This portion is setting up a cloud based openvpn server
OpenVPN provides a way to create virtual private networks (VPNs) using TLS (evolution of SSL) encryption. OpenVPN protects the network traffic from eavesdropping and man-in-the-middle (MITM) attacks. The private network can be used to securely connect a device, such as a laptop or mobile phone running on an insecure WiFi network, to a remote server that then relays the traffic to the Internet. Private networks can also be used to securely connect devices to each other over the Internet.
Docker provides a way to encapsulate the OpenVPN server process and configuration data so that it is more easily managed. The Docker OpenVPN image is prebuilt and includes all of the necessary dependencies to run the server in a sane and stable environment. Scripts are included to significantly automate the standard use case, but still allow for full manual configuration if desired. A Docker volume container is used to hold the configuration and EasyRSA PKI certificate data as well.
- Set up the Docker daemon on Ubuntu 14.04 LTS
- Set up a Docker volume container to hold the configuration data
- Generate a EasyRSA PKI certificate authority (CA)
- Extract auto-generated client configuration files
- Configure a select number of OpenVPN clients
- Handle starting the Docker container on boot
- Introduce advanced topics
This is forum notes for the voxl setup
built / hosted on a GCP VM server
Here’s an example of the settings we use in one of our .ovpn key files:
proto udp tun-mtu 1300 mssfix 1260 comp-lzo no client nobind dev tun remote-cert-tls server remote $SERVER_IP 1194 udp
setup the server: https://hub.docker.com/r/kylemanna/openvpn/
scripts to run
First, enable the
voxl-time-sync service which will run on boot and then exit once the date/time is correct:
systemctl enable voxl-time-sync
Next, we can take advantage of the
vpn-start system service to get openvpn running on boot.
This service file lives in
/etc/systemd/system/vpn-start.service and by default looks like this:
[Unit] After=voxl-time-sync.service Requires=voxl-time-sync.service [Service] Type=forking ExecStartPre=/bin/sleep 2 ExecStart=/usr/sbin/openvpn --script-security 2 --daemon --config /etc/openvpn/KEY_FILE [Install] WantedBy=default.target
What you will want to do is modify this file so that it points to your key file instead of the default path.
Once you do that you can run
systemctl daemon-reload to tell systemd to pull from this updated file.
Lastly, you can enable this service to run on boot with
systemctl enable vpn-start, as you’ll notice this
vpn-start service depends on the
voxl-time-sync service and therefore won’t start until the system clock time is correct.
After all this, do a reboot and you should see the VPN come up on boot.
The file output that I posted is
/etc/systemd/system/vpn-start.service, you can look in
/etc/systemd/system and see all of the systemd service files that VOXL uses.
The high level description for the VOXL SDK is here: https://docs.modalai.com/voxl-sdk/
voxl-suite info here: https://docs.modalai.com/voxl-suite/
The VPN info for example is under the utilities subsection of voxl-suite: https://docs.modalai.com/sdk-utilities/
Other high level feature descriptions here: https://docs.modalai.com/high-level-features/
If you want to look at the actual code, you can explore here: https://gitlab.com/voxl-public/voxl-sdk