zorruno wikki: openVPNSetup with Docker

openVPNSetup with Docker

Using information from: https://hub.docker.com/r/linuxserver/openvpn-as/

NOTE: There is only x86-64 architecture build for this currently.

NOTE: this the web setup is non-free and allows two simultaneous vpn connections (unless paid).
openVPN protocol itself is fully free however, so this web based setup doesn't need to be used.
Note that licencing is US$15 per license per year... minimum 10 licenses!

openVPN Access Server FAQ: https://openvpn.net/vpn-server-resources/frequently-asked-questions-licensing/

IF you are keen for a simple, free-as-in-beer, 2 connection openVPN setup, then proceed...

Get the container up

Use this docker-compose.yml

Put the right details for your mapped docker storage in the volumes section

version: "2"
	image: linuxserver/openvpn-as
	container_name: openvpn-as
	  - TZ=Pacific/Auckland
	  - /dockervolumes/openvpn-as:/config
	  - 943:943
	  - 9443:9443
	  - 1194:1194/udp
	restart: unless-stopped

docker-compose up -d

Set up the web interface

Do this section before port forwarding, as there is a default web interface password.

Go to https://ipaddressofserver:943/admin
Default username/pass is admin/password

Go into the User Permissions menu on the left

Create a new user and give it Admin permissions. Save Settings.

Click 'More Settings' for the Admin user, and give it a password.

Go down to access control (Use NAT should be set) and give the networks you want to the user to be able to access when connected, eg (add multiple subnets one below the other)

Log out of web interface and log in again as new user.

Go to user management and 'Deny Access' or delete the admin user.

Other (Optional)
You can set network addressing in Configuration/VPN Settings menu.

You can choose how DNS service is allocated in Configuration/VPN Settings menu. By default, people keep their own DNS settings, so if you want to route them though the VPN, change it here.

You can set default settings for routing, rather than per user settings in Configuration/VPN Settings menu

Do some port forwarding in your router

Forward these ports in your router to your server running docker. Note that 943 is the web interface - you will need to forward this and expose the this to the outside world to get the clients up and running, but can then turn it off.


Set up the Android App

You will need the external address or domain name of your server (IP address via whatsmyip.com or dyndns etc). Remember to take your phone off your local wifi to connect/setup.

Install the OpenVPN Connect app on your phone, it is this one
Note this is the 'Official' one, but it is non-free(dom) from OpenVPN Inc.

Run the app and add a profile with the + button

it will ask for the url. If your IP is, you'll use:

The app should pull in the certificates and you can save the profile.

You need to edit the profile details (pencil button) and the settings should be something like:

Access Server Hostname (locked):

Profile Name

Server Override (optional)

Port (locked)

Username (locked)

Note: I HAD to put the server override value in there, not sure why (it was initially blank). I couldn't connect without it.

You should now be able to connect (are you off local wifi?) to the VPN.

Turn off port forwarding in your router for the web interface if you want to.
Unforward port 943 - you will need to allow access again if you set up other clients or another user.

Setting Android VPN start/stop shortcuts in launcher
You can create a homescreen shortcut for android for your connection. Edit the Profile (Pencil Botton) and there is a buttom down the bottom with green writing "Set Connect Shortcut".

You can also create a disconnect homescreen shortcut, it is in the app setting menu "Set Disconnect Shortcut" (Not in the profile settings). Note that clicking on these shortcuts in my android launcher sometimes looks like they haven't don't anything (especially if you same the VPN password), although it seems just to work nice and quickly. Check the top android notification bar to see if there is a VPN 'Key' icon when the VPN is operating. You can also check your IP address to see where you are connected obviously.

Other Clients

There is an openVPN app for windows that I am successfully using, pretty sure you'd need admin rights, but not sure. https://openvpn.net/client-connect-vpn-for-windows/

This is the iOS app, but I've never used it https://apps.apple.com/us/app/openvpn-connect/id590379981


This is another option for connecting on android is this one (and it is fully open source)
Don't know much about this one sorry.

Some Android Connect FAQs including errors https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-android/

You can also create your own open vpn client config file (.ovpn) with the certificates in it, here are samples: