Post-Install Tasks for OpenVPN AS Under Docker

Additional configuration steps for a successful OpenVPN AS install under Docker
September 2, 2016
docker openvpn vpn

Things To Do After Installing OpenVPN-AS Under Docker

Authentication

General

Under Authentication/General change authentication type from PAM to Local

User Management

User Permissions

  1. Create a new admin user account with a strong password. (You’ll have to create the user first and then select ‘Show’ to access the screen with the password)
  2. Update the running server
  3. Log out and back in as the new admin user
  4. Delete the openvpn user
  5. Check ‘Require user permissions record for VPN access’
  6. Create additional accounts as needed (such as for your turtle)

Server Network Settings

VPN Server

  1. Change the hostname to reflect your public DNS name
  2. Change the Protocol to UDP only
  3. If you’re running under a UDP port other than 1194, change this here

VPN Settings

Routing

  1. Select ‘No’ for if VPN clients should have access to non-public networks on the server side.
  2. Select ‘No’ for if Internet traffic should be routed through the VPN

Advanced VPN

Multiple Sessions Per User

I turn this off, because I’m not in a scenario where I need multiple simultaneous sessions. YMMV.

Web Server

If you have a real certificate, upload it here. If you don’t, I still suggest that you generate your own self-signed certificate for the hostname that you’ve chosen to use on your AS container.

Upload the cert, key, and ca bundle, and click Validate to make sure it’s all good. If so, click Save. If not, click Revert and sort it out.

Client Settings

Depending on your level of fascism, you might want to limit web server access to AS admins. If you’re only using this for yourself, or for your turtles, it might be okay to leave this unchecked. If someone were to compromise a turtle, they’ll probably also be savvy enough to figure out how to get at the client API via REST…so it may not matter.

Failover

We’re running under Docker, so this isn’t going to work.

User Permissions

I’ve removed the default VPN access user (openvpn) and added an admin account for myself. If you’re setting this up for your turtle, you’ll also want to add that account now. For the turtle you’ll also need to:

  1. Provide a strong password
  2. Select Yes for “Configure VPN Gateway”
  3. Enter the netblock behind the turtle in CIDR notation
  4. Select ‘Allow Auto-login’
  5. Save and update the running server

Revoke Certificates

If you deleted the openvpn user above (and you should have), revoke that user’s certificates here.

CLI Changes