Setup a VPN server using Pritunl container
I constructed OpenVPN server with pritunl
Motivation
VPN is perfect for my following requests.- operate my Raspberry-Pi at home from outside over internet.
- access Japanese mobile web service (Facebook, LINE, etc...) from other country with restricted internet service.
Pre-Setup
Before setup Pritunl VPN server, eporses network ports used in the server. Port 1194 is used for VPN, and Port 443 is temporary used for Pritunl web console.
sudo firewall-cmd --permanent --add-port=1194/udp
sudo firewall-cmd --permanent --add-port=1194/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --reload
sudo firewall-cmd --permanent --add-port=1194/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --reload
Setup Pritunl
I used jippi/pritnul docker image. How to create Pritunl container is posted on the docker hub. When starting docker container, forward 1194 port to docker host for OpenVPN and forward 443 port to docker host for https pritunl console access.
mkdir -p $(pwd)/vpn/{mongodb,pritunl}
touch $(pwd)/vpn/pritunl.conf
docker run -d --privileged --restart=always --name pritunl \
-p 1194:1194/udp \
-p 1194:1194/tcp \
-p 443:443/tcp \
-v $(pwd)/vpn/mongodb:/var/lib/mongodb \
-v $(pwd)/vpn/pritunl:/var/lib/pritunl \
-v $(pwd)/vpn/pritunl.conf:/etc/pritunl.conf \
jippi/pritunl
To create VPN server, access pritunl on web browser.
touch $(pwd)/vpn/pritunl.conf
docker run -d --privileged --restart=always --name pritunl \
-p 1194:1194/udp \
-p 1194:1194/tcp \
-p 443:443/tcp \
-v $(pwd)/vpn/mongodb:/var/lib/mongodb \
-v $(pwd)/vpn/pritunl:/var/lib/pritunl \
-v $(pwd)/vpn/pritunl.conf:/etc/pritunl.conf \
jippi/pritunl
https://<your docker host server>
The defaul username/password is pritunl/pritunl.
If your docker host is public server, it is not good for security not to change username and password.On Pritunl web console, you have to generate Organization, User and Server. User is a VPN client. It seems that two same user cannot connect to VPN at the same time, so I think User should be created for each VPN client device. Organization is a group for VPN clients. The users in identical organization belongs to identical virtual local network. Server is a VPN server for organizaion.
The OpenVPN client file (.ovpn) can be issued for a user. You can dounload the file form ther user management page.
Before starting full VPN operation, restart the pritunl docker container without https(443) port. It provides you more secure VPN service because anyone outside host cannot create or issue a new VPN client key.
docker stop pritunl
docker rm pritunl
docker run -d --privileged --restart=always --name pritunl \
-p 1194:1194/udp \
-p 1194:1194/tcp \
-v $(pwd)/vpn/mongodb:/var/lib/mongodb \
-v $(pwd)/vpn/pritunl:/var/lib/pritunl \
-v $(pwd)/vpn/pritunl.conf:/etc/pritunl.conf \
jippi/pritunl
docker rm pritunl
docker run -d --privileged --restart=always --name pritunl \
-p 1194:1194/udp \
-p 1194:1194/tcp \
-v $(pwd)/vpn/mongodb:/var/lib/mongodb \
-v $(pwd)/vpn/pritunl:/var/lib/pritunl \
-v $(pwd)/vpn/pritunl.conf:/etc/pritunl.conf \
jippi/pritunl
Profile
I have technical job experience in enbedded software development and server side infrastructure/application engineering.
I'm interested in programming and computer security.
Objective
To write down my technical knowledge in the place where I can access from anywhere.
To share my program source code.
To train my writing skill.
New entries