docker-openvpn
docker-openvpn copied to clipboard
kylemanna
OpenVPN 2.5
Hi,
first beta versions of 2.5 are out. Could u provide such images please?
@kylemanna: The final is out!
OpenVPN 2.5.0 (2020-10-27):
- https://openvpn.net/
- https://github.com/OpenVPN/openvpn/releases
Announcement:
- https://sourceforge.net/p/openvpn/mailman/message/37138737/
OpenVPN 2.5 is a new major release with many new features:
- Client-specific tls-crypt keys (–tls-crypt-v2)
- Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN data channel
- Improved Data channel cipher negotiation
- Removal of BF-CBC support in default configuration
- Asynchronous (deferred) authentication support for auth-pam plugin
- Deferred client-connect
- Faster connection setup
- Netlink support
- Wintun support
- IPv6-only operation
- Improved Windows 10 detection
- Linux VRF support
- TLS 1.3 support
- Support setting DHCP search domain
- Handle setting of tun/tap interface MTU on Windows
- HMAC based auth-token support
- VLAN support
- Support building of .msi installers for Windows
- Allow unicode search string in –cryptoapicert option (Windows)
- Support IPv4 configs with /31 netmasks now
- New option –block-ipv6 to reject all IPv6 packets (ICMPv6)
- MSI installer (Windows)
- The MSI installer now bundles EasyRSA 3, a modern take on OpenVPN CA management
Overview of changes in OpenVPN v2.5:
- https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25
Overview of changes in OpenVPN v2.4:
- https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
Waiting and watching for it to land in Alpine:
https://pkgs.alpinelinux.org/packages?name=openvpn&branch=edge
Looks like it is ready https://pkgs.alpinelinux.org/package/edge/main/x86_64/openvpn
Can those interested test out the edge Docker tag / git branch?
~/t/r/docker-openvpn ❯❯❯ docker pull kylemanna/openvpn:edge ; docker run --rm -it kylemanna/openvpn:edge openvpn --version
7597eaba0060: Already exists
863e5229deb4: Pull complete
381227b57d63: Pull complete
2b80629331c3: Pull complete
dceb0e632215: Pull complete
Digest: sha256:24ea4611c1fd2a7e84750c7c92cae7ddee100d02bd4f609c6621974b5745a1f8
Status: Downloaded newer image for kylemanna/openvpn:edge
docker.io/kylemanna/openvpn:edge
OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 5 2020
library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push='no' enable_comp_stub='no' enable_crypto='yes' enable_crypto_ofb_cfb='yes' enable_debug='yes' enable_def_auth='yes' enable_dlopen='unknown' enable_dlopen_self='unknown' enable_dlopen_self_static='unknown' enable_fast_install='yes' enable_fragment='yes' enable_iproute2='yes' enable_libtool_lock='yes' enable_lz4='yes' enable_lzo='yes' enable_management='yes' enable_multihome='yes' enable_pam_dlopen='no' enable_pedantic='no' enable_pf='yes' enable_pkcs11='no' enable_plugin_auth_pam='yes' enable_plugin_down_root='yes' enable_plugins='yes' enable_port_share='yes' enable_selinux='no' enable_shared='yes' enable_shared_with_static_runtimes='no' enable_small='no' enable_static='yes' enable_strict='no' enable_strict_options='no' enable_systemd='no' enable_werror='no' enable_win32_dll='yes' enable_x509_alt_username='no' with_aix_soname='aix' with_crypto_library='openssl' with_gnu_ld='yes' with_mem_check='no' with_sysroot='no'
Can those interested test out the
edgeDocker tag / git branch?
I have now deployed the edge container to my server, several clients (Linux desktop / Android phones) work fine as before. I am not using any advance configurations though.
@kylemanna could you tag edge also as 2.5 to make explicit users could pin a container to a specific image version?
@kylemanna could you tag
edgealso as2.5to make explicit users could pin a container to a specific image version?
Yes, please make that explicit.
The image with the latest tag was pushed to Docker Hub more than a year ago, back in 2020, which is a bit out of date if you ask me. I've just built a new one using Dockerfile provided in this repo. Feel free to use it docker pull lisenet/openvpn:2.5.
@kylemanna: Are there any plans to update the container image to the latest OpenVPN version? Or is this project deprecated?
Seems that developer has no interest in this project anymore... Would be great to have an official statement, then everybody can decicde hisself
I use the script below to build a new image which is saved to Gitlab's registry. If you use this you must update the Gitlab URL's. Feel free to use and/or improve it (it is a bit hacky)
#!/usr/bin/env bash
# Require sudo
if [[ $UID != 0 ]]; then
echo "Please run this script with sudo:"
echo "sudo $0 $*"
exit 1
fi
# Set this variable to the last openvpn-version at http://dl-cdn.alpinelinux.org/alpine/latest-stable/main/x86_64/
OPENVPN_VERSION="2.5."
# Set absolute path to the same directory as this script is placed in.
ABSOLUTE_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
read -p "Open http://dl-cdn.alpinelinux.org/alpine/latest-stable/main/x86_64/ and enter the latest version of openvpn (e.g. 2.5.2)# " -e -i "$OPENVPN_VERSION" OPENVPN_VERSION
# Pull down latest version of alpine (or the image will be built with cached version)
docker pull alpine:latest
# Clone docker-openvpn repository
git clone https://github.com/kylemanna/docker-openvpn
# Build image
cd ${ABSOLUTE_PATH}/docker-openvpn
# Look for the testing repo and add main repo afterwards
sed '/^RUN echo "http:\/\/dl-cdn.alpinelinux.org\/alpine\/edge\/testing\/"/a echo "http://dl-cdn.alpinelinux.org/alpine/latest-stable/main/" >> /etc/apk/repositories && \\' -i Dockerfile
sudo docker login registry.gitlab.com
sudo docker build -t registry.gitlab.com/<USERNAME>/vpn:$OPENVPN_VERSION .
sudo docker push registry.gitlab.com/<USERNAME>/vpn:$OPENVPN_VERSION
cd ..
# Update the OPENVPN_VERSION in docker compose file
sed "/image/c \ image: registry.gitlab.com/<USERNAME>/vpn:$OPENVPN_VERSION" -i docker-compose.yml
# Rebuild the container to use the new image
sudo docker-compose build --pull --no-cache vpn # Uses an image, build has no effect
sudo docker-compose rm --stop --force vpn
sudo docker-compose up --no-deps -d vpn
sudo docker image prune --force # Delete old images that are are not in use and do not have tags
git commit -a -m "Updated OpenVPN to $OPENVPN_VERSION"
git push
@lisenet : Thanks for the link. Is there any way to use your container to upate a running installation of kylemanna / docker-openvpn ? Otherwise I have to setup up everything and all keys for all devices again
@nextcloudfan simply use the new image and it should "just work". I used the same Docker file but had updated the repo to the stable one.
@lisenet If I get you right I should replace the kylemanna image with your image. I`m using portainer, how do I do this there?
@nextcloudfan not sure TBH as I'm running on Kubernetes. Via Portainer WebUI I presume? How did you deploy the image in the first place?
@lisenet My bad, using portainer WebUI, thats true. But I did deploy the image as described here (didn`t have that in mind, too long ago): https://hub.docker.com/r/kylemanna/openvpn => Quick start
@nextcloudfan the key here is the container is built by an image where all container data is kept in a separate volume. So as long as you did follow the instructions, all your container VPN data is in a storage volume. So if you swap your container image for @lisenet ones, you would have access to the same configuration.
I am not sure how to work with portainer, but conceptually I would:
- Stop your current container (do not delete it!)
- Start the new one with lisenet/openvpn:2.5.7
- Test if everything works as expected
- Remove the old image and continue using @lisenet images
@lisenet as @kylemanna is less active on Github (perhaps not supporting this image anymore), should we have a discussion migrating to a new maintainer?
@nextcloudfan your certs, config and data in general is not stored in the docker image but a separate volume, therefore you should be able to simply change the Docker image.
@lisenet @juriansluiman I will try this the next days, for now I got this when trying to pull new images from docker hub: Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
@nextcloudfan that's Docker Hub, they've been having problems with their service lately:
https://status.docker.com/pages/history/533c6539221ae15e3f000031
@lisenet @ruimarinho : Docker hub is working again. I simply changed the image to lisenet`s in Portainer, redeployed and it is working:) That was simple....
@lisenet : Is there a possibility in your Image to use to different Port ? Right now I´m on 1194 UDP. Had some issues in the past where this port was blocked. My idea is to use 1194 UDP and 443 TCP parallel. But I already hae things running on 44e TCP. I heard about OpenVpn prt forwarding, but did not manage it running with any image.
@nextcloudfan my image uses the same Dockerfile as the original image, with some very minor tweaks to pull the latest stable OpenVPN version. I did not customise it in any way therefore the port remains the same.
I have my container using 1194 UDP but on the outside I port-forward through my load balancer via 443 UDP. E.g.
PUBLIC_IP_OF_THE_LOAD_BALANCER:443 > PRIVATE_IP_OF_THE_CONTAINER_SERVICE:1194
