Tag Archives: vpn

27
01
25
 2 Comments

Preventing OpenVPN clients from seeing each other

Posted by | Ubuntu | Tagged |

Listing existing rules

sudo docker exec -it dockovpn_dockovpn_1 bash
iptables --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             state NEW,ESTABLISHED udp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  10.8.0.0/24          anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             state ESTABLISHED udp spt:openvpn
ACCEPT     all  --  anywhere             anywhere
(more…)
26
01
25
 4 Comments

Running VPN Server with Access Server in a Docker container

Posted by | Ubuntu | Tagged |

Run the docker container:

sudo docker pull openvpn/openvpn-as
sudo ufw allow 1194/udp
sudo ufw allow 943/tcp
sudo ufw allow 1443/tcp

sudo docker run -d --rm \
  --name=openvpn-as --device /dev/net/tun \
  --cap-add=MKNOD --cap-add=NET_ADMIN \
  -p 943:943 -p 1443:443 -p 1194:1194/udp \
  -v /var/lib/openvpn-as:/openvpn \
  openvpn/openvpn-as

sudo docker logs -f openvpn-as | grep "generated pass"

Auto-generated pass = "*********". Setting in db...
(more…)
13
01
25
 3 Comments

Using tcpdump with OpenVPN

Posted by | Ubuntu | Tagged , |

VPN service opens tun0 device in the docker container:

sudo docker exec -it 966f926484bc sh
/opt/Dockovpn # ifconfig

eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03
          inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20553 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20539 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:14609434 (13.9 MiB)  TX bytes:14757264 (14.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7825 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12572 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:1673378 (1.5 MiB)  TX bytes:12115333 (11.5 MiB)
(more…)
12
01
25
 5 Comments

Connecting to OpenVPN from an Android device

Posted by | Ubuntu | Tagged , |

I cloned repository https://github.com/dockovpn/dockovpn and updated config/server.conf to increase the server log verbosity by setting verb to 4:

port 1194
proto %HOST_TUN_PROTOCOL%
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/MyReq.crt
key /etc/openvpn/MyReq.key
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
duplicate-cn
keepalive 10 120
cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-256-CBC
auth SHA512
persist-key
persist-tun
status openvpn-status.log
verb 4
tls-server
tls-version-min 1.2
tls-auth /etc/openvpn/ta.key 0
crl-verify /etc/openvpn/crl.pem
(more…)
14
10
22
 8 Comments

OpenVPN in a Docker container

Posted by | Ubuntu | Tagged , |

Run a docker container:

export MY_IP=$(curl -s https://api.ipify.org)

sudo docker run -it --rm --cap-add=NET_ADMIN -p 1194:1194/udp -e HOST_ADDR=$MY_IP --name dockovpn alekslitvinenk/openvpn

or

sudo docker run -it --rm --cap-add=NET_ADMIN -p 1194:1194/udp -e HOST_ADDR=$MY_IP --name dockovpn alekslitvinenk/openvpn -v openvpn_conf:/opt/Dockovpn_data

to persist generated files in volume storage.

Type Ctrl+P then Ctrl+Q to turn interactive mode to daemon mode.

Determine its IP address:

sudo docker ps
sudo docker inspect dockovpn | grep IPAddress
(more…)