Use openvpn docker and frp docker tools to build a virtual professional network (VPN)
With the help of Docker and OpenVPN technology, you can set up and run a VPN server in a short time, and keep your server safe.
operating environment
Ubuntu 16.04 TLS
Docker version 19.03.8, build afacb8b7f0
OpenVPN Android Client 0.7.43
Create an OpenVPN Docker container
- Install Docker: If Docker is not installed on your system, first install Docker by following the guide for your operating system. On Ubuntu, Docker can be installed with the following command:
sudo apt update
sudo apt install docker.io
- Get the OpenVPN Docker image: Use the following command to get the OpenVPN image from Docker Hub:
sudo docker pull kylemanna/openvpn
- Create an OpenVPN configuration directory: Create a directory to hold OpenVPN configuration files and certificates:
OVPN_DATA="ovpn-data-test"
docker volume create --name $OVPN_DATA
After executing the above command, /var/lib/docker/volumes
the openvpn configuration directory will be created in the docker default data and configuration storage directoryovpn-data-test
- Initialize the OpenVPN configuration: Initialize the OpenVPN configuration and certificates using the following command. Replace
YourPublicIP.com
with the public IP address or domain name of the OpenVPN server you wish to access.
sudo docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://YourPublicIP.com
If you create a VPN server locally, YourPublicIP.com
you should fill in your local IP address here.
Generate security certificates and run OpenVPN server
- Generate OpenVPN server certificate: Use the following commands to generate a certificate and key for the OpenVPN server.
sudo docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
Type "yes" and press Enter, as shown below, to start the OpenVPN PKI system.
Enter the CA certificate password, or enter Enter
to enter a name for the CA certificate, or enter Enter
to enter the CA password set in step 2 to check whether the request matches the signature.
Enter the password again to generate the ca private key
2. Start the OpenVPN server with the following command:
sudo docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
--cap-add=NET_ADMIN
Parameters apply additional Linux capabilities by modifying network interfaces that Docker does not grant by default.
Generate OpenVPN client certificate
- Generate client configuration file: Use the following command to generate an OpenVPN client configuration file. Replace
CLIENTAPP
with your desired client name.
sudo docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTAPP nopass
sudo docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTAPP > CLIENTAPP.ovpn
Copy the generated CLIENTAPP.ovpn
client certificate to your Android Client.
You have now successfully installed OpenVPN server and generated a client configuration file. Send CLIENTAPP.ovpn
the file to your client and use the OpenVPN client to connect to your OpenVPN server.
VPN server intranet penetration
If the openvpn server is deployed in the local area network, you also need to use the frp tool to penetrate. The content of frp intranet penetration is as follows:
https://blog.csdn.net/u011897062/article/details/131764782
Specifically, the openvpn frp configuration and commands in this article are as follows:
Server: The frps file does not need to be modified, and the port mapping
frps.init
needs to be added in the startup command Client: frpc adds vpn configuration docker run command to add 1194 mapping7002
/opt/frpc.init
docker run --restart=always -d --network host -v /opt/frpc.ini:/etc/frp/frpc.ini -p 80:80/tcp -p 1194:1194/udp --name frpc snowdreamtech/frpc
CLIENTAPP.ovpn
in remote 0.0.0.0 7002 udp
needs to be changed toremote PublicIP.com 7002 udp
OpenVPN is managed using the Web UI
In order to facilitate the management of the OpenVPN server, the official Web UI management page is provided
- To download
openvpn-as
docker,
we still use docker to install, the command is as follows:
docker pull linuxserver/openvpn-as
- Create a docker container
docker create --name=openvpn-as --restart=always -v /home/docker/openvpn-as/config:/config -e INTERFACE=eth0 -e PGID=1001 -e PUID=1001 -e TZ=Africa/Nairobi --net=host --privileged linuxserver/openvpn-as
- Start
openvpn-as
the container
docker start openvpn-as
- Log in to the Web UI
usinghttps://YourIP:943/admin
the login admin management page
Note: The default account password is
admin
andpassword
After logging in to openvpn-as, the effect is as follows:
Configure DNS for faster and more secure connections
Currently, your OpenVPN Access Server is working correctly. But in order to improve the performance of the VPN server, you need to configure DNS.
To configure DNS, you'll need to access the OpenVPN server's web interface and update the DNS settings with Google or your preferred DNS address. Google provides the fastest DNS servers, you will use them in your OpenVPN Access Server.
- Under the CONFIGURATION tab of the OpenVPN Access Server dashboard, click VPN Settings in the left panel.
Scroll to the DNS Settings section and enable the "Have clients use Specific DNS servers" option as shown below.
- Next, update the primary DNS server (8.8.8.8) and secondary DNS server (8.8.8.4) to Google DNS addresses, then click "Save Settings" to save the changes.
- After saving the changes, click "Update Running Server" to restart the server for the changes to take effect.
- Now, navigate to the OpenVPN Access Server (e.g. https://YourIP:943/admin) on your Linux machine. Replace YourIP with your server's IP address. If configured correctly, you will see the same page as shown below.
Log in with default credentials (username: admin, password: password).
-
Click on any platform icon to download the client application, then click "Yourself (user-locked profile)" to download the client .ovpn file.
-
Finally, start the OpenVPN client you downloaded and import the .ovpn file as you did in the last step of the "Securing the OpenVPN Client with a Certificate" tutorial.
in conclusion
Hosting your VPN server should never be a complicated task, let alone securing server connections. Luckily, OpenVPN Docker is at hand and saves the day. In this tutorial, you have learned to install, setup and configure OpenVPN using Docker on Ubuntu. You also learned how to secure OpenVPN access in a Docker container with an OpenVPN CA and client certificate.
In addition to accessing the OpenVPN server through the command line interface, you can now also perform visual operations through the web interface of the OpenVPN Access Server. By generating a client configuration file for the OpenVPN client application, you have achieved rapid VPN deployment.
Github
https://github.com/kylemanna/docker-openvpn
reference
(Fundamentals of Running OpenVPN in Docker on Ubuntu) https://adamtheautomator.com/openvpn-in-docker/
(frp+openvpn+docker achieves intranet penetration)
https://www.jianshu.com/p/8bffa1046008
https://medium.com/@gurayy/set-up-a-vpn-server-with-docker-in-5-minutes-a66184882c45