adapted from https://gist.github.com/aeimer/543c231b3ae0fbf8f4f00dc911d9379a for Raspberry Pi architecture
-
Build docker image for Raspberry Pi using the script
build_rpi_image.sh:#!/bin/bash echo echo "### Build image for Raspberry PI" git clone https://github.com/kylemanna/docker-openvpn.git cd docker-openvpn sudo docker build . --tag openvpn-rpi -f Dockerfile.aarch64 echo echo "### Done"
Until kylemanna/docker-openvpn#759 is accepted and merged, you have to run the alternative script below instead:
#!/bin/bash
echo
echo "### Build image for Raspberry PI"
#git clone https://github.com/kylemanna/docker-openvpn.git
git clone https://github.com/lhoupert/docker-openvpn/
cd docker-openvpn
git checkout patch-1
sudo docker build . --tag openvpn-rpi -f Dockerfile.aarch64
echo
echo "### Done"-
Run the
setup_vpn.shscript. Save the passphrase as it will be needed for every task:#!/bin/bash echo echo "### Setup OpvenVPN Server" # Adapt this path for your needs BASE_PATH="/home/lhoupert/dockercontainers/openvpn" OVPN_DATA="$BASE_PATH/data" # maybe rename in openvpn-data SERVER_NAME="vpn.lhoupert.fr" docker run -v $OVPN_DATA:/etc/openvpn --rm openvpn-rpi ovpn_genconfig -u udp://$SERVER_NAME docker run -v $OVPN_DATA:/etc/openvpn --rm -it openvpn-rpi ovpn_initpki echo echo "### Done"
-
Check that port 1194 is opened in firewall royalmail
MYIP=$(curl ifconfig.me) sudo nmap -sU -p 1194 ${MYIP}
-
Add lines below in data/openvpn.cnf
### Open Management Port management 0.0.0.0 5555 -
Start OpenVPN server and OpenVPN-monitor
Create a docker-compose.yml file:
version: "2" services: openvpn: image: openvpn-rpi volumes: - "./data:/etc/openvpn" - "/etc/localtime:/etc/localtime:ro" ports: - "1194:1194/udp" expose: - 5555 cap_add: - NET_ADMIN openvpn_monitor: image: ruimarinho/openvpn-monitor environment: # General OPENVPNMONITOR_DEFAULT_DATETIMEFORMAT: "%d/%m/%Y %H:%M:%S" OPENVPNMONITOR_DEFAULT_LOGO: https://exmaple.com/logo.png OPENVPNMONITOR_DEFAULT_MAPS: "True" OPENVPNMONITOR_DEFAULT_LATITUDE: "48.8" OPENVPNMONITOR_DEFAULT_LONGITUDE: "2.35" OPENVPNMONITOR_DEFAULT_SITE: Live # Site 1 - OpenVPN1 OPENVPNMONITOR_SITES_0_ALIAS: OVPN1 OPENVPNMONITOR_SITES_0_HOST: openvpn OPENVPNMONITOR_SITES_0_NAME: OPENVPN1 OPENVPNMONITOR_SITES_0_PORT: 5555 networks: - default ports: - "8880:80"
Build and start docker compose stack:
docker-compose up -d
-
Generate a client certificate by running the script
gen_client_cert.sh#!/bin/bash # Adapt this path for your needs BASE_PATH="/home/lhoupert/dockercontainers/openvpn" OVPN_DATA="$BASE_PATH/data" echo echo "### Generate clinet cert" echo echo "# Clientname" echo "Enter the clients name:" read CLIENTNAME docker run -v $OVPN_DATA:/etc/openvpn --rm -it openvpn-rpi easyrsa build-client-full $CLIENTNAME nopass echo echo "# Retrieve config" echo if [ ! -d $BASE_PATH/clients ] ; then mkdir $BASE_PATH/clients fi docker run -v $OVPN_DATA:/etc/openvpn --rm openvpn-rpi ovpn_getclient $CLIENTNAME > "$BASE_PATH/clients/$CLIENTNAME.ovpn" echo echo "# Wrote config to folder clients" echo echo "### DONE" ``
-
Make sure the ovh domain name point to the correct IP address: See (here) and (here)
Hey, I update the gist, hopefully it makes more sense? You need to have docker-compose installed https://docs.docker.com/compose/install/