eurephia - a flexible OpenVPN authentication plug-in
eurephia is an authentication plug-in for OpenVPN. OpenVPN is a simple but yet powerful application to create secure VPN connections between computers and networks. OpenVPN includes a safe regime using SSL certificates to authenticate users.
This plug-in enhances OpenVPN by adding user name and password authentication in addition. An eurephia user account is a combination of minimum one OpenVPN SSL certificate and a user name with a password assigned. It is also possible to setup several eurephia user names to use a shared OpenVPN certificate.
If too many failed log-ins is attempted, eurephia will automatically blacklist IP addresses, certificates or user accounts. The user accounts and certificates can also be manually blocked, and upon the next authentication (also within active sessions) the user will be rejected immediately.
eurephia supports dynamic firewall updates per connection/session on Linux based router/firewall running OpenVPN. This means that each user account may have their own restricted access profile to the network, and you can control the network access with great granularity. This is achieved by using predefined iptables chains, which is activated after the user is authenticated. For more in-depth information, have a look at the documentation.
All information is stored in a database and all changes to the accounts will be effective immediately. At the moment eurephia supports the SQLite database. Drivers for PostgreSQL and MySQL are being planned.
2014-04-15 This project may seem dead, with few updates. But it is not! The reason is that the current stable release is rock solid. In the pipe for next releases are OpenVPN 2.3's plug-in API v3 support, to better support UTF-8 characters in certificates, possibility to load separate authentication modules (including a socket based authentication API and LDAP authentication support) and a PostgreSQL database driver. Much code has been written, some can be found in the git repos. If there are concrete use cases, get in touch and we'll try to figure out how to speed up the needed coding.
2012-11-05 eurephia v1.1.0 packages for Red hat Enterprise Linux (RHEL), ScientificLinux and CentOS have now been submitted to the standard Fedora EPEL repositories. It is also available directly in Fedora 16, 17 and 18. For Debian Wheezy, see the instructions on the download page.
2012-10-24 eurephia v1.1.0 packages are available in Fedora updates-testing repository. Packages for Red Hat Enterprise Linux (RHEL) 5 and 6 are available via the Fedora EPEL repository. Currently they are in the epel-testing repository. Install using --enablerepo=updates-testing or --enablerepo=epel-testing in the 'yum install' command line. Packages will be pushed to stable as soon as possible. To make it faster, please test the packages and report your result via Fedora Updates
2012-10-09 eurephia v1.1.0 is released. The main feature in this release is TUN support, in addition to a lot of minor bugfixes. Go to the download pages for more information.
2012-09-13 The eurephia development have not moved much lately. Mostly because it functions very well and has been rock solid so far. However, some development has been done today to add improved tun mode support. Planning to release a eurephia v1.1 release at some point soon, with some bugfixes and full tun mode support.
2012-09-13 OpenVPN v2.3_alpha releases have been out for a while, and the first beta is just around the corner. For eurephia to function optmially with v2.3, you need to use the new option --compat-names. This is just temporarily until eurephia makes use of the new plug-in API which also arrives in v2.3.
2011-04-26 OpenVPN 2.2.0 is released, which includes the needed eurephia patch. So eurephia can now be built standalone when using OpenVPN 2.2.0 and newer versions.