Thursday, 15 October 2015

From zero to OpenVPN in.......

So i've talked about this for a little while, and i've decided that I will post another short little guide about it today. I think one of the things I like about Docker (yes, I said like, don't judge me!) is that you get an almost apt-like experience with some cool applications. A great example of this is deploying OpenVPN in next to no time at all.

So this is going to be short and sweet, i'm going to take for granted you have Docker installed on your box. If you don't then hop on to a search engine (why not try Bing, I hear great things about it) and look for a guide about installing Docker on your platform.

We're going to use the excellent work of kylemanna (https://github.com/kylemanna/docker-openvpn) the commands below will automatically pull down the image, but as usual feel free to clone and 'docker build' the image. Also, you're going to need a public facing IP address or domain. If you're planning on doing this at home, may I suggest running over to https://nsupdate.info/ for dynamic dns if you don't already have something. 

Red, indicates your input!

# lets get a data-only container spun up, this will also place a folder in your working directory called openvpn. 
$ docker run --name openvpn-data -v /srv/docker/openvpn:/etc/openvpn busybox

# lets get the config files and certificates set-up certificate 
$ docker run --volumes-from openvpn-data --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
$ docker run --volumes-from openvpn-data --rm -it kylemanna/openvpn ovpn_initpki
 
# you'll be asked to set some passwords for your OpenVPN's certs.  Whatever you like is cool with me. 
 
# Let's get the OpenVPN up and running 
$ docker run --volumes-from openvpn-data -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

So you've just deployed OpenVPN in a container, with persistent storage in 4 commands. I know right, it's kinda cool to suddenly be able to have a OpenVPN on any box you can run docker on without being a card carrying member of the sandal brigade. However we're not finished just yet. Lets generate some certificates for our end-users (this is probably you).  Remember that password stuff we did, you'll need the ca one.

# Generate some client config files, remember to change CLIENTNAME to the Name of your Client ;) 
$ docker run --volumes-from openvpn-data --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass

# and lets retrieve the files
$ docker run --volumes-from openvpn-data --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

You'll find a .ovpn file in your working directory which should work with most OpenVPN client implementations, however inside that openvpn folder you'll find your client certificate files if you need them. I'd suggest you does this for every device you want to connect to have connected to your OpenVPN container. What I mean is for CLIENTNAME you have PHONE and LAPTOP and OTHERLAPTOP, so on and so forth. Trust me, in the end, makes life easier for you.

That's it, you're up and running with OpenVPN. If you want to autostart your OpenVPN container, so when your box reboots it starts again look into the '--restart=always' switch ($ docker run --volumes-from openvpn-data -d -p 1194:1194/udp --cap-add=NET_ADMIN –restart=always kylemanna/openvpn)

Now for the very cool trick with this, Digital-Ocean. You basically can have OpenVPN in the 'cloud' for 7 cents a day. You can then destroy it once you're done, or have it as a OpenVPN deployment you use when you're out an about. That's your choice. Do me a solid though, if you've not signed for Digital-Ocean and want to try it signup with this link please (http://tiny.cc/finuxdo) its my referral link, and i'll get some credits on my DO account.

Also, go read the github page from Kylemanna.  Its full of useful information, and its an example of how people who maintain docker-images should document them https://github.com/kylemanna/docker-openvpn

Finux Xx