====== 安裝 openvpn-ui (OpenVPN + 簡易 WebUI) 方案 ======
  * 為解決
    - [[tech/dockovpn|DockOVPN (OpenVPN Docker方案)]] 無 WebUI 可管理 VPN 帳號
    - [[tech/ovpn-admin|OVPN-Admin (OpenVPN + 簡易 WebUI)]] 在 Alpine 升級到 3.23 後無法使用的議題
    * 因此找到這 **[[https://github.com/d3vilh/openvpn-ui|openvpn-ui]]** 方案
  * 安裝環境
    * VM : 1 vCore, 1G RAM, 16G SSD
    * OS : Alpine 3.23 + Docker Compose
  * 規劃環境
    * OpenVPN 內部網路 : 10.0.70.0/24
    * 外部聯入 VPN : vpn.ichiayi.com TCP Port 443

===== 安裝設定 =====
  - 建立目錄與下載相關檔案<cli>
mkdir openvpn-ui
cd openvpn-ui
mkdir -p ./config
wget https://raw.githubusercontent.com/d3vilh/openvpn-server/refs/heads/main/server.conf -O server.conf
wget https://raw.githubusercontent.com/d3vilh/openvpn-server/refs/heads/main/config/easy-rsa.vars -O config/easy-rsa.vars
wget https://raw.githubusercontent.com/d3vilh/openvpn-server/refs/heads/main/config/client.conf -O config/client.conf
wget https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/fw-rules.sh -O fw-rules.sh
wget https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/.env.example -O .env
wget https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/docker-compose.yml -O docker-compose.yml
chmod a+x fw-rules.sh
</cli>
  - 編輯 .env 設定管理者帳號密碼 <cli>
vi .env
</cli>{{repo>https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/.env.example}}
  - 啟動服務 <cli>
docker compose up -d
</cli>

===== 登入管理介面進行設定 =====
  * Exp. http://192.168.1.8:8080 \\ {{:tech:螢幕擷取畫面_2026-01-13_110017.png?400|}}
  * 設定 server 
    * 修改 Port -> 443, Proto -> TCP
    * Push Route (Your Home subnet), Push Redirect-gateway (#註記掉避免所有流量都往 vpn 走), Custom Option Three (增加需要走 vpn 的網段路由)
    * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_110059.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110447.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110539.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110629.png|}}++
  * 設定 client 
    * 修改 Connection Address (改成實際對外 Domain Name 或 IP), Connection Port -> 443, Proto -> tcp
    * Redirect Gateway (#註記掉避免所有流量都往 vpn 走)
    * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_110715.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110919.png|}}++
  * 設定憑證預設資料 
    * 修改 EASYRSA_REQ_COUNTRY -> TW, EASYRSA_REQ_PROVINCE -> TW, EASYRSA_REQ_CITY-> Taipei
    * EASYRSA_REQ_ORG (自己的公司), EASYRSA_REQ_EMAIL (自己的Email), EASYRSA_REQ_OU (自己的部門)
    * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_111005.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_111137.png|}}++
  * 重啟容器讓設定生效 \\ {{:tech:螢幕擷取畫面_2026-01-13_111241.png?1000|}}

==== 建立 VPN 用戶憑證 ====
  * {{:tech:螢幕擷取畫面_2026-01-13_111311.png?1000|}}
  * 輸入用戶相關資訊 Exp. Name -> Jonathan, Client Email -> jonathan@mail.com
    * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_111503.png|}}++
  * 下載用戶連線憑證
    * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_111553.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_111635.png|}}++

==== 查看用戶連線狀態 =====
  * {{:tech:螢幕擷取畫面_2026-01-13_122011.png?1000|}}

===== 參考網址 =====
  * https://github.com/d3vilh/openvpn-ui

{{tag>openvpn}}