Deploy a VPN server with Docker

What is VPN ?

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection.[1]

What is Docker ?

[2] Docker Engine is an open source containerization technology for building and containerizing your applications. Docker Engine acts as a client-server application with:
  • A server with a long-running daemon process dockerd.
  • APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.
  • A command line interface (CLI) client docker.
This article describes how to install a VPN (Virtual Private Network) server with docker in a host machine (virtual or physical).

Requirements

Before starting you need to have Docker installed on your host machine. Take a look to this article to see how to install Docker Community Edition.

Installing

Initialize the $VPN_DATA container volume name.
$ VPN_DATA="homelab-vpn-data"

Create the volume that will be mounted by the Openvpn container to hold the server configuration files and certificates.
$ sudo docker volume create --name $VPN_DATA

Run the server to generate a certificate authority with your server public url that will be accessed from the WAN.
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.yassinemaachi.com

The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority (For example : > ca.key pass phrase : 50mESeCRetc0de).
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki

Start OpenVPN server process using the default exposed port by the container and mounting the configuration volume
$ sudo docker run -v $VPN_DATA:/etc/openvpn --restart=unless-stopped --name=homelab-vpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

Create new clients

Generate a client certificate with a passphrase (The container will prompt for a passphrase, this passphrase will be used to connect to this vpn server from a client side)
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full ymaachi

Generate a client certificate without a passphrase
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full ymaachinp nopass

Retrieve a client configuration with embedded certificates
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient ymaachi > ymaachi.ovpn

Test the connection

First, make sure that your firewall (if you have one in your network) authorize the port 1194 with udp protocol.
You can connect to your server using the OpenVPN client [link to download] that can be installed on your Laptop or Mobile phone.
After installing the OpenVPN client you can upload the generated client configuration file (ymaachi.ovpn):
And click connect:



Enjoy your secured connection !

Links
  • [1] https://en.wikipedia.org/wiki/Virtual_private_network
  • [2] https://docs.docker.com/install/

Commentaires

Posts les plus consultés de ce blog

How to increase Pods limit per worker node in Kubernetes

Knative vs OpenFaaS: What are the differences?

How to lunch Rancher using docker and heat in openstack