OpenVPN ctl is a small GUI script, which seats in the tray and control running OpenVPN processes via management inteface.
What it can do
- Control multiple local openvpn processes at once
- Initiate and terminate connections
- Show desired (on/off) and actual state for all connections
- Request passwords, insertion of cryptographic tokens and so on via dialogs
- Report state change via GUI notifications
- Show log messages from particular daemon
What it cannot do
- Change openvpn configuration file on the fly
- Control openvpn servers
- Control non-local clients (?)
Whar is required from openvpn configuration
- All VPNs to be controlled by this daemon should be started at the system startup
- They all should be started with --management option which points to local unix-domain socket in the same directory. VPN name to be shown in menui is derived from the socket basename
- They all should use --management-client-group option to set control group to netdev on debian system
- They should use --management-query-passwords and --management-up-down option
- They may use --management-hold option if it is not desired to start OpenVPN without direct user approval.
- They may use --management-signal option in order to get openvpn disconnected on UI exit
These options are better supplied via openvpn command-line from init script. If so, openvpn config might contain only server and PKI-related configuration, thus allowing to use config, provided by OpenVPN server administartor as is.