Notes gather:
This portion is setting up a cloud based openvpn server
OpenVPN provides a way to create virtual private networks (VPNs) using TLS (evolution of SSL) encryption. OpenVPN protects the network traffic from eavesdropping and man-in-the-middle (MITM) attacks. The private network can be used to securely connect a device, such as a laptop or mobile phone running on an insecure WiFi network, to a remote server that then relays the traffic to the Internet. Private networks can also be used to securely connect devices to each other over the Internet.
Docker provides a way to encapsulate the OpenVPN server process and configuration data so that it is more easily managed. The Docker OpenVPN image is prebuilt and includes all of the necessary dependencies to run the server in a sane and stable environment. Scripts are included to significantly automate the standard use case, but still allow for full manual configuration if desired. A Docker volume container is used to hold the configuration and EasyRSA PKI certificate data as well.
Goals
- Set up the Docker daemon on Ubuntu 14.04 LTS
- Set up a Docker volume container to hold the configuration data
- Generate a EasyRSA PKI certificate authority (CA)
- Extract auto-generated client configuration files
- Configure a select number of OpenVPN clients
- Handle starting the Docker container on boot
- Introduce advanced topics
This is forum notes for the voxl setup
With OpenVPN,
built / hosted on a GCP VM server
Here’s an example of the settings we use in one of our .ovpn key files:
proto udp
tun-mtu 1300
mssfix 1260
comp-lzo no
client
nobind
dev tun
remote-cert-tls server
remote $SERVER_IP 1194 udp
setup the server: https://hub.docker.com/r/kylemanna/openvpn/
scripts to run
helper scripts that we can take advantage of to get things going on boot:
First, enable the voxl-time-sync service which will run on boot and then exit once the date/time is correct:
systemctl enable voxl-time-sync
Next, we can take advantage of the vpn-start system service to get openvpn running on boot.
This service file lives in /etc/systemd/system/vpn-start.service and by default looks like this:
[Unit]
After=voxl-time-sync.service
Requires=voxl-time-sync.service
[Service]
Type=forking
ExecStartPre=/bin/sleep 2
ExecStart=/usr/sbin/openvpn --script-security 2 --daemon --config /etc/openvpn/KEY_FILE
[Install]
WantedBy=default.target
What you will want to do is modify this file so that it points to your key file instead of the default path.
Once you do that you can run systemctl daemon-reload to tell systemd to pull from this updated file.
Lastly, you can enable this service to run on boot with systemctl enable vpn-start, as you’ll notice this vpn-start service depends on the voxl-time-sync service and therefore won’t start until the system clock time is correct.
After all this, do a reboot and you should see the VPN come up on boot.
More
The file output that I posted is /etc/systemd/system/vpn-start.service, you can look in /etc/systemd/system and see all of the systemd service files that VOXL uses.
The high level description for the VOXL SDK is here: https://docs.modalai.com/voxl-sdk/
voxl-suite info here: https://docs.modalai.com/voxl-suite/
The VPN info for example is under the utilities subsection of voxl-suite: https://docs.modalai.com/sdk-utilities/
Other high level feature descriptions here: https://docs.modalai.com/high-level-features/
If you want to look at the actual code, you can explore here: https://gitlab.com/voxl-public/voxl-sdk
Reply Quote 0 B 1 Reply Last reply 14 days ago