Multiple Users with Individual VPNs Sharing One Endpoint

Solution Based on Experience from the Field

This article provides a solution that has not been approved by the IGEL Research and Development department. Therefore, official support cannot be provided by IGEL. Where applicable, test the solution before deploying it to a productive environment.

The trick is that we have to get all the users' OpenVPN config files (.ovpn) named as <username>.ovpn and placed under /wfs

We then have this script  /wfs/openvpn/connect.sh

--- 

#!/bin/bash

1. Requirements:
2. - all users' ovpn config file needs to be in /wfs/`

1. Initialise variables
   answer=-1
   declare -a profiles=($(cd /wfs ; ls *ovpn | sed -e 's/\.ovpn//' | tr '\n' ' '))
   count=${#profiles[@]}

1. Loop until a valid profile index is selected
   until [ $answer -ge 0 -a $answer -lt ${count} ]; do
   clear
   for((i=0;i<${count};i++)); do
   echo "${i}: ${profiles[${i}]}"
   done;
   read -p "Select the number corresponding to your account: " answer
   done

1. export variable vpnuser in case a child process needs it (probably overkill)
   export vpnuser=${profiles[${answer}]}

1. Provide a name server only if one is not already installed
   grep -q 192.168.1.222 /etc/resolv.conf || echo "nameserver 192.168.1.222" >> /etc/resolv.conf

1. Start the openvpn client
   openvpn --config /wfs/${vpnuser}.ovpn --daemon

--- 

(The nameserver bit is required.  It needs to be an internal DNS server, not sure how you'd generalize this)

Next we have a custom application with "Command" as:

pkexec /usr/bin/xfce4-terminal -T VPN --geometry=90x40-0+0 -x /wfs/openvpn/connect.sh