Rancher VPN

README.md

Rancher VPN (with httpbasic) in a few steps

docker-compose.yml

openvpn-httpbasic-server:
  image: mdns/rancher-openvpn:1.2
  privileged: true
  volumes:
    - /var/lib/openvpn/data:/etc/openvpn
  volumes_from:
    - openvpn-httpbasic-data
  ports:
    - 13279:1194/tcp
  environment:
    AUTH_HTTPBASIC_URL: http://openvpn-httpbasic
    AUTH_METHOD: httpbasic
    CERT_CITY: London
    CERT_COUNTRY: UK
    CERT_EMAIL: andrew@dog.com
    CERT_ORG: DogZ
    CERT_OU: IT
    CERT_PROVINCE: AL
    REMOTE_IP: 127.0.0.1
    REMOTE_PORT: '13279'
    VPNPOOL_CIDR: '16'
    VPNPOOL_NETWORK: 10.43.0.0
    OPENVPN_EXTRACONF: 'push "dhcp-option DNS 8.8.8.8"\npush "dhcp-option DNS 8.8.4.4"\npush "dhcp-option DOMAIN rancher.internal"'
  links:
    - "openvpn-httpbasic:openvpn-httpbasic"
  log_driver: "json-file"
  log_opt:
    max-size: "30m"
    max-file: "3"
  labels:
    io.rancher.sidekicks: openvpn-httpbasic-data
openvpn-httpbasic-data:
  image: busybox
  entrypoint:
    - /bin/true
  volumes:
    - /etc/openvpn/
  labels:
    io.rancher.container.start_once: 'true'
openvpn-httpbasic:
  image: findexchange/nginx-basic-auth:1.0
  restart: always
  log_driver: "json-file"
  log_opt:
    max-size: "30m"
    max-file: "3"
  environment:
    DEFAULT_USER: user
    DEFAULT_PASSWORD: password

Set up steps

1. Prepare docker-compose.yml for Rancher
2. Replace REMOTE_IP: 127.0.0.1 with your real server IP
3. Run this config in Rancher
4. Copy /var/lib/openvpn/data/client.conf and save it as *.ovpn file
5. Use that file in your VPN program to connect
6. When you connected, you can access your rancher services via

• Internal IPs like 10.42.*.*
• Rancher DNS names {service}.{stack}.rancher.internal or {service}.{stack}

Troubleshooting