#!/usr/bin/env python3 """ OpenVPN Configuration Manager for Hugging Face Spaces Full-featured version with Gradio interface """ import gradio as gr from datetime import datetime def create_openvpn_config(client_name, server_host, server_port, protocol): """Generate OpenVPN client configuration""" config = f"""# OpenVPN Client Configuration # Generated: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')} # Client: {client_name} client dev tun proto {protocol} remote {server_host} {server_port} resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-GCM auth SHA256 verb 3 # Security recommendations: # - Use strong ciphers (AES-256-GCM) # - Enable certificate verification # - Keep certificates secure # - Update regularly """ return config def generate_ca_script(): """Generate CA certificate setup script""" return """#!/bin/bash # Certificate Authority Setup Script for OpenVPN # Run this script on your OpenVPN server # Generate CA private key openssl genrsa -out ca.key 4096 # Generate CA certificate openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \\ -subj "/C=US/ST=State/L=City/O=Organization/CN=CA" # Generate server certificate openssl genrsa -out server.key 4096 openssl req -new -key server.key -out server.csr \\ -subj "/C=US/ST=State/L=City/O=Organization/CN=server" openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt # Generate client certificate openssl genrsa -out client.key 4096 openssl req -new -key client.key -out client.csr \\ -subj "/C=US/ST=State/L=City/O=Organization/CN=client" openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt echo "Certificates generated successfully!" """ def generate_server_config(): """Generate server configuration""" return """# OpenVPN Server Configuration # Network settings port 1194 proto udp dev tun # Certificates ca ca.crt cert server.crt key server.key dh dh.pem # Network configuration server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt # Keepalive keepalive 10 120 # Compression comp-lzo # User permissions user nobody group nogroup # Security cipher AES-256-GCM auth SHA256 tls-auth ta.key 0 # Logging log-append /var/log/openvpn.log verb 3 """ def main(): """Main Gradio interface""" with gr.Blocks(title="OpenVPN Configuration Manager", theme=gr.themes.Soft()) as demo: gr.Markdown("# 🔒 OpenVPN Configuration Manager") gr.Markdown("Generate OpenVPN configurations, certificates, and deployment guides") with gr.Tab("Client Configuration"): with gr.Row(): with gr.Column(): client_name = gr.Textbox(value="client1", label="Client Name") server_host = gr.Textbox(value="vpn.example.com", label="Server Host") server_port = gr.Number(value=1194, label="Port", minimum=1, maximum=65535) protocol = gr.Radio(["udp", "tcp"], value="udp", label="Protocol") config_output = gr.Textbox(label="Client Configuration", lines=20, interactive=False) gr.Button("Generate Client Config", variant="primary").click( create_openvpn_config, inputs=[client_name, server_host, server_port, protocol], outputs=[config_output] ) with gr.Tab("Server Configuration"): server_config = gr.Textbox( label="Server Configuration", lines=25, value=generate_server_config(), interactive=False ) gr.Markdown("**Save this as `/etc/openvpn/server.conf` on your server**") with gr.Tab("Certificate Scripts"): ca_script_btn = gr.Button("Generate CA Script") ca_script_output = gr.Textbox( label="CA Setup Script", lines=20, value=generate_ca_script(), interactive=False ) with gr.Tab("Deployment Guide"): gr.Markdown(""" ## 🚀 Deployment Instructions ### Server Setup: 1. **Install OpenVPN:** ```bash sudo apt update sudo apt install openvpn easy-rsa ``` 2. **Generate Certificates:** - Run the CA script from the "Certificate Scripts" tab - This creates all necessary certificates 3. **Configure Firewall:** ```bash sudo ufw allow 1194/udp sudo ufw allow ssh ``` 4. **Start OpenVPN:** ```bash sudo systemctl start openvpn@server sudo systemctl enable openvpn@server ``` ### Client Setup: 1. **Download Configuration:** - Use the "Client Configuration" tab to generate your config - Save as `client.ovpn` 2. **Import to Client:** - OpenVPN GUI (Windows) - Tunnelblick (macOS) - NetworkManager (Linux) ### Security Best Practices: - ✅ Use strong ciphers (AES-256-GCM) - ✅ Enable certificate verification - ✅ Keep private keys secure - ✅ Regular certificate rotation - ✅ Monitor logs for suspicious activity - ✅ Use fail2ban for protection """) with gr.Tab("Troubleshooting"): gr.Markdown(""" ## 🔧 Common Issues & Solutions ### Connection Problems: - **No internet access:** Check routing and IP forwarding - **Cannot connect to server:** Verify firewall and port settings - **Slow performance:** Try different protocols (UDP vs TCP) ### Certificate Issues: - **Certificate verification failed:** Check CA certificate matches - **Key errors:** Ensure all certificate files are present - **Expired certificates:** Regenerate using CA script ### Performance: - **Use UDP for better performance** - **Enable compression for slower connections** - **Monitor bandwidth usage** """) return demo if __name__ == "__main__": demo = main() demo.launch( server_name="0.0.0.0", server_port=7860, show_error=True, quiet=False )