OpenVPN (server) in Linux containers

From ArchWiki
Revision as of 09:26, 29 December 2016 by Graysky (talk | contribs) (making a server-only page to match the client-only page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This article describes how to setup a Linux Container to run OpenVPN in server mode for secure/private internet use. Doing so offers a distinct advantage over using full-blown virtualization like VirtualBox or QEMU in that the resource overhead is minimal by comparison and able to run on low powered devices.

Container setup

Basic setup and understanding of Linux Containers is required. This article assumes that readers have a base LXC setup and operational. New comers to these are directed to the aforementioned article.

LXC config

The container's config should be modified to include several key sections in order run OpenVPN.

For the example, the lxc is named "playtime" and a full config is shown:

# Template used to create this container: /usr/share/lxc/templates/lxc-archlinux
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

lxc.rootfs = /var/lib/lxc/playtime/rootfs
lxc.utsname = playtime
lxc.arch = x86_64
lxc.include = /usr/share/lxc/config/archlinux.common.conf

## network = veth = br0 = up = eth0

## systemd within the lxc
lxc.autodev = 1
lxc.hook.autodev = /var/lib/lxc/playtime/autodev
lxc.pts = 1024
lxc.kmsg = 0

## mounts
lxc.mount.entry = /var/cache/pacman/pkg var/cache/pacman/pkg none bind 0 0

## for openvpn
lxc.cgroup.devices.allow = c 10:200 rwm
Note: This example requires the use of the autodev hook which calls the corresponding /var/lib/lxc/playtime/autodev script which users need to create and make executable. For the sake of completeness, this script is provided below. Refer to Linux Containers for additional discussion if needed.
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun