eurephia
.
Get eurephia at SourceForge.net. Fast, secure and Free Open Source software downloads
.

This FAQ is a work in progress. If you have questions for the FAQ, please send them to the eurephia mailing list:

Generic

How do you pronounce eurephia?
Like in English. [juri:fia] would probably be the closest. 'eu' makes the [ju] sound (like in 'you' or 'eu' in 'Europe') and 'ph' becomes [f] (like in 'Phillip')
Why was this this plug-in written? What's the purpose?
To enhance the security on OpenVPN connections even more. To make the access more fine-grained and get to better control over each user which has an access. Without this plug-in, you can only limit user access by either scratching all certificates, or by using CRL (Certificate Revocation List) in OpenVPN. With this plug-in, you can more easily and quickly disable or enable accounts on the fly. With eurephia you can also be sure that the VPN user will authenticate her-/himself with a secure password.
The SSL keys OpenVPN users must have, do not provide a good regime for controlling that passwords do exists or that the password complexity is good enough. This is because the password is for opening the SSL keys are locally stored and managed on the client. The server is never involved on password change for SSL keys.
With the eurephia plug-in, the user must also use a user name and a password, both which is managed on the OpenVPN server side. When the user wants to change the login password, this must be done against the password change application on the server. In such a regime, you can easily make sure that empty passwords or too simple passwords are not used.
Other reasons to use eurephia, is of course that IP addresses, certificates and user accounts will be blocked automatically if too many failed attempts are registered. In addition, you will also be able to have per-user firewall rules, to limit each users network access over the VPN connection.
What is the system requirements?
This plug-in is heavily tested on Linux and there are some reports that it seems to work on FreeBSD. It should work on other platforms as well. If it compiles, it most probably will work. What will not work out-of-the-box on other platforms is firewall updates, since eurephia now only includes an interface for iptables.
What about Microsoft Windows? Is that platform supported?
As the question above, it is not tested. But if you manage to compile it, it might work quite well. But remember, firewall suport will not work without writing a new firewall implementation. However, Windows clients will work, as long as they are configured with --auth-user-pass
Is eurephia ready for production servers?
Yes! The developer have used eurephia many years now on several production servers. eurephia is considered to be mature by now. And if any bugs are discovered, they will get high attention instantly and a new release will go out as soon as it has been tested.

OpenVPN and eurephia relations

Why are there OpenVPN patches and also patched version of OpenVPN for download here?
Until OpenVPN v2.2, it did not send over one important information via the plug-in interface, the SHA1 fingerprint (digest) of the certificate being used. This is needed to match a unique certificate up against a specific user account in eurephia. Anyhow, those days where you needed to patch OpenVPN are gone. Since OpenVPN v2.2 arrived, complete eurephia support has been available in the upstream version.

eurephia configuration

What do I need to configure eurephia?
You need to install eurephia on your OpenVPN server. The OpenVPN configuration file needs to extended with the 'plugin' and option. You also need to setup some configuration parameters in the database which eurephia will use. For more info, have a look at the wiki pages
Do I need to do any client changes?
You will need to add the 'auth-user-pass' option in the OpenVPN client configuration. For more info, have a look at the wiki pages

Getting help and helping out

I have some troubles, where do I get help?
Check mailing lists and bug tracker on sourceforge.net. If you cannot find your answer here, please send an email to the mailing list:
You can also reach the developer of eurephia on IRC, go to #eurephia, #openvpn or #openvpn-devel on FreeNode and look for dazo.
I've found a bug! How do I report it?
Great! First, check the bug tracker if this is reported already or not. If you can't find it, please report it here!
May I contribute?
Yes, please! Any contribution will be very much appreciated! Write patches, write new modules, help write documentation, package it for your favourite OS, or whatever else. Even graphic work will be appreciated. If you want to help out with the source code, please pull down the latest source code via git and let git produce the patch files. Please make sure you have checked out the right branch for the release if you are fixing bugs.

eurephia source code, source code control (SCM)

Which source control management is used?
eurephia uses git for SCM. For more info about git: http://git.or.cz/
How do I get the source code from git?

$> git clone git://eurephia.git.sourceforge.net/gitroot/eurephia/eurephia.git

By calling this command, you will download the latest development source tree. When you have a cloned git tree locally, you can call the following command to update the source tree with the latests versions available

$> git fetch

This will download changes to the origin branches in git. To merge them with your local branches, you need to call

$> git merge origin/master

For more information about merging and working with remote branches, please have a look on the official documentation. It will provide you with much better information.
How do I get the source code for version x.y
All versions of eurephia are tagged. You need to checkout a tag to get the correct version. Use this command to list all available tags

$> git tag -l

To checkout a specific release to a local working branch, use the following command:

$> git checkout -b <release name> <tag name>

How can I send you patches?
Can I commit to the tree?
Yes, you can commit to your own local tree, and this is very fine! Please do local commits! But you cannot commit to the remote tree. If you do local commits, they can easily be "converted" to patches which can be sent to David Sommerseth <>
To produce good patches quickly and easily, use the following command:

$> git format-patch -s <commitish>

Please give your commits a good commit message, not just a one-liner. It will help implementing your patches more quickly when it is easier to understand what your patch does. If we do not understand what you try to solve, your patch will be sent back to you for further enhancements.
Where can I find git help?
Use the git help arguments (-h|--help), check the git home page at http://git.or.cz/, http://progit.org/book/ (very good resource!) and you will also find a lot of good help by googling for git.
.