Deploy a VPN server with Docker

What is VPN ?

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection.[1]

What is Docker ?

[2] Docker Engine is an open source containerization technology for building and containerizing your applications. Docker Engine acts as a client-server application with:
  • A server with a long-running daemon process dockerd.
  • APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.
  • A command line interface (CLI) client docker.
This article describes how to install a VPN (Virtual Private Network) server with docker in a host machine (virtual or physical).

Requirements

Before starting you need to have Docker installed on your host machine. Take a look to this article to see how to install Docker Community Edition.

Installing

Initialize the $VPN_DATA container volume name.
$ VPN_DATA="homelab-vpn-data"

Create the volume that will be mounted by the Openvpn container to hold the server configuration files and certificates.
$ sudo docker volume create --name $VPN_DATA

Run the server to generate a certificate authority with your server public url that will be accessed from the WAN.
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.yassinemaachi.com

The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority (For example : > ca.key pass phrase : 50mESeCRetc0de).
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki

Start OpenVPN server process using the default exposed port by the container and mounting the configuration volume
$ sudo docker run -v $VPN_DATA:/etc/openvpn --restart=unless-stopped --name=homelab-vpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

Create new clients

Generate a client certificate with a passphrase (The container will prompt for a passphrase, this passphrase will be used to connect to this vpn server from a client side)
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full ymaachi

Generate a client certificate without a passphrase
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full ymaachinp nopass

Retrieve a client configuration with embedded certificates
$ sudo docker run -v $VPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient ymaachi > ymaachi.ovpn

Test the connection

First, make sure that your firewall (if you have one in your network) authorize the port 1194 with udp protocol.
You can connect to your server using the OpenVPN client [link to download] that can be installed on your Laptop or Mobile phone.
After installing the OpenVPN client you can upload the generated client configuration file (ymaachi.ovpn):
And click connect:



Enjoy your secured connection !

Links
  • [1] https://en.wikipedia.org/wiki/Virtual_private_network
  • [2] https://docs.docker.com/install/

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

How to increase Pods limit per worker node in Kubernetes

Image
Kubelet is close to pod limit Issue: The Alert Manager reported that our Kubelets running on the production nodes were running too many pods, close to the default limit of 110. Solution: First We need to take a look at Grafana dashboard to see if the nodes are able to receive more pods in terms of infrastructure resources (CPU/RAM, ....), then calculate the average of this resource utilization in order to determine the new value of pods limit on each node.   We suppose that the chosen value for the pods limit on nodes is 200, you can change it following these steps :     1.    Connect: First connect to the node (the worker with the issue):                                                                    $ ssh -i /path/to/your/ssh-key/id_rsa node-user@node-hostname node-user@node-hostname:~$ sudo -i  root@node-hostname:~#     2.    Edit: 
 Change the value KUBELET_MAX_PODS in the file /etc/default/kubelet from 110 to 200 ( use your favorite file edito
Lire la suite

Knative vs OpenFaaS: What are the differences?

Knative vs OpenFaaS: What are the differences? Knative and OpenFaaS can be primarily classified as "Serverless / Task Processing" tools. What is Knative? Kubernetes-based platform for serverless workloads. Knative provides a set of middleware components that are essential to build modern, source-centric, and container-based applications that can run anywhere: on premises, in the cloud, or even in a third-party data center. Github Repository: https://github.com/knative/serving Strong points weakness Full serverless platform No persistent queue Uses istio Istio required No GUI Few faas platform helpers What is OpenFaaS? Serverless Functions Made Simple for Kubernetes and Docker. Serverless Functions Made Simple for Docker and Kubernetes. Github Repository: https://github.com/openfaas/faas Strong points w
Lire la suite

How to Create a personal cloud at home using Openstack

Image
 This document shows how to spin up a proof of concept cloud on 3 nodes, using the Packstack installation utility.  The hardware configuration used in this guide: 1x Dlink DR-600 router to provide access to and from internet using NAT, Firewall,... 1x Dlink switch to provide communication between machines 3x physical machines with hardware virtualization extensions, and at least one network adapter: compute01: 8cpu | 32G RAM | 1,8T   data | 192.168.1.101 | CentOS 7 x86_64 compute02: 8cpu | 32G RAM | 500G data | 192.168.1.102 | CentOS 7 x86_64 compute03: 4cpu | 16G RAM | 500G data | 192.168.1.103 | CentOS 7 x86_64 Run the following commands on the first node "Compute01" us root user Starting installation on the first node that going to act as a controller and compute node at the same time. If you are using non-English locale make sure your /etc/environment is populated: echo "LANG=en_US.utf-8 LC_ALL=en_US.utf-8" >> /etc/environment Adding other nodes
Lire la suite