Using OpenVPN on Cloudron as a client for other VPN services?
-
Hello,
I think I've read enough of the other topics to be sure my question is somewhat unique.I have an account with another VPN service which offers .ovpn downloads to plug into a client. I'd like to use that with OpenVPN on my Cloudron so that my Cloudron IP is "hidden". I don't need to use OpenVPN to connect to my Cloudron.
I think that I've read that OpenVPN can be used as a client as well as a VPN server... I just can't get my head around the details. For example, where do I put the other VPN services .ovpn file, as well as the username and password, so that my Cloudron is using that VPN while connected to the internet?
And assuming I can get the Cloudron OpenVPN to connect to the VPN, how do I determine if all the various apps are using it? Do I need to ssh into each container to check?
Thanks!A life lived in fear is a life half-lived
-
Hello,
I think I've read enough of the other topics to be sure my question is somewhat unique.I have an account with another VPN service which offers .ovpn downloads to plug into a client. I'd like to use that with OpenVPN on my Cloudron so that my Cloudron IP is "hidden". I don't need to use OpenVPN to connect to my Cloudron.
I think that I've read that OpenVPN can be used as a client as well as a VPN server... I just can't get my head around the details. For example, where do I put the other VPN services .ovpn file, as well as the username and password, so that my Cloudron is using that VPN while connected to the internet?
And assuming I can get the Cloudron OpenVPN to connect to the VPN, how do I determine if all the various apps are using it? Do I need to ssh into each container to check?
Thanks! -
@scooke yes, this feature is exactly what was planned for 7.3 but didn't make it. It got moved to next release as a result.
The use case is for things like an rss reader which wants to hide the public IP when fetching the RSS feed.
-
@girish Exactly! Once implemented, will it be Cloudron-wide, or will we need config wizardry to make certain apps use the VPN connection?
@scooke Yes, you can add a VPN connection as Cloudron wide. The apps then get a Network tab where you can go in and select the VPN connection.
The UI is simple but the implementation was quite complex since it involved some docker networking magic.
-
@scooke Yes, you can add a VPN connection as Cloudron wide. The apps then get a Network tab where you can go in and select the VPN connection.
The UI is simple but the implementation was quite complex since it involved some docker networking magic.
-
Would be quite an interesting business case for smaller corp. users tbh - KASM can do something similar with their sidecar VPN service (or docker desktop with integrated VPN as it's now available with the development version). This enables users to use the Kasm frontend (which is basically Guacamole), connect to docker desktop instance and then use a VPN to the desktop to the Final destination (e.g) in a jumpserver setting.
The downside is the ridiculous pricing of Kasm workspaces for commercial customers - 600-1200$ for a rarely used tool is unfeasible for most smaller customers.Cloudron could really be useful as a "rougher but still working solution":
While we have no Docker desktop on Linux, these could easily be hosted elsewhere and are provided by various projects.
BUT people should not keep these desktops publicly available via VNC/RDP - That is where Guacamole cones into play.
One option would be to use Guacamole to point to an internal network "behind" a Cloudron instance in a DMZ. But that is currently not possible as Cloudron basically only supports one network,right?
(See my other topic about this from 2022)The other, imho much easier to achieve, option would be to make Cloudron internal network connection to OpenVPN instances (Portainer is an example of a project than has done similar things) on a container to container base - e.g. letting Guacamole connect to a WG/OpenVPN to then connect to the required external resources.
Even without providing a actual Docker Desktop it would still make it much much easier and safer to provide properly separated infrastructure.
(Besides, in my jumpserver scrnario of course Guacamole alone can act as an direct Jump to the target infrastructure then).Tbh,I currently don't see a way for people to safely use Guacamole on Cloudron in a public environment safely at all.
Offering something in that regard would be an compelling business case, even nore so as Cloudron of course offers a massive "SSO" solution for all the other business needs as well.
@girish We would actually ve willing to sponsor that feature at least partially-Feel free to contact me.
-
Hello people!
I have been searching far and wide for a solution to this exact problem, and I couldn't find anything but this 4 years old discussion about a prototype (https://forum.cloudron.io/topic/3667/openvpn-client-with-poll). Any change you would have an ETA for this feature, or a workaround you could recommend?
