# VPN Service Setup Guide This guide explains how to set up and use your custom VPN service with support for UK, Germany, and Spain servers. ## Overview The VPN service includes: - **User Authentication**: Simple username/password login - **Country Selection**: Choose between UK, Germany, and Spain - **Configuration Download**: Download OpenVPN config files - **Admin Panel**: Manage users and view statistics ## Prerequisites 1. **VPN Servers**: You need actual VPN servers in UK, Germany, and Spain 2. **OpenVPN**: Servers should run OpenVPN 3. **SSL Certificates**: Each user needs client certificates (`.crt`, `.key`, `ca.crt`) 4. **Database**: MySQL/MariaDB (already configured) ## Installation Steps ### 1. Database Setup The database tables are automatically created when you first access `vpn-config.php`. The system creates: - `vpn_users` - User accounts - `vpn_connections` - Connection logs - `vpn_configs` - Stored configurations ### 2. Configure VPN Servers Edit `vpn-config.php` and update the server details: ```php $vpn_servers = [ 'UK' => [ 'host' => 'vpn-uk.yourdomain.com', // Your actual UK server 'port' => 1194, // ... ], // ... update Germany and Spain too ]; ``` ### 3. Set Up OpenVPN Server On each VPN server (UK, Germany, Spain), you need: 1. **Install OpenVPN**: ```bash sudo apt-get update sudo apt-get install openvpn easy-rsa ``` 2. **Generate CA and Server Certificates**: ```bash make-cadir ~/openvpn-ca cd ~/openvpn-ca ./easyrsa init-pki ./easyrsa build-ca ./easyrsa gen-req server nopass ./easyrsa sign-req server server ./easyrsa gen-dh ``` 3. **Create Server Configuration** (`/etc/openvpn/server.conf`): ``` port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" keepalive 10 120 cipher AES-256-CBC auth SHA256 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 ``` 4. **Start OpenVPN**: ```bash sudo systemctl start openvpn@server sudo systemctl enable openvpn@server ``` ### 4. Generate Client Certificates For each user, generate client certificates: ```bash cd ~/openvpn-ca ./easyrsa gen-req client1 nopass ./easyrsa sign-req client client1 ``` This creates: - `client1.crt` (client certificate) - `client1.key` (client private key) - `ca.crt` (CA certificate - same for all users) ### 5. Upload Certificates You need to: 1. Store `ca.crt` in a web-accessible location 2. For each user, store their `.crt` and `.key` files 3. Update the config generator to include certificate paths **Note**: The current implementation generates config files that reference certificates. You'll need to either: - Bundle certificates in the `.ovpn` file (see below) - Provide certificates separately - Use a certificate management system ### 6. Enhanced Config with Embedded Certificates To embed certificates in the `.ovpn` file, modify `vpn-download-config.php`: ```php function generateOpenVPNConfig($username, $server, $country) { // Read certificate files $ca_cert = file_get_contents('/path/to/ca.crt'); $client_cert = file_get_contents("/path/to/certs/{$username}.crt"); $client_key = file_get_contents("/path/to/certs/{$username}.key"); $config = << {$ca_cert} {$client_cert} {$client_key} CONFIG; return $config; } ``` ## Usage ### For End Users 1. **Login**: Go to `vpn-login.php` 2. **Select Country**: Choose UK, Germany, or Spain 3. **Download Config**: Click "Download Config File" 4. **Import to OpenVPN Client**: - Windows: OpenVPN GUI - Mac: Tunnelblick - Linux: NetworkManager or command line - Mobile: OpenVPN Connect app ### For Administrators 1. **Access Admin Panel**: Go to `vpn-admin.php` 2. **Default Credentials**: - Username: `admin` - Password: `admin123` (CHANGE THIS!) 3. **Create Users**: Add new VPN users with username/password 4. **Manage Users**: Suspend, activate, or delete users 5. **View Statistics**: See connection logs and usage ## Security Recommendations 1. **Change Admin Password**: Update `vpn-admin.php` with a strong password 2. **Use HTTPS**: Serve the VPN portal over HTTPS 3. **Secure Certificates**: Store client certificates securely 4. **Firewall Rules**: Configure server firewalls properly 5. **Regular Updates**: Keep OpenVPN and system updated 6. **Password Policy**: Enforce strong passwords for users 7. **Rate Limiting**: Add rate limiting to login attempts ## Troubleshooting ### Users Can't Connect 1. Check OpenVPN server is running: `sudo systemctl status openvpn@server` 2. Verify firewall allows UDP port 1194 3. Check server logs: `sudo tail -f /var/log/openvpn/server.log` 4. Verify certificates are valid and not expired ### Configuration File Issues 1. Ensure certificate paths are correct 2. Check file permissions on certificate files 3. Verify certificate format (should be PEM) ### Database Errors 1. Check database connection in `vpn-config.php` 2. Verify tables were created: `SHOW TABLES LIKE 'vpn_%';` 3. Check user permissions on database ## Advanced Features (Future Enhancements) - **Bandwidth Limiting**: Per-user bandwidth limits - **Connection Time Limits**: Maximum session duration - **Multi-Factor Authentication**: Add 2FA support - **Usage Analytics**: Detailed connection analytics - **Automatic Certificate Renewal**: Auto-renew expiring certificates - **API Access**: REST API for programmatic access - **Mobile Apps**: Native mobile applications ## Support For issues or questions: 1. Check server logs 2. Review database connection logs 3. Verify OpenVPN server configuration 4. Test with a simple OpenVPN client first ## Files Overview - `vpn-config.php` - Configuration and database setup - `vpn-login.php` - User login page - `vpn-login-process.php` - Authentication handler - `vpn-dashboard.php` - User dashboard with country selection - `vpn-download-config.php` - Configuration file generator - `vpn-logout.php` - Logout handler - `vpn-admin.php` - Admin panel for user management