mobile-logo

OpenVPN Setup and Configuration

Posted By :Ankit Kumar |26th November 2019

Quick Start with docker-compose
~~~~~~~~~~~~~~~~~~~~~~~~~

version: '3'
services:

  openvpn:
    cap_add:
     - NET_ADMIN
    image: kylemanna/openvpn:2.4
    container_name: openvpn
    ports:
     - "1194:1194/udp"
    restart: always
    volumes:
     - ./openvpn-data:/etc/openvpn

 

1. Initialize the configuration files and certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>> ovpn_genconfig   :This command will generates "ccd" directory and openvpn.conf && ovpn_env.sh in the mounted volume.

docker-compose run --rm openvpn ovpn_genconfig -u udp://3.19.1.170

>> ovpn_initpki     :easyrsa ‘init-pki’, ‘build-ca’ ‘gen-dh’ ‘build-server-full’ && openvpn genkey  ?

docker-compose run --rm openvpn ovpn_initpki

PEM pass phrase: "Generate_Your_MASTER_PASSPHRASE"

Common Name( eg user/host/server name ): "You_Can_Leave_it_Empty" 

Once done you'll be again prompted to provide your passphrase: provide_your_master_passphrase_here

 

2. Fix ownership (If you get permission related  errors, this may not be needed)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sudo chown -R $(whoami): ./openvpn-data

 

3. Start OpenVPN server process
~~~~~~~~~~~~~~~~~~~~~~~~~

docker-compose up -d

 

4. Accessing the container logs with
~~~~~~~~~~~~~~~~~~~~~~~~~

docker-compose logs -f

 

5. Generating a client certificate
~~~~~~~~~~~~~~~~~~~~~~

export CLIENTNAME="your_client_name"

 

# Certificate protected with a passphrase (recommended)

docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME

 

>enter passphrase for clientkey
>verify the passphrase
>enter MasterPassphrase

 

# Certificate without a passphrase (not recommended)

docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass

 

6. Retrieving the client configuration with embedded certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn

 

7. On Client Machine Install openvpn:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sudo apt install openvpn

>>On Client Machine run openvpn using client key

sudo openvpn --config tclient1.ovpn

 

>>Revoke a client certificate

# Keep the corresponding cert, keys and req. files.

docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME

 

# Remove the corresponding cert, keys and req. files.

docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove

 

 


About Author

Ankit Kumar

RedHat certified in System Administration as well as Ansible Automation. A self-motivated professional with excellent research skill, enthusiasm to learn new things and always try to do his best

Request For Proposal

[contact-form-7 404 "Not Found"]

Ready to innovate ? Let's get in touch

Valued Services

Expertise

Resources

Connect with us

Copyright © 2017-2024 Oodles Technologies. All rights reserved.
Chat With Us