The OpenVPN tunneling protocol uses the Secure Socket Layer (SSL) encryption protocol to ensure data shared via the Internet remains private using AES-256 encryption. Because the code is available for audits, anyone can find — and fix — vulnerabilities. It’s not only considered the most secure VPN tunneling protocol, it also delivers faster connections and can bypass most firewalls.
Diagram
Pre-requirements
Free resources you will need to build this docker project:- Server: Oracle Free VPS, Azure Free VPS, Google Cloud Free VPS, and others
- System: Cloud Vendor Ubuntu, Debian, or DD an original version
- SWAP size increase: wget https://raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh
- Enable Password ssh login
- Enable BBR
- systemctl restart docker
- Domain: (Optional) EU.ORG to get a free one
- Docker, Docker-Compose (Using Ubuntu OS for the commands)
- apt update
- apt install docker.io
- apt install docker-compose
- apt upgrade docker.io
- Portainer (Optional)
- docker volume create portainer_data
- docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
- aapanel with Nginx (Optional)
- Nginx Proxy Manager (Optional)
Docker Run or Docker-Compose
Prerequisites
To get started with this one command Docker OpenVPN installation, you'll have to have a few things:- Linux server
- Public IP address
- Docker
Steps
1 Install docker
- apt update
- apt install docker.io
2 run one line command
Original command from Github
docker run -it --rm --cap-add=NET_ADMIN \
-p 1194:1194/udp -p 80:8080/tcp \
-e HOST_ADDR=$(curl -s https://api.ipify.org) \
--name dockovpn alekslitvinenk/openvpn
docker run -itd --rm --cap-add=NET_ADMIN \
-p 1194:1194/udp -p 80:8080/tcp \
-e HOST_ADDR=$(curl -s https://api.ipify.org) \
--name dockovpn alekslitvinenk/openvpn
More with persisting configuraiton:docker run -itd --rm --cap-add=NET_ADMIN \
-p 1194:1194/udp -p 80:8080/tcp \
-e HOST_ADDR=$(curl -s https://api.ipify.org) \
--name dockovpn alekslitvinenk/openvpn \
-v openvpn_conf:/opt/Dockovpn_data
3 Outputs
root@ub20-1-test:~# docker run -itd --rm --cap-add=NET_ADMIN \
> -p 1194:1194/udp -p 80:8080/tcp \
> -e HOST_ADDR=$(curl -s https://api.ipify.org) \
> --name dockovpn alekslitvinenk/openvpn
Unable to find image 'alekslitvinenk/openvpn:latest' locally
latest: Pulling from alekslitvinenk/openvpn
29291e31a76a: Pull complete
ee9d0fc0608b: Pull complete
050f6b5684f5: Pull complete
3df1fe3bf9f7: Pull complete
7663deeb3206: Pull complete
ee20c2e12945: Pull complete
Digest: sha256:86480f318120c9db963cd431ed08cd240c5eac1c3f74de689476ab68a4666765
Status: Downloaded newer image for alekslitvinenk/openvpn:latest
45f835677b614b285826a6bdfdd735ae9b24307b3605b58d27cd9a858837a4b7
root@ub20-1-test:~#
4 open http://<Public IP> to get your client profile which will be imported to your OpenVPN Client.
Once this http port accessed, it will be automatically shutted down. No more http opened to the world.
5 Download OpenVPN Client for Windows
OpenVPN Connect - Client Software For Windows | OpenVPN
Double click to install it.
6 Run OpenVPN client and import step 4's downloaded file
Verify your ip address from What Is My IP? Best Way To Check Your Public IP Address and speed from Internet Speed Test | Fast.com. Your Public ip will be changed to your VPS's ip now.
The downside of it is the speed performance might be limited by both of your VPS and internet connection.
Notes:
- Log into Dockovpn, docker exec -it dockovpn /bin/bash
- Logs are in the folder /opt/log/Dockvpn/openvpn-status.log
- It supports more than 2 concurrent sessions. Here are four concurrent sessions in the log:
bash-5.1# cat openvpn-status.log
OpenVPN CLIENT LIST
Updated,2023-09-02 14:53:15
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:61313,3279343,130756,2023-09-02 14:52:51
o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:52765,1945156,8131199,2023-09-02 14:50:50
o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:62549,26651919,702882451,2023-09-02 14:29:15
o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:56676,1355538,34810046,2023-09-02 14:19:56
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.14,o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:52765,2023-09-02 14:53:14
10.8.0.18,o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:61313,2023-09-02 14:53:05
10.8.0.6,o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:56676,2023-09-02 14:53:14
10.8.0.10,o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ,160.32.192.102:62549,2023-09-02 14:53:14
GLOBAL STATS
Max bcast/mcast queue length,0
END
bash-5.1#
version:
bash-5.1# openvpn --version
OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022
library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push='no' enable_comp_stub='no' enable_crypto_ofb_cfb='yes' enable_debug='yes' enable_def_auth='yes' enable_dlopen='unknown' enable_dlopen_self='unknown' enable_dlopen_self_static='unknown' enable_fast_install='yes' enable_fragment='yes' enable_iproute2='yes' enable_libtool_lock='yes' enable_lz4='yes' enable_lzo='yes' enable_management='yes' enable_multihome='yes' enable_pam_dlopen='no' enable_pedantic='no' enable_pf='yes' enable_pkcs11='no' enable_plugin_auth_pam='yes' enable_plugin_down_root='yes' enable_plugins='yes' enable_port_share='yes' enable_selinux='no' enable_shared='yes' enable_shared_with_static_runtimes='no' enable_small='no' enable_static='yes' enable_strict='no' enable_strict_options='no' enable_systemd='no' enable_werror='no' enable_win32_dll='yes' enable_x509_alt_username='yes' with_aix_soname='aix' with_crypto_library='openssl' with_gnu_ld='yes' with_mem_check='no' with_sysroot='no'
Client file:
bash-5.1# find / -type f -name "*.ovpn"
/opt/Dockovpn/config/client.ovpn
/opt/Dockovpn_data/clients/o4A2MZCT1WIod3gBZwf7TJpa5ZKzIKWQ/client.ovpn
Install from Cloud Provider's Marketplace
From Oracle
1 Log in to Oracle Cloud Account
2 From Dropdown menu to choose marketplace then choose all applications
3 Search OpenVPN
4 Lauch Instance
5 Create a free instance
Make sure ports 80/443/943, 1194 are open to the public.
Direction | Source Type | Source | Protocol | Source Port | Destination Port |
---|---|---|---|---|---|
Ingress | CIDR | 0.0.0.0/0 | TCP | All | 943 |
Ingress | CIDR | 0.0.0.0/0 | TCP | All | 22 |
Ingress | CIDR | 0.0.0.0/0 | TCP | All | 443 |
Ingress | CIDR | 0.0.0.0/0 | TCP | All | 945 |
Ingress | CIDR | 0.0.0.0/0 | UDP | All | 1194 |
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
Install OpenVPN from Repository
- wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
- echo "deb http://as-repository.openvpn.net/as/debian focal main">/etc/apt/sources.list.d/openvpn-as-repo.list
- apt update
- apt install openvpn-as
- https://<your-ip>:943/admin
- using following command set up password for admin user openvpn
- passwd openvpn
- https://<your-ip>:943
- client access. You will need to create a user from admin portal and set up a password for this client first.
Videos
References
- https://dockovpn.io
- Oracle Quick Start Guide
- Finishing Configuration of Access Server
- [5 Mins Docker] Bring OpenVPN Server Up and Running in One Docker Command
- One Command To Install IPSec VPN Server - Libreswan (IPSec VPN ServerAuto Secutity Script)
- How to Install OpenVPN on Ubuntu
- Configure OpenVPN community edition in OCI
No comments:
Post a Comment