Business-VPN WHMCS module Description Changelog Installation and configuration guide Basic concepts and requirements Business-VPN module WHMCS Order now | Download | FAQ Requirements for the successful operation of the module Minimal WHMCS version 8+ Mikrotik/CHR router OS 7+ Public network for the needs of NAT implementation An IP address class must be reserved for the solution. Each end customer receives one IP address after activating the service. Please refer to the basic mode of operation of the module to better understand its operation and functionality. The basic logic of the module During the creation of a service for the end client, the module does the following actions: Automatically selects a free public IP address from the server available in the settings. When choosing an available IP address, services in the terminated state are not taken into account, i.e. previously used IP. (Previously used IP addresses for services that have not been extended and have expired will be used to activate the service for the new client.) The module configures the selected public IP address on the network interface of the router. The module creates firewall rules such as: NAT rules for accessing the Internet private network Allowing firewall rules for communication between IP's of a private network Block rules that block traffic between all other private networks. Mikrotik management schema When a user creates a VPN account, the module creates a VPN user Mikrotik on the router, adds queues with a bandwidth limit. When a user deletes a VPN Account, the module deletes the VPN user on Mikrotik and deletes the bandwidth-limiting queue. When a user creates port forwarding, the module creates rules on the Mikrotik router in the firewall that implement port forwarding from a public address to a private one. During service suspension, the module disables all VPN client accounts and resets all active connections. During service unsuspension, the module enables all VPN client accounts. During service termination, the module deletes all VPN client accounts, deletes all firewall rules associated with the service, and also deletes the public IP from the router's network interface. WHMCS setup(install/update) Business-VPN module WHMCS Order now | Download | FAQ Module is coded ionCube v13 Supported php version: php 7.4 WHMCS 8.11.0 - php 8.1 WHMCS 8.11.0 + php 8.2 WHMCS 8.11.0 + To install and update a module, you must perform one and the same action. 1. Download the latest version of the module. PHP 8.2 wget http://download.puqcloud.com/WHMCS/servers/PUQ_WHMCS-Business-VPN/php82/PUQ_WHMCS-Business-VPN-latest.zip PHP 8.1 wget http://download.puqcloud.com/WHMCS/servers/PUQ_WHMCS-Business-VPN/php81/PUQ_WHMCS-Business-VPN-latest.zip PHP 7.4 wget http://download.puqcloud.com/WHMCS/servers/PUQ_WHMCS-Business-VPN/php74/PUQ_WHMCS-Business-VPN-latest.zip All versions are available via link: https://download.puqcloud.com/WHMCS/servers/PUQ_WHMCS-Business-VPN/ 2. Unzip the archive with the module. unzip PUQ_WHMCS-Business-VPN-latest.zip 3. Copy and Replace "puqBusinessVPN" from "PUQ_WHMCS-Business-VPN" to "WHMCS_WEB_DIR/modules/servers/" Mikrotik preparation and configuration Business-VPN module WHMCS Order now | Download | FAQ Note: Enter the following commands one by one and wait for the command to complete. I. Check RouterOS version Make sure that the version of RouterOS is 7+ system/package/print II. Enabling HTTPS Create your own root CA on your router /certificate add name=LocalCA common-name=LocalCA key-usage=key-cert-sign,crl-sign III. Sign the newly created CA certificate /certificate sign LocalCA IV. Create a new certificate for Webfig (non-root certificate) Note: as common-name=XXX.XXX.XXX.XXX You enter public IP adddress of the router. /certificate add name=Webfig common-name=XXX.XXX.XXX.XXX V. Sign the newly created certificate for Webfig /certificate sign Webfig ca=LocalCA VI. Enable SSL (www-ssl) and specify to use the newly created certificate for Webfig /ip service set www-ssl certificate=Webfig disabled=no VII. Enable api-ssl and specify to use the newly created certificate for Webfig /ip service set api-ssl certificate=Webfig disabled=no VIII. Enable VPN server To enable the VPN server Add server (router Mikrotik) in WHMCS Business-VPN module WHMCS Order now | Download | FAQ Add a new server to the system WHMCS. Login to Your WHMCS panel and create new server in WHMCS (System Settings->Products/Services->Servers) System Settings->Servers->Add New Server Enter the correct Name and Hostname Name is just for Your convenience and You can put there anything You like ie: Mygreat mikrotik routr You can choose whatever hostname You want. Valid entries look similar to: vpn.mydomain.com, ourgreatvpn.mydomain.net. You can also dedicate whole domain ie: myVPNservices.com if You like. The important  thing is to resolve the choosen IP address of the Mikrotik router in DNS server for Your domain. In the "Assigned IP Addresses field", enter a list of IP addresses that will be issued to users. The format in which you need to enter a list of public IP addresses and private subnets is as follows. To define the available pool of IP addresses, for each available IP number you should enter another line where the data is separated by the "|" separator. Each line with an IP number definition has the following structure: ||| Enter the correct data in the username and password field In the Server Details section, select the "PUQ Business-VPN" module and enter the correct username and password for the  Mikrotik. To check, click the "Test connection" button Product Configuration Business-VPN module WHMCS Order now | Download | FAQ Add new product to WHMCS System Settings->Products/Services->Create a New Product In the Module settings section, select the "PUQ Business-VPN" module License key: A pre-purchased license key for the "PUQ Business-VPN" module. For the module to work correctly, the key must be active Interface for public IP: Interface on the router on which the public IP address will be set PPP Profile: PPP secret profile on Mikrotik router VPN users settings Number of VPN users: The number of VPN accounts that a client can create Bandwidth Download:  Download bandwidth that will apply per VPN connection Bandwidth Upload: Upload bandwidth that will apply per VPN connection Mikrotik configuration Public IP on interface: If checked, the module will automatically set the IP address on the interface in the Mikrotik router NAT rules on public ip: If checked, then the module will automatically make firewall rules that will make NAT, for Internet access of all connected VPN accounts of the client in the Mikrotik router Firewall Accept Rules: If checked, then the module automatically creates firewall rules that will allow traffic between VPN client accounts Firewall Drop Rules: If checked, then the module automatically creates firewall rules that will drop traffic between VPN client accounts and other private networks on the router Basic settings Description prefix: The prefix that will appear in all descriptions that will be on the Mikrotik router Service:  A service that will be available to a VPN user on a Mikrotik router Support PPtP/Support L2TP: If checked, it will be reflected in the client zone L2TP IPSec PSK key: it will be reflected in the client zone Client Area Home screen Business-VPN module WHMCS Order now | Download | FAQ Basic information on client panel page VPN server: The VPN server address that is entered when creating a VPN connection for the end user Dedicated IP:  The public IP address that is reserved for the service and through which all users of the VPN service will be represented on the Internet.Private internal network:  Private subnet whose IP addresses are available to the client to create VPN accounts. When adding a new VPN account, it will be assigned an IP address from this internal pool of addresses.VPN Protocols: VPN protocols that are available (by default you can easly enable two protocols in Mikrotik router: PPPtP i L2TP )L2TP IPSec PSK key: In the case of L2TP, this is the encryption keyNumber of VPN accounts:Number of used and available VPN client accounts from the pool available based on the defined package.Bandwidtht download/upload:  The bandwidth rate that will be available on each VPN client account Function buttons for service management. Add VPN account: To create a new VPN account Port Forwarding: To configure port forwarding from a public IP address to a private one Statistics: To access connection statistics of VPN List of VPN accounts with technical/dynamic data and also buttons Edit and Reset connections Add VPN account Business-VPN module WHMCS Order now | Download | FAQ This is how the page for adding a new VPN account looks like. Each VPN account has a unique client ID, the ID is generated according to the scheme --Manually entered value. - are generated automatically by module. You can modify manually the last part. To create a new account, the client must enter the following. Username, Password, Select an available IP address from the dropdown list. Then click the Add VPN account button. Edit VPN account Business-VPN module WHMCS Order now | Download | FAQ In order to edit a VPN account, you must click on the Edit button on the selected account. You can edit the following parameters: Password IP address Enable/Disable VPN account Also on the editing page there is an opportunity to delete a VPN account. By pressing the DELETE button Statistics Business-VPN module WHMCS Order now | Download | FAQ The module provides visual online statistics of VPN accounts. It is possible to select a specific data to display statistics. Statistics are available for the last 60 days. Admin Area Product Home Screen Business-VPN module WHMCS Order now | Download | FAQ The main screen of the product contains the following items. List of VPN client accounts List of all forwarded client ports.