/docker-vpn

Implementation of a VPN network with a Certificate Authority using Docker and OpenVPN.

Primary LanguageShell

Docker VPN

Implementation of a VPN network with a Certificate Authority using Docker and OpenVPN.

Features:

  • OpenVPN network (many-clients <-> one-server) configured with PKI CA using EasyRSA.
  • The Certificate Authority keys are contained in a single TAR file. It's possible to have different CA at the same time.
  • Lightweight server and client containers based on Alpine Linux.
  • The server and client configuration files are contained in a single ZIP file.
  • It's possible to create a single configuration file for each client in ovpn format that contains all the necessary certificates and keys.
  • All the internet traffic is tunneled through the VPN.
  • Clients inside the same VPN network can connect with each other.

Repositories:

How to use:

1. Install Docker:
2. Build Docker Images:
./build.sh

Creates three images:

  • alxprd/vpn:ca Handles the Certificate Authority.
  • alxprd/vpn:server Runs a OpenVPN server.
  • alxprd/vpn:client Runs a OpenVPN client.
3. Create Certificate Authority:
./setup-ca.sh <ca_name>
# Example: ./setup-ca.sh ca

Creates a package (data/ca_name.tar) with all the keys and files of the CA.

4. Create Server:
./setup-server.sh <ca_package_path> <server_name>
# Example: ./setup-server.sh ./data/ca.tar server1

Creates a package (data/server_name.zip) with all the OpenVPN server configuration files. Creates a new certificate/key pair named server_name inside the CA package if it doesn't exist.

Optional:

./copy-server-to-remote.sh <server_config_path> <user@host:path>
# Example: ./copy-server-to-remote.sh ./data/server1.zip alxprd@127.0.0.1:/home/alxprd

Copy an existing server config package to a remote host using scp.

5. Create Client:
./setup-client.sh <ca_package_path> <client_name> <server_name> <server_address> [-compact]
# Example 1: ./setup-client.sh ./data/ca.tar client1 server1 172.17.0.2
# Example 2: ./setup-client.sh ./data/ca.tar client2 server1 172.17.0.2 -compact

Creates a package (data/client_name.zip) with all the OpenVPN client configuration files to connect to server_name. Creates a new certificate/key pair named client_name inside the CA package if it doesn't exist. The server server_name must be created in advance in the CA package to be able to get the shared secret (ta.key). server_address is the address of the remote host where the server is running. If the flag -compact is used only one file (data/client_name.ovpn) will be created containing all the information needed to connect to the server.

6. Start Server:
./start-server.sh <server_config_path>
# Example: ./start-server.sh ./data/server1.zip

Runs the server using the configuration from server_config_path.

To check the logs from the Docker container of the VPN server:

docker logs <vpn-server-container-name>
# Example: docker logs vpn-server-server1

To start a shell in the Docker container of the VPN server:

docker exec -it <vpn-server-container-name> sh
# Example: docker exec -it vpn-server-server1 sh
7. Start Client:
./start-client.sh <client_config_path>
# Example 1: ./start-client.sh ./data/client1.zip
# Example 2: ./start-client.sh ./data/client2.ovpn

Runs the server using the configuration from client_config_path.

To check the logs from the Docker container of the VPN client:

docker logs <vpn-client-container-name>
# Example: docker logs vpn-client-client1

To start a shell in the Docker container of the VPN client:

docker exec -it <vpn-client-container-name> sh
# Example: docker exec -it vpn-client-client1 sh

Other useful commands:

Check public IP:

curl ipinfo.io/ip

Check incoming DNS requests with dnsmasq:

dnsmasq --no-daemon -q

OpenVPN configuration templates:

Sources: