VPN container providing access to host's LAN?
I am accessing my home network with a VPN running in a docker container in my home server.
That sounds similar to what you want to do.
Here's how I configured it (using this docker image - note that the documentation of the docker image should be enough)
-
Use a “convenience” environment variable to store the path to your persistent storage location that will be bind-mounted to the container.
OVPN_DATA="/n7wings/openvpn/"
-
Run an ephemeral instance (–rm) of the image to initialize the data directory of the container (ovpn-host should be the hostname of your openvpn server)
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://ovpn-host
-
Run an interactive ephemeral instance of the image to generate the opevnpn CA certificate and server key (you will have to type your passphrase for the private key)
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
-
Run the VPN service: start and detach the container (-d) and map a host port to the UDP container port where the openvpn server process is listening (1194). In this example the host port will be 1195
docker run -v $OVPN_DATA:/etc/openvpn -d -p 1195:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
-
Generate client configuration (i.e., add a user to the VPN). If you omit the nopass option, the client key will be encrypted with a passphrase.
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full vince nopass
The client key will be in ${OVPN_DATA}/pki/private
and the certificate in ${OVPN_DATA}/pki/issued
-
Retrieve the client configuration to a local file:
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient vince > vince.ovpn
If you need to add more users, just repeat the last two steps to create a user configuration on the server and retrieve the ovpn file.
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I'm kinda new to this Docker thing and I'm interested in getting a biffed up VPS for some containers (websites/data, mysql, nginx, rocket.chat, etc) but I wouldn't like to access them in the wild (even through SSH) and some VPS hosts's console access are plain cumbersome. So, here's my question:
I've got around 3 separate VPS sharing a common network: 10.0.0.1 thru 10. I'd like to know if, in the host (10.0.0.5) I can set up a docker server, then, inside I can set up an OpenVPN container (or any other kind of VPN) so I can connect from outside to the other VPSes (10.0.0.3, 10.0.0.8, and so on).
Bear in mind that I'm not looking for a privacy-related VPN, I don't want to route traffic nor go outside with the VPS's IP, I just want to "get inside" the internal network I have shared with my VPS (Vultr in case you're wondering, they have a private IPv4 service only for the VMs in my account so it's safe for them) through a VPN for added security and commodity, so I can access a few hosts naturally (and maybe containers as well?) using SSH/RDP/etc. with a single connection instead of having 10 profiles in PuTTY for each server.
Any pointers would be greatly appreciated. Please also take note I'm a newbie regarding docker, I'm a developer & IT guy so I know my way around, but I don't have much idea about networking so I'm not sure if it's possible - and if it is, then can you please tell me how?
Thanks!
-
jtomasrl over 4 yearswhat if I want to keep openvpn on its own bridge network between the containers I want to access to, but I also need ssh access to the host?
-
Vincenzo Pii over 4 yearsWould connecting the vpn container to multiple networks work? success.docker.com/article/multiple-docker-networks