Business-VPN WHMCS module
The module is intended as an opportunity for IT companies to expand their offer for customers by offering paid VPN accounts. After installation, the module will fully manage the creation, edition, and suspension of VPN accounts and interact with the WHMCS billing system, exchanging data needed for settlements with customers, activations or service blocking.
- Description
- Changelog
- Installation and configuration guide
- Basic concepts and requirements
- 1. WHMCS setup(install/update)
- 2. Mikrotik preparation and configuration
- 3. Add server (router Mikrotik) in WHMCS
- 4. Product Configuration
- Client Area
- Admin Area
Description
Order now | Dowload | Forum
The Business VPN module provides an opportunity to sell the Virtual Private Network service for business clients.
The module is designed as a professional solution for companies and corporations, which enables remote access to company resources from anywhere in the world in a safe and monitored manner. The biggest difference from common VPN solutions such as NordVPN, EasyVPN etc. is the professional nature of the service.
What makes Business VPN different from regular, widely offered VPNs
The end customer of the service receives such opportunities as:
- Dedicated permanent IP address
- Full management of VPN accounts to the end buyer: Create, modify, delete and block VPN accounts
- Forward TCP/UDP protocol ports from a public address to any IP address on the internal network
- Convenient and informative VPN account connection statistics
Thanks to our solution, the client does not have to delegate the company's resources to carry out this activity, but focus on the practical side of using it, thanks to which he saves money.
This model of operation allows IT departments in companies to configure in detail and securely internal Firewall, passing specific ports, detailed traffic monitoring, or to keep through internal IDS which is not possible when using commonly offered solutions.
Such a VPN becomes an integral part of the company's IT infrastructure and is ideally suited to the conditions of a given client.
Who and why needs such a service that this module provides.
The service offers to the end customer a fully fledged private network.
- The service combines all nodes that are connected via VPN into one private network. This allows you to communicate with each other from different physical locations. An example of use is, the remote work of the company's staff, having private remote access to each other. Also, due to the fact that each connected VPN user will be presented on the Internet with the public address of the service, it is possible to configure access to the company's servers only from the IP address of the service. Thus restrict access only to everyone except users of the service.
- If your employees need to have access to some sites on the Internet and be represented by a public address of a certain geographic location, then this service allows you to implement it. The public address of the service is not changed during the entire time of using the service.
- Ability to connect network devices, such as measuring instruments, to the same network, creating remote access to network equipment.
Module Functions:
- Auto create and deploy VPN account/accounts
- Suspend/Unsuspend/Terminate/Change Package/Change Password/Reset connection
- Use only Mikrotik API
- Possibility to set Bandwidth speed limits
- Module supports multilingualism
- Account limit per package
- Bandwidth Limit per account
Functions of the client area:
- Creating VPN Accounts
- Deleting a VPN account
- Blocking VPN account
- VPN account online statistics. For control
Changelog
Order now | Download | Forum
v1.1.5 Released 11-10-2023
- Supported WHMCS v8.8.0
- Translations added/updated (Arabic, Azerbaijani, Catalan, Chinese, Croatian, Czech, Danish, Dutch, English, Estonian, Farsi, French, German, Hebrew, Hungarian, Italian, Macedonian, Norwegian, Polish, Romanian, Russian, Spanish, Swedish, Turkish, Ukrainian)
v1.1 Released 03-03-2023
- Support Mikrotik v7.8
- Support WHMCS v8.6
- Support IonCube PHP Loader v12
- Support for PHP 8.1 and PHP 7.4
- Change in the way statistics are collected and cleaned
- Design change, icons added
v1.0 Released 20-10-2022
First version
Installation and configuration guide
Basic concepts and requirements
Order now | Dowload | Forum
Requirements for the successful operation of the module
- Minimal WHMCS version 8+
- Mikrotik/CHR router OS 7+
- Public network for the needs of NAT implementation
An IP address class must be reserved for the solution. Each end customer receives one IP address after activating the service.
Please refer to the basic mode of operation of the module to better understand its operation and functionality.
The basic logic of the module
During the creation of a service for the end client, the module does the following actions:
- Automatically selects a free public IP address from the server available in the settings. When choosing an available IP address, services in the terminated state are not taken into account, i.e. previously used IP. (Previously used IP addresses for services that have not been extended and have expired will be used to activate the service for the new client.)
- The module configures the selected public IP address on the network interface of the router.
- The module creates firewall rules such as:
- NAT rules for accessing the Internet private network
- Allowing firewall rules for communication between IP's of a private network
- Block rules that block traffic between all other private networks.
Mikrotik management schema
- When a user creates a VPN account, the module creates a VPN user Mikrotik on the router, adds queues with a bandwidth limit.
- When a user deletes a VPN Account, the module deletes the VPN user on Mikrotik and deletes the bandwidth-limiting queue.
- When a user creates port forwarding, the module creates rules on the Mikrotik router in the firewall that implement port forwarding from a public address to a private one.
- During service suspension, the module disables all VPN client accounts and resets all active connections.
- During service unsuspension, the module enables all VPN client accounts.
- During service termination, the module deletes all VPN client accounts, deletes all firewall rules associated with the service, and also deletes the public IP from the router's network interface.
1. WHMCS setup(install/update)
Order now | Dowload | Forum
To install and update a module, you must perform one and the same action.
1. Download the latest version of the module.
PHP 8.1
wget http://download.puqcloud.com/WHMCS/servers/PUQ_WHMCS-Business-VPN/PUQ_WHMCS-Business-VPN-latest.zipPHP 7.4
wget http://download.puqcloud.com/WHMCS/servers/PUQ_WHMCS-Business-VPN/php74/PUQ_WHMCS-Business-VPN-latest.zip
All versions are available via link: https://download.puqcloud.com/WHMCS/servers/PUQ_WHMCS-Business-VPN/
2. Unzip the archive with the module.
unzip PUQ_WHMCS-Business-VPN-latest.zip3. Copy and Replace "puqBusinessVPN" from "PUQ_WHMCS-Business-VPN" to "WHMCS_WEB_DIR/modules/servers/"
2. Mikrotik preparation and configuration
Order now | Download | Forum
Note: Enter the following commands one by one and wait for the command to complete.
I. Check RouterOS version
Make sure that the version of RouterOS is 7+
system/package/print II. Enabling HTTPS Create your own root CA on your router
/certificate
add name=LocalCA common-name=LocalCA key-usage=key-cert-sign,crl-signIII. Sign the newly created CA certificate
/certificate
sign LocalCAIV. Create a new certificate for Webfig (non-root certificate)
Note: as common-name=XXX.XXX.XXX.XXX You enter public IP adddress of the router.
/certificate
add name=Webfig common-name=XXX.XXX.XXX.XXXV. Sign the newly created certificate for Webfig
/certificate
sign Webfig ca=LocalCA VI. Enable SSL (www-ssl) and specify to use the newly created certificate for Webfig
/ip service
set www-ssl certificate=Webfig disabled=noVII. Enable api-ssl and specify to use the newly created certificate for Webfig
/ip service
set api-ssl certificate=Webfig disabled=no VIII. Enable VPN server
To enable the VPN server
3. Add server (router Mikrotik) in WHMCS
Order now | Dowload | Forum
Add a new server to the system WHMCS.
Login to Your WHMCS panel and create new server in WHMCS (System Settings->Products/Services->Servers)
System Settings->Servers->Add New Server- Enter the correct Name and Hostname
Name is just for Your convenience and You can put there anything You like ie: Mygreat mikrotik routr
You can choose whatever hostname You want. Valid entries look similar to: vpn.mydomain.com, ourgreatvpn.mydomain.net. You can also dedicate whole domain ie: myVPNservices.com if You like. The important thing is to resolve the choosen IP address of the Mikrotik router in DNS server for Your domain.
- In the "Assigned IP Addresses field", enter a list of IP addresses that will be issued to users.
The format in which you need to enter a list of public IP addresses and private subnets is as follows.
To define the available pool of IP addresses, for each available IP number you should enter another line where the data is separated by the "|" separator. Each line with an IP number definition has the following structure:
<PUBLIC_IP>|<MASK_OF_ PUBLIC_NETWORK>|<PRIVATE_NETWORK>|<MASK_OF_PRIVATE_NETWORK>
Enter the correct data in the username and password field
- In the Server Details section, select the "PUQ Business-VPN" module and enter the correct username and password for the Mikrotik.
- To check, click the "Test connection" button
4. Product Configuration
Order now | Dowload | Forum
Add new product to WHMCS
System Settings->Products/Services->Create a New ProductIn the Module settings section, select the "PUQ Business-VPN" module
- License key: A pre-purchased license key for the "PUQ Business-VPN" module. For the module to work correctly, the key must be active
- Interface for public IP: Interface on the router on which the public IP address will be set
- PPP Profile: PPP secret profile on Mikrotik router
VPN users settings
- Number of VPN users: The number of VPN accounts that a client can create
- Bandwidth Download: Download bandwidth that will apply per VPN connection
- Bandwidth Upload: Upload bandwidth that will apply per VPN connection
Mikrotik configuration
- Public IP on interface: If checked, the module will automatically set the IP address on the interface in the Mikrotik router
- NAT rules on public ip: If checked, then the module will automatically make firewall rules that will make NAT, for Internet access of all connected VPN accounts of the client in the Mikrotik router
- Firewall Accept Rules: If checked, then the module automatically creates firewall rules that will allow traffic between VPN client accounts
- Firewall Drop Rules: If checked, then the module automatically creates firewall rules that will drop traffic between VPN client accounts and other private networks on the router
Basic settings
- Description prefix: The prefix that will appear in all descriptions that will be on the Mikrotik router
- Service: A service that will be available to a VPN user on a Mikrotik router
- Support PPtP/Support L2TP: If checked, it will be reflected in the client zone
- L2TP IPSec PSK key: it will be reflected in the client zone
Client Area
Home screen
Order now | Dowload | Forum
Basic information on client panel page
VPN server: The VPN server address that is entered when creating a VPN connection for the end user
Dedicated IP: The public IP address that is reserved for the service and through which all users of the VPN service will be represented on the Internet.
Private internal network: Private subnet whose IP addresses are available to the client to create VPN accounts. When adding a new VPN account, it will be assigned an IP address from this internal pool of addresses.
VPN Protocols: VPN protocols that are available (by default you can easly enable two protocols in Mikrotik router: PPPtP i L2TP )
L2TP IPSec PSK key: In the case of L2TP, this is the encryption key
Number of VPN accounts:Number of used and available VPN client accounts from the pool available based on the defined package.
Bandwidtht download/upload: The bandwidth rate that will be available on each VPN client account
Function buttons for service management.
- Add VPN account: To create a new VPN account
- Port Forwarding: To configure port forwarding from a public IP address to a private one
- Statistics: To access connection statistics of VPN
List of VPN accounts with technical/dynamic data and also buttons Edit and Reset connections
Add VPN account
Order now | Dowload | Forum
This is how the page for adding a new VPN account looks like.
Each VPN account has a unique client ID, the ID is generated according to the scheme <user_id>-<service_id>-Manually entered value. <user_id>-<service_id> are generated automatically by module. You can modify manually the last part.
To create a new account, the client must enter the following.
Username, Password, Select an available IP address from the dropdown list. Then click the Add VPN account button.
Edit VPN account
Order now | Dowload | Forum
In order to edit a VPN account, you must click on the Edit button on the selected account.
You can edit the following parameters:
- Password
- IP address
- Enable/Disable VPN account
Also on the editing page there is an opportunity to delete a VPN account.
By pressing the DELETE button
Statistics
Order now | Dowload | Forum
The module provides visual online statistics of VPN accounts.
It is possible to select a specific data to display statistics.
Statistics are available for the last 60 days.
Admin Area
Product Home Screen
Order now | Dowload | Forum
The main screen of the product contains the following items.
- List of VPN client accounts
- List of all forwarded client ports.
