OpenVPN Client (with poll)
-
Note: I'll continue to work on the container regardless if it integrates into box. I want to, down the line, add new protocols (like WireGuard or whatever comes after). But that's the only thing I plan to contribute aside from porting the container to ARM with the work nebulon's doing on the Rasberry PI 4 / Cloudron rn.
@lonk Yes, please, take your time. Once you have a "standalone" vpn client container (no ui needed even) we can look into integrating it step by step into box code (after Cloudron 6, of course). In fact, a customer reached out asking if this will support cloudflare argo. So, lots of exciting possibilities.
-
@lonk Yes, please, take your time. Once you have a "standalone" vpn client container (no ui needed even) we can look into integrating it step by step into box code (after Cloudron 6, of course). In fact, a customer reached out asking if this will support cloudflare argo. So, lots of exciting possibilities.
@girish Oh, that's definitely going on the wishlist. I'll make one in the next post.
I think it'll be best for me to actively maintain my "standalone" VPN Client app (which it'll be renamed to when it gets more protocols) - so I can continue to work on it as a proof of concept. I'll commit to that repo and tag releases for your reviewal to replace with the internal (akin to
redis) container you use for this.The app already has a full UI (shows VPN Server Connectivity status and a file chooser to connect to a new one and there's also an API endpoing to
POSTa new VPN Server config). User logs in via LDAP, the app grabs a Cloudron token from the API thanks to LDAP, and does therestarting/repairingas needed (really only on a server change - restarting the VPN Client, and rebuilding the app connected to it). -
@girish Oh, that's definitely going on the wishlist. I'll make one in the next post.
I think it'll be best for me to actively maintain my "standalone" VPN Client app (which it'll be renamed to when it gets more protocols) - so I can continue to work on it as a proof of concept. I'll commit to that repo and tag releases for your reviewal to replace with the internal (akin to
redis) container you use for this.The app already has a full UI (shows VPN Server Connectivity status and a file chooser to connect to a new one and there's also an API endpoing to
POSTa new VPN Server config). User logs in via LDAP, the app grabs a Cloudron token from the API thanks to LDAP, and does therestarting/repairingas needed (really only on a server change - restarting the VPN Client, and rebuilding the app connected to it).CURRENT IN 1.0
• Backend interface with full UI and LDAP logging in capability to view the server connected to and change it using a File Chooser for
.ovpnand.conffiles.
•POSTendpoint (it's actually just root), to change the VPN server on-demand from the outside (needs a Cloudron App token).
• Connects to a single other Cloudron app which is chosen right now using a file in the File Manager (there's no UI for this, which is why I'm working with @girish forboxintegration).WISHLIST FOR 2.0
• Add direct integration to
boxworking with @girish in doing so.
• Add WireGuard support as per @imc67 suggestion.
• Add Algo support (https://github.com/trailofbits/algo) which is a combination of an IPSEC VPN and IKEv2 -
CURRENT IN 1.0
• Backend interface with full UI and LDAP logging in capability to view the server connected to and change it using a File Chooser for
.ovpnand.conffiles.
•POSTendpoint (it's actually just root), to change the VPN server on-demand from the outside (needs a Cloudron App token).
• Connects to a single other Cloudron app which is chosen right now using a file in the File Manager (there's no UI for this, which is why I'm working with @girish forboxintegration).WISHLIST FOR 2.0
• Add direct integration to
boxworking with @girish in doing so.
• Add WireGuard support as per @imc67 suggestion.
• Add Algo support (https://github.com/trailofbits/algo) which is a combination of an IPSEC VPN and IKEv2 -
@drpaneas It's still working for me in Cloudron v5.6.3 (current version is 6.0.1), and I'm waiting for @girish to release 6.1 which I believe is happening near the end of this month. I'll port the code over to the latest version of Cloudron's
boxcode. @girish and I will discuss how we want the end user to see / use it.I'm partial to Girish's plan of integrating the OpenVPN Client Container directly withinboxin the same way therediscontainer is - so we can upload an.ovpnfile inside of an app's setting and it'll automagically spin up an OpenVPN Client Connector and hook into the app so that all traffic goes through it until you disable it within the Cloudron's App Settings.Though, I don't know if Girish has changed his mind about integrating it in that way, but I do believe that's the best UX for this feature. And depending on Girish's time to discuss this post-6.1, I could see us adding this before the next update of Cloudron.
-
-
@drpaneas I also noticed you requested access to the OpenVPN Client Gitlab code, I actually still have it hosted in Github. But I'd be happy to give you access when I port it over to Gitlab. What's your use case for this, and are you also a developer?
@lonk said in OpenVPN Client (with poll):
@drpaneas I also noticed you requested access to the OpenVPN Client Gitlab code, I actually still have it hosted in Github. But I'd be happy to give you access when I port it over to Gitlab. What's your use case for this, and are you also a developer?
Hi @lonk, the link to github would be more than enough -- no need for extra access to gitlab
You can read about my use-case here
I am new to cloudron, just installed it yesterday
-
Hey @girish, I'll be ready to start full time working on integrating this into Cloudron V6.1 in two weeks. I'll probably send you a couple DMs about how you'd like to implement this. I am personally in favor of doing this in the way you described within this thread integrating this as a Cloudron
service. It would work very similar to the way you've introducedredis(and I can explain the technical reason why that's needed in DMs) except thevpn-clientservice wouldn't be running 24/7 likeredisgiven it's an on-demand setting per app. -
Hey @girish, I'll be ready to start full time working on integrating this into Cloudron V6.1 in two weeks. I'll probably send you a couple DMs about how you'd like to implement this. I am personally in favor of doing this in the way you described within this thread integrating this as a Cloudron
service. It would work very similar to the way you've introducedredis(and I can explain the technical reason why that's needed in DMs) except thevpn-clientservice wouldn't be running 24/7 likeredisgiven it's an on-demand setting per app. -
@lonk sounds great! If you can push out the OpenVPN client at some point, I think I can help in coding the box side as well.
@girish said in OpenVPN Client (with poll):
@lonk sounds great! If you can push out the OpenVPN client at some point, I think I can help in coding the box side as well.
I'll try to push the client before the end of this month and I'll do a technical write up when I do so so that you'll have a reference point for how the VPN Client container needs to interact with the
boxto achieve its functionality.
️ -
I could really really use this.
If u couple this with an ability to divert searx traffic to the VPN this would be a huge benefit towards at least partial anonymous searching. -
G ganyuss referenced this topic on
