You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2.5 KiB

CCrypto VPN

CCVPN is the software we use at CCrypto to provide our VPN. You can see it live at https://vpn.ccrypto.org/

It handles user management, support tickets, billing and is used as a backend for VPN authentication.
It communicates with an external service, lambdacore, that manages VPN servers and sessions.

Disclaimer: this is a specialized solution that requires proprietary software to function. This repo is a way for us to share our work freely as we don't believe keeping it secret will do any good; feel free to base your own work on it but don't except it to be of an use as-is.

CCrypto's commercial support does not include this and will not help you set it up. Feel free to contact us about ccvpn, but with no guarantee.
PacketImpact however may provide you commercial support and more services about ccvpn and lambdacore.

Getting Started

# Install poetry
pip3 install poetry
export PATH=~/.local/bin/:$PATH  # also add that to your .profile

# Install ccvpn3
git clone https://git.ccrypto.org/ccrypto/ccvpn3.git
cd ccvpn3
poetry config settings.virtualenvs.in-project true
poetry install

cp ccvpn/local_settings.sample.py ccvpn/local_settings.py
# Edit ccvpn/local_settings.py
# See ccvpn/settings.py for all available settings and defaults

# Those need to be run on installation and updates
poetry run ./manage.py migrate
poetry run ./manage.py compilemessages
poetry run ./manage.py collectstatic

# The standard Django manage.py can be called through poetry
poetry run ./manage.py runserver

Debian Deployment

# Install uwsgi and a web server, and python deps
apt install gettext git nginx uwsgi uwsgi-plugin-python3 python3-venv python3-setuptools python3-pip

# Create a new account and switch to it
adduser --disabled-login ccvpn

su - ccvpn
# As ccvpn, follow the instructions in Getting Started
# then Ctrl-D/exit back to root

cp /home/ccvpn/ccvpn3/deploy/nginx.conf /etc/nginx/sites-enabled/ccvpn3.conf
cp /etc/ccvpn/ccvpn3/deploy/uwsgi.ini /etc/uwsgi/apps-enabled/ccvpn3.ini
systemctl restart uwsgi
systemctl reload nginx

Celery

# run celery background processes
poetry run celery -A ccvpn worker -l info
poetry run celery -A ccvpn beat -l info
# celery flower monitoring web ui
poetry run flower --port=5555 -A ccvpn

# ~ with systemd services ~

cp ./deploy/ccvpn-*.service /etc/systemd/
systemctl daemon-reload
systemctl enable --now ccvpn-{worker,scheduler,flower}.service