Openvpn over tcp

sudowoodo · May 6, 2016, 2:01am

I have been trying to get the openvpn rockon to run on a tcp port, but I have been unsuccessful. I found this comment from kylemanna here that gives instructions on how to change the port.

I want to use openvpn on port 443 to get through access points at hotels and businesses that block all other ports. I can use any port as long as it is tcp because I can use my router to do port forwarding. That way it does not conflict with the management site.

The commands kylemanna provides seem to work without errors. I am able to generate a new config with the right ports, but the docker container still only accepts 1194/udp. Does anyone know how I can get the container to listen on the correct port?

To run on port 443 no special config file hacks are needed, just generate a proper config and user Docker to map the port.

Configure it internally to use TCP:

$ docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u tcp://VPN.SERVERNAME.COM
Tell Docker to map port 443/tcp on the host to port 1194 in the container at runtime:

$ docker run --volumes-from $OVPN_DATA -d -p 443:1194 --privileged kylemanna/openvpn

phillxnet · May 6, 2016, 11:04am

@sudowoodo I don’t think you can use port 443 as it is taken by the https access of Rockstor’s own WebUI.
We do have an open issue custom web-ui port to address this limitation though. That issue in turn links to another forum thread that instigated the issue:-

Linking here for context as you requirement is a use case for this feature.

sudowoodo · May 6, 2016, 12:10pm

@phillxnet if I can set the docker container to listen on port 1194 tcp, I edit the ovpn file that is created to change the port to 443 for the client. I then set port forwarding on my router where external port 443 tcp = 1194 tcp on my rockstor machine.That is my plan at least. I have successfully forwarded udp traffic from port 993 to 1194 on the rockstor machine using this method.

sudowoodo · May 6, 2016, 10:38pm

I have one more piece of information that might help. When I run the following command, it creates a snapshot that I can see in the web ui in the rock-on-root.

docker run --volumes-from openvpn -d -p 1194:1194/tcp --privileged kylemanna/openvpn

When I run docker port openvpn I still get this:

1194/udp -> 0.0.0.0:1194

skeal · December 23, 2016, 9:26am

Was anyone successfull in changing udp to tcp with this rockon? The port itself wouldn’t be the problem but I need tcp…

I tried to create my own tcp-ovpn rockon but my volume wasn’t filled with the config ans sh file of openvpn.
This was my try:

{
“OpenVPNTCP”: {
“containers”: {
“openvpn-tcp”: {
“image”: “kylemanna/openvpn”,
“launch_order”: 2,
“opts”: [
[
"–cap-add=NET_ADMIN",
""
],
[
"–volumes-from",
“ovpn-tcp-data”
]
],
“ports”: {
“1194”: {
“description”: “OpenVPN server listening port. You may need to open it on your firewall.”,
“host_default”: 1194,
“label”: “Server port”,
“protocol”: “tcp”
}
}
},
“ovpn-tcp-data”: {
“image”: “busybox”,
“launch_order”: 1,
“opts”: [
[
"-v",
"/etc/openvpn"
]
]
}
},
“custom_config”: {
“servername”: {
“description”: “Your Rockstor system’s public ip address or FQDN.”,
“label”: “Server address”
}
},
“description”: “Open Source VPN server”,
“icon”: “https://openvpn.net/”,
“more_info”: “

Additional steps are required by this Rock-on.

Run these following commands as therootuser on your Rockstor system, i.e., via a ssh console.

Initialize PKI The OpenVPN Rock-on will not start without it.

/opt/rockstor/bin/ovpn-initpki

Generate a client certificate One for each client

/opt/rockstor/bin/ovpn-client-gen

Retrieve client configuration &nbspFor any one of your clients. The resulting .ovpn file can be used to connect to this OpenVPN server.

/opt/rockstor/bin/ovpn-client-print

Configure firewall

If your Rockstor system is behind a firewall, you will need to configure it to allow OpenVPN traffic to forward to your Rockstor system.

”,
“website”: “https://openvpn.net/”,
“version”: “1.0”
}
}

phillxnet · December 23, 2016, 11:04am

@skeal Hello again.

From a quick look here, my understanding is that the udp component is defined by the docker image used, not the Rock-on wrapper:

https://hub.docker.com/r/kylemanna/openvpn/

If you put a ``` on the line directly before and after your JSON Rockon definition when pasting into the forum then it will be easier for people to check. Also a good web based checker for json compliance is available at:

This will also nicely format the output once you press the “Validate JSON” button.

Hope that helps.

brianmay01 · August 23, 2017, 4:48am

Thank you for your quick reply phillxnet.
Hope this help: JSON Formatter