Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recommend a compatible openvpn image #25

Closed
Miwer opened this issue Jun 21, 2021 · 4 comments
Closed

Recommend a compatible openvpn image #25

Miwer opened this issue Jun 21, 2021 · 4 comments

Comments

@Miwer
Copy link

Miwer commented Jun 21, 2021

Hi,

I'm trying to make ovpn-admin work with my previously deployed openvpn, based on kylemanna/openvpn, but I cannot get it fully working.

I managed to make ovpn-admin connect, and list the created certificates, but I cannot change passwords, or revoke them. Change password button does not even show, and when I try to revoke, nothing happens, and user is not revoked.

Can anyone suggest an alternative openvpn image, that will work with ovpn-admin?
I can't use the provided docker-compose file, since building the images does not work on my setup.

Thank you :)
@pashcovich
Copy link
Contributor

hi,
I have never tested it with an alternative openvpn image, only with the provided one

to enable password auth, as well as the ability to change passwords you need to install binary from this repo https://github.com/pashcovich/openvpn-user and setup your openvvpn instance like in README but providing path to users database file(the same as for ovpn-admin) like in this file
and start ovpn-admin with --auth.password --auth.db="PATH/TO/USERS_DATABASE_FILE"

@Miwer
Copy link
Author

Miwer commented Jun 22, 2021

Hi Pashcovich - you say "only the provided one" - do you provide a ready to use image for openvpn, that I can pull in docker? So far I could only find the flant/ovpn-admin image on hub.docker.com.

@pashcovich
Copy link
Contributor

yes, we have such image

you need to use tag openvpn-VERSION for e.g.

flant/ovpn-admin:openvpn-latest

we built it from this Dockerfile

@Miwer
Copy link
Author

Miwer commented Jun 22, 2021

Great info - thanks.
I got it working now. Can revoke, and unrevoke certificates now. Not sure if I'll use password database or not. It's not the same as using passwords in kylemannas openvpn image, as that is the client private key that's encrypted with a password (and thus, changing password means re-issue the client certificate)

So this is the docker compose file I ended up using:

version: '3'

volumes:
    openvpn-easyrsa:
        name: openvpn-easyrsa
    openvpn-ccd:
        name: openvpn-ccd
        
services:
  openvpn:
    image: flant/ovpn-admin:openvpn-latest
    container_name: openvpn
    command: /etc/openvpn/setup/configure.sh
    cap_add:
      - NET_ADMIN
    ports:
      - 7777:1194 # for openvpn
      - 8080:8080 # for ovpn-admin because of network_mode
    volumes:
      - openvpn-easyrsa:/etc/openvpn/easyrsa
      - openvpn-ccd:/etc/openvpn/ccd
  ovpn-admin:
    image: flant/ovpn-admin
    command: /app/ovpn-admin --debug --ovpn.network="172.16.100.0/22" --easyrsa.path="/mnt/easyrsa" --easyrsa.index-path="/mnt/easyrsa/pki/index.txt" --ovpn.server="<vpn-server-fqdn>:7777:tcp"
    container_name: ovpn-admin
    network_mode: service:openvpn
    volumes:
      - openvpn-easyrsa:/mnt/easyrsa
      - openvpn-ccd:/mnt/ccd

@Miwer Miwer closed this as completed Jun 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Miwer @pashcovich