zorruno wikki: showcode "openVPNSetup with Docker"

Wiki source for OpenVPNDocker


Show raw source

======openVPNSetup with Docker======
Using information from: https://hub.docker.com/r/linuxserver/openvpn-as/

NOTE: There is only x86-64 architecture build for this currently.

NOTE: this the web setup is non-free and allows two simultaneous vpn connections (unless paid).
openVPN protocol itself is fully free however, so this web based setup doesn't need to be used.
Note that licencing is US$15 per license per year... minimum 10 licenses!
https://openvpn.net/pricing/

openVPN Access Server FAQ: https://openvpn.net/vpn-server-resources/frequently-asked-questions-licensing/

//IF you are keen for a simple, free-as-in-beer, 2 connection openVPN setup, then proceed...//

=====Get the container up=====
Use this docker-compose.yml

Put the right details for your mapped docker storage in the volumes section

%%
version: "2"
services:
openvpn-as:
image: linuxserver/openvpn-as
container_name: openvpn-as
cap_add:
- NET_ADMIN
environment:
- TZ=Pacific/Auckland
volumes:
- /dockervolumes/openvpn-as:/config
ports:
- 943:943
- 9443:9443
- 1194:1194/udp
restart: unless-stopped
%%

run
%%docker-compose up -d%%

=====Set up the web interface=====
//Do this section before port forwarding, as there is a default web interface password. //

Go to https://ipaddressofserver:943/admin
Default username/pass is admin/password

Go into the User Permissions menu on the left

Create a new user and give it Admin permissions. Save Settings.

Click 'More Settings' for the Admin user, and give it a password.

Go down to access control (Use NAT should be set) and give the networks you want to the user to be able to access when connected, eg 192.168.1.0/24 (add multiple subnets one below the other)

Log out of web interface and log in again as new user.

Go to user management and 'Deny Access' or delete the admin user.

**Other (Optional)**
You can set network addressing in Configuration/VPN Settings menu.

You can choose how DNS service is allocated in Configuration/VPN Settings menu. By default, people keep their own DNS settings, so if you want to route them though the VPN, change it here.

You can set default settings for routing, rather than per user settings in Configuration/VPN Settings menu

=====Do some port forwarding in your router=====
Forward these ports in your router to your server running docker. Note that 943 is the web interface - you will need to forward this and expose the this to the outside world to get the clients up and running, but can then turn it off.

||**Forward**
1194:UDP
9443:TCP
943:TCP||

=====Set up the Android App=====
You will need the external address or domain name of your server (IP address via whatsmyip.com or dyndns etc). Remember to take your phone off your local wifi to connect/setup.

Install the OpenVPN Connect app on your phone, it is this one
https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en
Note this is the 'Official' one, but it is non-free(dom) from OpenVPN Inc.

Run the app and add a profile with the + button

it will ask for the url. If your IP is 122.50.5.11, you'll use:

||https://122.50.5.11:943||

The app should pull in the certificates and you can save the profile.

You need to edit the profile details (pencil button) and the settings should be something like:

||
**Access Server Hostname (locked): **
122.50.5.11

**Profile Name**
newuser@122.50.5.11

**Server Override (optional)**
https://122.50.5.11

**Port (locked)**
9443

**Username (locked)**
newuser
||

Note: //I HAD to put the server override value in there, not sure why (it was initially blank). I couldn't connect without it.//

You should now be able to connect (are you off local wifi?) to the VPN.

**Turn off port forwarding in your router for the web interface if you want to.**
Unforward port 943 - you will need to allow access again if you set up other clients or another user.

**Setting Android VPN start/stop shortcuts in launcher**
You can create a homescreen shortcut for android for your connection. Edit the Profile (Pencil Botton) and there is a buttom down the bottom with green writing "Set Connect Shortcut".

You can also create a disconnect homescreen shortcut, it is in the app setting menu "Set Disconnect Shortcut" (Not in the profile settings). Note that clicking on these shortcuts in my android launcher sometimes looks like they haven't don't anything (especially if you same the VPN password), although it seems just to work nice and quickly. Check the top android notification bar to see if there is a VPN 'Key' icon when the VPN is operating. You can also check your IP address to see where you are connected obviously.

======Other Clients======
There is an openVPN app for windows that I am successfully using, pretty sure you'd need admin rights, but not sure. https://openvpn.net/client-connect-vpn-for-windows/

This is the iOS app, but I've never used it https://apps.apple.com/us/app/openvpn-connect/id590379981

======Alternatives======
This is another option for connecting on android is this one (and it is fully open source)
https://play.google.com/store/apps/details?id=de.blinkt.openvpn
Don't know much about this one sorry.

Some Android Connect FAQs including errors https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-android/

You can also create your own open vpn client config file (.ovpn) with the certificates in it, here are samples:
https://gist.github.com/seuros/9671811
https://github.com/OpenVPN/openvpn/blob/master/sample/sample-windows/sample.ovpn
https://gist.github.com/renatolfc/f6c9e2a5bd6503005676

--
CategoryHomeAutomation
CategoryLinux
CategoryDocker