Tested with google
and Dex.
auth-server
— implements authentication by OpenID Connect (OIDC) provider and outputs information for connecting to the OpenVPN server (username, one-time password and OpenVPN client configuration file).auth-client
— checks the username and password received from OpenVPN client.
ISSUER_URL
— URL where auth-server can find the OpenID Provider Configuration Document, which should be available in the /.well-known/openid-configuration.DOMAIN
— auth-server domain.CLIENT_ID
— unique identifier for your registered application.CLIENT_SECRET
— is a secret known only to the application and the authentication server.ADDITIONAL_SCOPES
— list of additional scopes.OPENVPN_SERVER_HOST
— IP or domain for connect to OpenVPN server.OPENVPN_SERVER_PORT
— port that listen OpenVPN server.
ISSUER_URL="https://accounts.google.com"
DOMAIN=openvpn-auth.example.com
CLIENT_ID="0-r.apps.googleusercontent.com"
CLIENT_SECRET="secret"
ADDITIONAL_SCOPES="email"
OPENVPN_SERVER_HOST=openvpn.example.com
OPENVPN_SERVER_PORT=1194
git clone git@github.com:vitaliy-sn/openvpn-oidc.git
cd helm
vim values.yaml
helm install openvpn-oidc .
- Google.
- Dex - you need to create a custom resource oauth2clients.dex.coreos.com in kubernetes cluster.