Use openvpn docker and frp docker tools to build a virtual professional network (VPN)

Use openvpn docker and frp docker tools to build a virtual professional network (VPN)

With the help of Docker and OpenVPN technology, you can set up and run a VPN server in a short time, and keep your server safe.

operating environment

Ubuntu 16.04 TLS
Docker version 19.03.8, build afacb8b7f0
OpenVPN Android Client 0.7.43

Create an OpenVPN Docker container

1. Install Docker: If Docker is not installed on your system, first install Docker by following the guide for your operating system. On Ubuntu, Docker can be installed with the following command:

sudo apt update
sudo apt install docker.io

2. Get the OpenVPN Docker image: Use the following command to get the OpenVPN image from Docker Hub:

sudo docker pull kylemanna/openvpn

3. Create an OpenVPN configuration directory: Create a directory to hold OpenVPN configuration files and certificates:

OVPN_DATA="ovpn-data-test"
docker volume create --name $OVPN_DATA

After executing the above command, /var/lib/docker/volumesthe openvpn configuration directory will be created in the docker default data and configuration storage directoryovpn-data-test

4. Initialize the OpenVPN configuration: Initialize the OpenVPN configuration and certificates using the following command. Replace YourPublicIP.comwith the public IP address or domain name of the OpenVPN server you wish to access.

sudo docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://YourPublicIP.com

If you create a VPN server locally, YourPublicIP.comyou should fill in your local IP address here.

Generate security certificates and run OpenVPN server

1. Generate OpenVPN server certificate: Use the following commands to generate a certificate and key for the OpenVPN server.

sudo docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

Type "yes" and press Enter, as shown below, to start the OpenVPN PKI system.

Enter the CA certificate password, or enter Enter

to enter a name for the CA certificate, or enter Enter

to enter the CA password set in step 2 to check whether the request matches the signature.

Enter the password again to generate the ca private key

2. Start the OpenVPN server with the following command:

sudo docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

--cap-add=NET_ADMINParameters apply additional Linux capabilities by modifying network interfaces that Docker does not grant by default.

Generate OpenVPN client certificate

7. Generate client configuration file: Use the following command to generate an OpenVPN client configuration file. Replace CLIENTAPPwith your desired client name.

sudo docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTAPP nopass

sudo docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTAPP > CLIENTAPP.ovpn

Copy the generated CLIENTAPP.ovpnclient certificate to your Android Client.

You have now successfully installed OpenVPN server and generated a client configuration file. Send CLIENTAPP.ovpnthe file to your client and use the OpenVPN client to connect to your OpenVPN server.

VPN server intranet penetration

If the openvpn server is deployed in the local area network, you also need to use the frp tool to penetrate. The content of frp intranet penetration is as follows:

https://blog.csdn.net/u011897062/article/details/131764782

Specifically, the openvpn frp configuration and commands in this article are as follows:
Server: The frps file does not need to be modified, and the port mapping
frps.initneeds to be added in the startup command Client: frpc adds vpn configuration docker run command to add 1194 mapping7002


/opt/frpc.init

docker run --restart=always -d   --network host   -v /opt/frpc.ini:/etc/frp/frpc.ini   -p 80:80/tcp  -p 1194:1194/udp  --name frpc   snowdreamtech/frpc

CLIENTAPP.ovpnin remote 0.0.0.0 7002 udpneeds to be changed toremote PublicIP.com 7002 udp

OpenVPN is managed using the Web UI

In order to facilitate the management of the OpenVPN server, the official Web UI management page is provided

• To download openvpn-asdocker,
  we still use docker to install, the command is as follows:

docker pull linuxserver/openvpn-as

• Create a docker container

docker create --name=openvpn-as --restart=always -v /home/docker/openvpn-as/config:/config -e INTERFACE=eth0 -e PGID=1001 -e PUID=1001 -e TZ=Africa/Nairobi --net=host --privileged linuxserver/openvpn-as

• Start openvpn-asthe container

docker start openvpn-as

• Log in to the Web UI
  using https://YourIP:943/adminthe login admin management page

Note: The default account password is adminand password

After logging in to openvpn-as, the effect is as follows:

Configure DNS for faster and more secure connections

Currently, your OpenVPN Access Server is working correctly. But in order to improve the performance of the VPN server, you need to configure DNS.

To configure DNS, you'll need to access the OpenVPN server's web interface and update the DNS settings with Google or your preferred DNS address. Google provides the fastest DNS servers, you will use them in your OpenVPN Access Server.

1. Under the CONFIGURATION tab of the OpenVPN Access Server dashboard, click VPN Settings in the left panel.

Scroll to the DNS Settings section and enable the "Have clients use Specific DNS servers" option as shown below.

2. Next, update the primary DNS server (8.8.8.8) and secondary DNS server (8.8.8.4) to Google DNS addresses, then click "Save Settings" to save the changes.

3. After saving the changes, click "Update Running Server" to restart the server for the changes to take effect.

4. Now, navigate to the OpenVPN Access Server (e.g. https://YourIP:943/admin) on your Linux machine. Replace YourIP with your server's IP address. If configured correctly, you will see the same page as shown below.

Log in with default credentials (username: admin, password: password).

5. Click on any platform icon to download the client application, then click "Yourself (user-locked profile)" to download the client .ovpn file.
   

6. Finally, start the OpenVPN client you downloaded and import the .ovpn file as you did in the last step of the "Securing the OpenVPN Client with a Certificate" tutorial.

in conclusion

Hosting your VPN server should never be a complicated task, let alone securing server connections. Luckily, OpenVPN Docker is at hand and saves the day. In this tutorial, you have learned to install, setup and configure OpenVPN using Docker on Ubuntu. You also learned how to secure OpenVPN access in a Docker container with an OpenVPN CA and client certificate.

In addition to accessing the OpenVPN server through the command line interface, you can now also perform visual operations through the web interface of the OpenVPN Access Server. By generating a client configuration file for the OpenVPN client application, you have achieved rapid VPN deployment.

Github

https://github.com/kylemanna/docker-openvpn

reference

(Fundamentals of Running OpenVPN in Docker on Ubuntu) https://adamtheautomator.com/openvpn-in-docker/

(frp+openvpn+docker achieves intranet penetration)
https://www.jianshu.com/p/8bffa1046008

https://medium.com/@gurayy/set-up-a-vpn-server-with-docker-in-5-minutes-a66184882c45