumes:
>> - ./:/etc/openvpn
>> - ./db:/opt/openvpn-ui/db
>> - ./pki:/usr/share/easy-rsa/pki
>> - /var/run/docker.sock:/var/run/docker.sock:ro
>> restart: always
>>
>> —
>> Reply to this email directly, view it on GitHub
>> <#88 (comment)>,
>> or unsubscribe
>> <https://github.com/notifications/unsubscribe-auth/ABVKI2H6AEBBPME3PC3RX6DZVHFI7AVCNFSM6AAAAABJ3SFBNWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJXGA4TMNI>
>> .
>> You are receiving this because you commented.Message ID:
>> ***@***.***>
>>
>
>
> --
>
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Eric H. Raskin
> 914-765-0500 x120 or *315-338-4461
> (direct)*
>
> Professional Advertising Systems Inc.
> fax: 914-765-0500 or *315-338-4461
> (direct)*
>
> 3 Morgan Drive #310
> ***@***.***
>
> Mt Kisco, NY 10549
> http://www.paslists.com
>
>
>
--
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Eric H. Raskin
914-765-0500 x120 or *315-338-4461
(direct)*
Professional Advertising Systems Inc.
fax: 914-765-0500 or *315-338-4461
(direct)*
3 Morgan Drive #310
***@***.***
Mt Kisco, NY 10549
http://www.paslists.com
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
no , its auth for UI login, not for clients. For clients you can use 2fa , like google authenticator, or microsoft authenticator, 1 password. Enable 2fa and users are prompt to add it. |
Beta Was this translation helpful? Give feedback.
-
|
I did set that up, but we use Google Cloud so I was thinking that I might
use SAML to authenticate the clients. Open Access Server has it as an
option but Community does not (yet).
We will stick with 2FA.
Thanks for your help.
…On Fri, Sep 6, 2024, 1:00 PM NidinaKoirala ***@***.***> wrote:
no , its auth for UI login, not for clients. For clients you can use 2fa ,
like google authenticator, or microsoft authenticator, 1 password. Enable
2fa and users are prompt to add it.
—
Reply to this email directly, view it on GitHub
<#88 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABVKI2GLWVSSZILJSZS2A7LZVHNTDAVCNFSM6AAAAABJ3SFBNWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJXGE3TAMI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
For our requirement i have added the code for google login, so that other staffs in company can login with gmail and create or delete the Configurations. The google users won't have admin access. Is it something that should i Send PR?
If it helps anyone else i will send a PR
Beta Was this translation helpful? Give feedback.
All reactions