Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


OpenVPN

48 Topics 349 Posts
  • OpenVPN - Package Updates

    Pinned
    20
    0 Votes
    20 Posts
    609 Views

    [1.18.0]

    Update base image to 4.2.0
  • 0 Votes
    9 Posts
    351 Views

    Would be quite an interesting business case for smaller corp. users tbh - KASM can do something similar with their sidecar VPN service (or docker desktop with integrated VPN as it's now available with the development version). This enables users to use the Kasm frontend (which is basically Guacamole), connect to docker desktop instance and then use a VPN to the desktop to the Final destination (e.g) in a jumpserver setting.
    The downside is the ridiculous pricing of Kasm workspaces for commercial customers - 600-1200$ for a rarely used tool is unfeasible for most smaller customers.

    Cloudron could really be useful as a "rougher but still working solution":
    While we have no Docker desktop on Linux, these could easily be hosted elsewhere and are provided by various projects.
    BUT people should not keep these desktops publicly available via VNC/RDP - That is where Guacamole cones into play.
    One option would be to use Guacamole to point to an internal network "behind" a Cloudron instance in a DMZ. But that is currently not possible as Cloudron basically only supports one network,right?
    (See my other topic about this from 2022)

    The other, imho much easier to achieve, option would be to make Cloudron internal network connection to OpenVPN instances (Portainer is an example of a project than has done similar things) on a container to container base - e.g. letting Guacamole connect to a WG/OpenVPN to then connect to the required external resources.
    Even without providing a actual Docker Desktop it would still make it much much easier and safer to provide properly separated infrastructure.
    (Besides, in my jumpserver scrnario of course Guacamole alone can act as an direct Jump to the target infrastructure then).

    Tbh,I currently don't see a way for people to safely use Guacamole on Cloudron in a public environment safely at all.

    Offering something in that regard would be an compelling business case, even nore so as Cloudron of course offers a massive "SSO" solution for all the other business needs as well.

    @girish We would actually ve willing to sponsor that feature at least partially-Feel free to contact me.

  • 0 Votes
    7 Posts
    64 Views

    @santabroo I haven't tested but I think if you add duplicate-cn directive in /app/data/openvpn.conf and restart the app, it will support multiple connections on one certificate.

  • OpenVPN login with password

    2
    1 Votes
    2 Posts
    51 Views

    You have to use the ovpn file to connect.

  • OpenVPN with AdGuard ?

    4
    1 Votes
    4 Posts
    75 Views

    I tried following setup and it works:

    Install AdGuard Home Install VPN app in same cloudron In VPN app, set DNS to public IP of cloudron (where AdGuard is installed). Connected from linux

    I can see all DNS requests are going via AdGuard. I can see that in systemctl status systemd-resolved the DNS of tun0 is set correctly.

  • OpenVPN Limitations ?

    6
    1 Votes
    6 Posts
    61 Views

    Ah, I see why. You are referring to OpenVPN AS maybe - https://openvpn.net/vpn-server-resources/limitations-of-an-unlicensed-openvpn-access-server/ ?

    @santabroo the OpenVPN app on Cloudron is completely different from OpenVPN AS. The OpenVPN UI was initially written by @mehdi, further developed now by the Cloudron team and not feature compatible or comparable with OpenVPN AS.

  • OpenVPN chain multiple servers

    2
    1 Votes
    2 Posts
    36 Views

    @santabroo No. VPNs are point-to-point.

    What you may be wanting is a Tailscale/Headscale type solution that is a VPN mesh concept (not-point to-point).

  • Built-in DNS Server - Not resolving connected clients

    Solved
    2
    1 Votes
    2 Posts
    108 Views

    I continued debugging the issue and fortunately, I finally found the root cause and solution. Turns out the Ubuntu client wasn't updating the DHCP settings automatically, so I added the following lines to the ovpn file:

    up /etc/openvpn/update-systemd-resolved down /etc/openvpn/update-systemd-resolved

    And also installed the following dependencies:

    sudo apt install resolvconf openvpn-systemd-resolved

    With that, I was able to solve the issue and now all the clients are resolving automatically.

  • OpenVPN app and privacy

    Moved
    4
    3 Votes
    4 Posts
    679 Views

    @girish That's excellent news indeed!

  • OpenVPN with IPv4 and IPv6

    Solved
    9
    0 Votes
    9 Posts
    650 Views

    @archos Do what most other sensible IT Pros do: Disable IPv6 for as long as possible 😉

  • Purpose of OpenVPN

    Moved
    7
    3 Votes
    7 Posts
    202 Views

    I would be fantastic to integrate other apps to "require Cloudron VPN connection" in order to access them. It would solve many of our problems.

  • Not able to make user openvpn admin

    Moved Solved
    4
    0 Votes
    4 Posts
    74 Views

    This seems to have resolved the issue. Many thanks 🙂

  • Throttling

    7
    0 Votes
    7 Posts
    115 Views

    I can see 3,4 being generally useful to have. 1,2 are for service providers.

    Happy to accept any PRs at https://git.cloudron.io/cloudron/openvpn-app . This has the complete app along with the UI.

  • Separate IP addresses for OpenVPN

    Unsolved
    6
    0 Votes
    6 Posts
    177 Views

    @jayonrails yes , use the Directory integration. First, enable LDAP server in the first one - https://docs.cloudron.io/user-management/#directory-server .

    Then, use it in the second one - https://docs.cloudron.io/user-management/#cloudron

  • Log location?

    2
    0 Votes
    2 Posts
    57 Views

    @RazielKanos they should be in log viewer (atleast whatever openvpn writes out). Maybe you can turn up the log level for more output.

  • OpenVPN DNS leaks?

    7
    0 Votes
    7 Posts
    386 Views

    Maybe @mehdi has some ideas here since he wrote the initial app.

    If I understand correctly, you are trying to put the OpenVPN certs into openwrt and this somehow leaks DNS. How are you testing this?

  • 2FA in OpenVPN App

    6
    1 Votes
    6 Posts
    178 Views

    @girish Yes true, 2FA in OpenVPN connect is good to have. Importantly we need 2FA in FrontEnd is necessary as that one secured by password very likely user will reuse same password in all places or can provide very weak password.

    So for now if you could enable 2FA in frontend that would be very helpful.

  • Missing logo.png

    Solved
    3
    0 Votes
    3 Posts
    46 Views

    Fixed with latest package version now.

  • 0 Votes
    4 Posts
    156 Views

    Thx a lot, I can try it but is there any way someone can create a package? Not for free for sure..

  • password

    Solved
    9
    0 Votes
    9 Posts
    264 Views

    @girish, good day. sorry, should have said, fixed. i was using the same subdomain name as before the reinstall and for whatever reason that stopped everything from working.