HostOnNet Blog


sacli – OpenVPN Access Server configuration tool

sacli is used to query/set OpenVPN Access Server configuration.

To list all configs, run

/usr/local/openvpn_as/scripts/sacli ConfigQuery

Example

[root@vps378748 openvpn_as]# /usr/local/openvpn_as/scripts/sacli ConfigQuery
{
  "admin_ui.https.ip_address": "eth0", 
  "admin_ui.https.port": "943", 
  "aui.eula_version": "2", 
  "auth.ldap.0.name": "My LDAP servers", 
  "auth.ldap.0.ssl_verify": "never", 
  "auth.ldap.0.timeout": "4", 
  "auth.ldap.0.use_ssl": "never", 
  "auth.module.type": "pam", 
  "auth.pam.0.service": "openvpnas", 
  "auth.radius.0.acct_enable": "false", 
  "auth.radius.0.name": "My Radius servers", 
  "cs.cws_proto_v2": "true", 
  "cs.https.ip_address": "eth0", 
  "cs.https.port": "943", 
  "cs.prof_sign_web": "true", 
  "cs.ssl_method": "SSLv3", 
  "cs.tls_version_min": "1.0", 
  "host.name": "92.222.90.3", 
  "sa.initial_run_groups.0": "web_group", 
  "sa.initial_run_groups.1": "openvpn_group", 
  "vpn.client.routing.inter_client": "false", 
  "vpn.client.routing.reroute_dns": "true", 
  "vpn.client.routing.reroute_gw": "true", 
  "vpn.daemon.0.client.netmask_bits": "20", 
  "vpn.daemon.0.client.network": "172.27.224.0", 
  "vpn.daemon.0.listen.ip_address": "eth0", 
  "vpn.daemon.0.listen.port": "443", 
  "vpn.daemon.0.listen.protocol": "tcp", 
  "vpn.daemon.0.server.ip_address": "eth0", 
  "vpn.server.daemon.enable": "true", 
  "vpn.server.daemon.tcp.n_daemons": "1", 
  "vpn.server.daemon.tcp.port": "443", 
  "vpn.server.daemon.udp.n_daemons": "1", 
  "vpn.server.daemon.udp.port": "1194", 
  "vpn.server.group_pool.0": "172.27.240.0/20", 
  "vpn.server.port_share.enable": "true", 
  "vpn.server.port_share.ip_address": "1.2.3.4", 
  "vpn.server.port_share.port": "1234", 
  "vpn.server.port_share.service": "admin+client", 
  "vpn.server.routing.private_access": "nat", 
  "vpn.tls_refresh.do_reauth": "true", 
  "vpn.tls_refresh.interval": "360"
}
[root@vps378748 openvpn_as]#

To list a users configurations, run

/usr/local/openvpn_as/scripts/sacli UserPropGet --user openvpn

Example

[root@vps378748 openvpn_as]# /usr/local/openvpn_as/scripts/sacli UserPropGet --user openvpn
{
  "__DEFAULT__": {
    "prop_autogenerate": "true", 
    "type": "user_default"
  }, 
  "openvpn": {
    "prop_lzo": "true", 
    "prop_superuser": "true", 
    "pvt_google_auth_secret": "FDQLGEIKBVTQFFDX", 
    "pvt_google_auth_secret_locked": "false", 
    "type": "user_compile"
  }
}
[root@vps378748 openvpn_as]# 

To enable comp__lzo, run

/usr/local/openvpn_as/scripts/sacli --user openvpn --key prop_lzo --value true UserPropPut

Posted in Linux