VPN control 2021-01-11

It blocks all vpn attempts to log in except those users that have been whitelisted

  1. Tschallacka
    Native Minecraft Version:
    1.16
    Tested Minecraft Versions:
    • 1.16
    Source Code:
    https://github.com/tschallacka/spigot-vpncontrol/tree/master
    Contributors:
    Tschallacka
    VPN CONTROL

    Denies entry to people who use VPN, unless they are put on a whitelist.
    This plugin requires a mysql/mariadb database.
    This plugin does not log the IP's used by the user. It only keeps in the database the UUID of the user and who whitelisted the user and when.

    Whitelisting cannot be done from terminal. Mostly because I considered that scenario too late, and didn't feel like rewriting the entire whitelisting chain for that use case.

    Creating a mysql/mariadb database on linux or the windows linux subsystem

    Code (Text):
    sudo su root

    mysql -u root

    CREATE DATABASE `<your_database_name_here>`;

    CREATE USER '<your_username_here>'@'localhost'
        IDENTIFIED BY '<your_database_password_here>';

    GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES
        ON `<your_database_name_here>`.*
        TO '<your_username_here>'@'localhost';

    quit
     
    Enter the database name, username and password in the plugin config.

    Commands:

    /vpncontrol whitelist add <playername> - Adds a player to the whitelist for people who are allowed to use a vpn
    /vpncontrol whitelist remove <playername> - Removes a player from the whitelist
    /vpncontrol whitelist status <playername> - Gets the status of a player on the whitelist
    /vpncontrol refresh - Deletes all whitelist entries in the database, loads new from github.

    Java and mysql

    It may be that there is no mysql connector installed for java on your server host.
    If this is the case when you try to load the server with the plugin installed you'll get an error like this:
    Code (Text):
    Caused by java.lang.RuntimeException: Can't load resource bundle due to underlying exception java.util.MissingResourceException: Can't find bundle for base name com.mysql.cj.LocalizeErrorMessages, locale
    Example of error message[​IMG]

    To install it ssh into your server and execute the command

    Code (Text):
    sudo apt-get install libmariadb-java
    Should this not work, giving a message *"Unable to locate package libmariadb-java"*, like on some debian buster servers, download libmaria-db from a server here: https://packages.debian.org/buster/all/libmariadb-java/download

    Upload it to your server and run

    Code (Text):
    sudo dpkg -i libmaria*.deb && sudo apt-get -f install
    Configuration

    When the plugin first starts it will write a plugin file to server_path/plugins/VpnControl/config.yaml
    Code (Text):

    mysql-host: 127.0.0.1
    mysql-port: '3306'
    mysql-database: database
    mysql-username: username
    mysql-password: password
    blocked-message: You haven't registered as a VPN user with this server. Register as
      user at https://www.example.com
    notify-message: <player> has joined via VPN.
     
    mysql-host The IP adress of your mysql server. Usually this will be localhost. But if you have a dedicated mysql server enter it's IP here. Usually you don't need to change this.
    mysql-port The port on which your mysql server listens to connections. Usually this is 3306.
    mysql-database The name of your database. This is what you entered after [code single]CREATE TABLE[/code] if you used the commands above for setting up a database.
    mysql-username The username of the user that can access your database. DO NOT USE ROOT! please create a dedicated user with [code single]CREATE USER [/code]. Using root is bad, m'kay?
    mysql-password The password for the above user. Always use a password.
    blocked-message The message you want to show when a user joins that uses vpn and isn't whitelisted. It's recommended to add a website/discord url where they can register.
    notify-message People that have the vpncontrol.notify permission will get this message when a whitelisted user using VPN joins. Use <player> where the username of the player that joined should go.

    Permissions

    There are 3 permissions in this plugin
    vpncontrol.whitelist Allow users with this permission to add and remove users from the vpn control whitelist
    vpncontrol.refresh Allow users with this permission to refresh the IP list of vpns
    vpncontrol.notify Users with this permission get a message when people using vpn join

    Datasource

    The list of vpn's used is pulled from https://github.com/tschallacka/VPNs.

    Should a vpn user connect, that isn't on this list, please create an issue with the offending IP and I'll research it and merge it and other IP's of that provider I can find into the list.

    This plugin does not automatically check yet for an update of the IP list. The command /vpncontrol refresh is currently the only way to refresh that list. Don't run this every day. It most likely won't be updated every day as IPV4 adresses are limited. Future versions will contain an automatic check.

    Refreshing IP's takes about 30 seconds on a moderate server. It will take longer when I implement IPV6 support.

    This plugin currently only checks for IPV4 connections and not IPV6. If you server is setup to listen on an ipv6 port, this plugin will not stop vpn connections from there yet. It might in a future version if I come back to it.