Deploy a VPN server with Docker

What is VPN ?

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection.[1]

What is Docker ?

[2] Docker Engine is an open source containerization technology for building and containerizing your applications. Docker Engine acts as a client-server application with:
  • A server with a long-running daemon process dockerd.
  • APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.
  • A command line interface (CLI) client docker.
This article describes how to install a VPN (Virtual Private Network) server with docker in a host machine (virtual or physical).

Requirements

Before starting you need to have Docker installed on your host machine. Take a look to this article to see how to install Docker Community Edition.

Installing

Initialize the $VPN_DATA container volume name.
$ VPN_DATA="homelab-vpn-data"

Create the volume that will be mounted by the Openvpn container to hold the server configuration files and certificates.
$ sudo docker volume create --name $VPN_DATA

Run the server to generate a certificate authority with your server public url that will be accessed from the WAN.
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.yassinemaachi.com

The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority (For example : > ca.key pass phrase : 50mESeCRetc0de).
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki

Start OpenVPN server process using the default exposed port by the container and mounting the configuration volume
$ sudo docker run -v $VPN_DATA:/etc/openvpn --restart=unless-stopped --name=homelab-vpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

Create new clients

Generate a client certificate with a passphrase (The container will prompt for a passphrase, this passphrase will be used to connect to this vpn server from a client side)
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full ymaachi

Generate a client certificate without a passphrase
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full ymaachinp nopass

Retrieve a client configuration with embedded certificates
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient ymaachi > ymaachi.ovpn

Test the connection

First, make sure that your firewall (if you have one in your network) authorize the port 1194 with udp protocol.
You can connect to your server using the OpenVPN client [link to download] that can be installed on your Laptop or Mobile phone.
After installing the OpenVPN client you can upload the generated client configuration file (ymaachi.ovpn):
And click connect:



Enjoy your secured connection !

Links
  • [1] https://en.wikipedia.org/wiki/Virtual_private_network
  • [2] https://docs.docker.com/install/

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

How to increase Pods limit per worker node in Kubernetes

Image
Kubelet is close to pod limit Issue: The Alert Manager reported that our Kubelets running on the production nodes were running too many pods, close to the default limit of 110. Solution: First We need to take a look at Grafana dashboard to see if the nodes are able to receive more pods in terms of infrastructure resources (CPU/RAM, ....), then calculate the average of this resource utilization in order to determine the new value of pods limit on each node.   We suppose that the chosen value for the pods limit on nodes is 200, you can change it following these steps :     1.    Connect: First connect to the node (the worker with the issue):                                                 ...
Lire la suite

Knative vs OpenFaaS: What are the differences?

Knative vs OpenFaaS: What are the differences? Knative and OpenFaaS can be primarily classified as "Serverless / Task Processing" tools. What is Knative? Kubernetes-based platform for serverless workloads. Knative provides a set of middleware components that are essential to build modern, source-centric, and container-based applications that can run anywhere: on premises, in the cloud, or even in a third-party data center. Github Repository: https://github.com/knative/serving Strong points weakness Full serverless platform No persistent queue Uses istio Istio required No GUI Few faas platform helpers What is OpenFaaS? Serverless Functions Made Simple for Kubernetes and Docker. Serverless Functions Made Simple for Docker and Kubernetes. Github Repository: https://github.com/openfaas/faas Strong points w...
Lire la suite

How to lunch Rancher using docker and heat in openstack

 In this article we will deploy a virtual machine in Openstack then install docker and rancher on it using Heat Orchestration Template.  If you want to deploy an private cloud at home using openstack, take a look at this guide : https://blog.yassinemaachi.com/2021/06/how-to-create-personal-cloud-at-home.html Below the template to deploy a network with router linked to a docker server instance with Rancher via private subnet. heat_template_version: 2015-04-30 description: template to deploy a network with router linked to a docker server instance with Rancher. parameters: public_net: type: string default: external_network description: > ID or name of public network for which floating IP addresses will be allocated dns_servers: type: comma_delimited_list default: 192.168.1.254,8.8.8.8,4.4.4.4 description: Comma separated list of DNS nameservers for the private network. router_name: type: string default: dmz_router description: ...
Lire la suite