lhoupert/openvpn-server-and-monitoring-docker-for-RPI.md

## openvpn-server-and-monitoring-docker-for-RPI.md

      
    Raw
  

              openvpn-server-and-monitoring-docker-for-RPI.md
            
          
    OpenVPN

Quick Start

adapted from https://gist.github.com/aeimer/543c231b3ae0fbf8f4f00dc911d9379a for Raspberry Pi architecture


Build docker image for Raspberry Pi using the script build_rpi_image.sh:
 #!/bin/bash
 
 echo
 echo "### Build image for Raspberry PI"
 
 git clone https://github.com/kylemanna/docker-openvpn.git
 cd docker-openvpn
 sudo docker build . --tag openvpn-rpi -f Dockerfile.aarch64
 
 
 echo
 echo "### Done"


Until kylemanna/docker-openvpn#759 is accepted and merged, you have to run the alternative script below instead:
#!/bin/bash

echo
echo "### Build image for Raspberry PI"

#git clone https://github.com/kylemanna/docker-openvpn.git
git clone https://github.com/lhoupert/docker-openvpn/
cd docker-openvpn
git checkout patch-1
sudo docker build . --tag openvpn-rpi -f Dockerfile.aarch64


echo
echo "### Done"


Run the setup_vpn.sh script. Save the passphrase as it will be needed for every task:
 #!/bin/bash

 echo
 echo "### Setup OpvenVPN Server"

 # Adapt this path for your needs
 BASE_PATH="/home/lhoupert/dockercontainers/openvpn"
 OVPN_DATA="$BASE_PATH/data" # maybe rename in openvpn-data
 SERVER_NAME="vpn.lhoupert.fr"

 docker run -v $OVPN_DATA:/etc/openvpn --rm openvpn-rpi ovpn_genconfig -u udp://$SERVER_NAME

 docker run -v $OVPN_DATA:/etc/openvpn --rm -it openvpn-rpi ovpn_initpki

 echo
 echo "### Done"


Check that port 1194 is opened in firewall
royalmail
 MYIP=$(curl ifconfig.me)
 sudo nmap -sU -p 1194 ${MYIP}


Add lines below in data/openvpn.cnf
 ### Open Management Port
 management 0.0.0.0 5555


Start OpenVPN server and OpenVPN-monitor
Create a docker-compose.yml file:
 version: "2"
 services:
   openvpn:
     image: openvpn-rpi
     volumes:
       - "./data:/etc/openvpn"
       - "/etc/localtime:/etc/localtime:ro"
     ports:
       - "1194:1194/udp"
     expose:
       - 5555
     cap_add:
       - NET_ADMIN
 
   openvpn_monitor:
     image: ruimarinho/openvpn-monitor
     environment:
       # General
       OPENVPNMONITOR_DEFAULT_DATETIMEFORMAT: "%d/%m/%Y %H:%M:%S"
       OPENVPNMONITOR_DEFAULT_LOGO: https://exmaple.com/logo.png
       OPENVPNMONITOR_DEFAULT_MAPS: "True"
       OPENVPNMONITOR_DEFAULT_LATITUDE: "48.8"
       OPENVPNMONITOR_DEFAULT_LONGITUDE: "2.35"
       OPENVPNMONITOR_DEFAULT_SITE: Live
       # Site 1 - OpenVPN1
       OPENVPNMONITOR_SITES_0_ALIAS: OVPN1
       OPENVPNMONITOR_SITES_0_HOST: openvpn
       OPENVPNMONITOR_SITES_0_NAME: OPENVPN1
       OPENVPNMONITOR_SITES_0_PORT: 5555
     networks:
       - default
     ports:
       - "8880:80"
Build and start docker compose stack:
 docker-compose up -d


Generate a client certificate by running the script gen_client_cert.sh
 #!/bin/bash
 
 # Adapt this path for your needs
 BASE_PATH="/home/lhoupert/dockercontainers/openvpn"
 OVPN_DATA="$BASE_PATH/data"
 
 echo
 echo "### Generate clinet cert"
 echo
 echo "# Clientname"
 echo "Enter the clients name:"
 read CLIENTNAME
 
 docker run -v $OVPN_DATA:/etc/openvpn --rm -it openvpn-rpi easyrsa build-client-full $CLIENTNAME nopass
 
 echo
 echo "# Retrieve config"
 echo
 
 if [ ! -d $BASE_PATH/clients ] ; then
   mkdir $BASE_PATH/clients
 fi
 
 docker run -v $OVPN_DATA:/etc/openvpn --rm openvpn-rpi ovpn_getclient $CLIENTNAME > "$BASE_PATH/clients/$CLIENTNAME.ovpn"
 
 echo
 echo "# Wrote config to folder clients"
 echo
 echo "### DONE"
 ``

 
Make sure the ovh domain name point to the correct IP address: See (here) and (here)


More ressources:


https://gist.github.com/odarriba/2116b7a7ea38400b4fe32c3647c8291c
https://www.digitalocean.com/community/tutorials/how-to-run-openvpn-in-a-docker-container-on-ubuntu-14-04?utm_source=githubreadme
https://github.com/kylemanna/docker-openvpn