OpenVPN MFA Setup Via Docker Compose and OpenVPN In General

Posted By : Iftikhar Hussain | 10-Nov-2022

server security DevOps Docker

Loading...

OpenVPN-MFA Setup Via Docker Compose

1. Firstly decide the location for the docker-compose file and write the following script as

version: "2.1"

services:

openvpn-as:

image: ghcr.io/linuxserver/openvpn-as

container_name: openvpn-as1

cap_add:

- NET_ADMIN

environment:

- PUID=1000

- PGID=1000

- TZ=Europe/London

- INTERFACE=eth0 #optional

# volumes:

# - <path to data>:/config

ports:

- 943:943

- 9443:9443

- 1194:1194/udp

restart: unless-stopped

2. Now, run the command

$ docker-compose up -d

3. You may face an issue in login to admin-Ui by default user openvpn, So To overcome from this run the given command Inside The Container

/usr/local/openvpn_as/bin/ovpn-init --force

Please Note that at the prompt step of using the default user as openvpn write no , and in username type [ admin ]

To reset your password use:

$ passwd admin

$ apt-get install systemd -y

$ systemctl enable openvpnas




Now , Go To openvpn admin web-UI:

URL: https://IPorDomain:943/admin [ please always use https in both cases either IP or domain, http will give an error]

## Do not hesitate to click on show advance and proceed to url given at the end

And enter your creds as below

Then,

An agreement thing will pop up like this, kindly Agree and continue.

Now,

In Network Settings --> In Hostname/Ip address add Public IP. [ This one is the foremost thing ]

YOUR OPEN VPN IS CONFIGURED.


TO ADD MFA FUNCTIONALITY:

Firstly create a new user from OpenVPN admin-UI from the user management section.

After that in the authentication section enable the Google authenticator MFA authentication. [yes]


Now GO TO OpenVPN client UI [ URL: https://IP:943 ]

log in with the user credentials which you have created recently in the OpenVPN admin UI.

after login, a QR code will be displayed and ask for 6 digit code

scan the QR from the google authenticator app and type the verification code

You will get logged in and you have to download a .ovpn file so that you can connect with the VPN.

Click on Yourself(user-locked-profile) and a (.ovpn) file will be downloaded.

Now, Go to the local machine and type the command as

$ sudo openvpn --config filename.ovpn

Give your credentials according to the prompt

after this, you will be connected to the VPN server.

*************************************************************************************************************

OpenVPN with Docker-Compose


OpenVPN Setup and Configuration Using Docker-Compose

Here, we’ll see how to set up and configure OpenVPN using docker-compose

Quick Start With Docker-Compose

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

>>Add a new service in docker-compose.yml

version: '3'

services:

OpenVPN:

cap_add:

- NET_ADMIN

image: kylemanna/openvpn:2.4

container_name: openvpn

ports:

- "1194:1194/udp"

restart: always

volumes:

- ./openvpn-data:/etc/openvpn


1. Initialize The Configuration Files and Certificates

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>> ovpn_genconfig :This cmd will generate "ccd" directory and openvpn.conf && ovpn_env.sh in the mounted volume.

#docker-compose run --rm openvpn ovpn_genconfig -u udp://3.19.1.170

>> ovpn_initpki :easyrsa ‘init-pki’, ‘build-ca’ ‘gen-dh’ ‘build-server-full’ && openvpn genkey ​

#docker-compose run --rm openvpn ovpn_initpki

PEM pass phrase: "Generate_Your_MASTER_PASSPHRASE"

Common Name( eg user/host/server name ): "You_Can_Leave_it_Empty"

Once done you'll be again prompted to provide your passphrase: provide_your_master_passphrase_here


2. Fix ownership (depending on how to handle your backups, this may not be needed)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sudo chown -R $(whoami): ./openvpn-data

3. Start the OpenVPN Server Process

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

docker-compose up -d

4. Access The Container Logs With

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

docker-compose logs -f

5. Generate a Client Certificate

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

export CLIENTNAME="your_client_name"

# with a passphrase (recommended)

docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME

>enter passphrase for clientkey

>verify the passphrase

>enter MasterPassphrase

# without a passphrase (not recommended)

docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass

6. Retrieve Client Configuration With Embedded Certificates

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn

7. On The Client Machine Install OpenVPN:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sudo apt install openvpn

>>On Client Machine run using the client key

sudo openvpn --config tclient1.ovpn

We provide custom enterprise solutions with a focus on building enterprise-grade web and mobile applications. Our enterpriseweb appdevelopment servicesinclude 360-degree software testing to render seamless app performance across a myriad of devices. For more information, reach us out at[email protected].