welotec/vpncc
The Welotec VPN Container Client (VPN-CC) is a hardware independent software container. In combination with our Welotec VPN Security Suite the VPN-CC provides secure connections for distributed VPN infrastructures. This enables secure E2E-connectivity with devices and machines in the field. The rollout can be done via cloud, Docker Swarm or Kubernets.
VPN Container Client is released as docker container. System should have following application installed:
Docker Engine - minimum version 19.03.8
Installation procedures for those applications can be found at:
https://docs.docker.com/engine/install/
Create Volume
To create a new docker volume, you could use this command:
docker volume create vpncontainerclient-volume-filestorage
Run VPN-CC
You could use the following example command to start the VPN-CC
docker run -d --restart always \
-e INITIAL_NAME="VPN Container Client" \
-e VSS_ADDRESS=https://smartems.com \
-e VSS_API_USER=vpncontainerclient \
-e VSS_API_KEY=123456 \
-e VSS_LOG_LEVEL=info \
-e VSS_SEND_LOG_LEVEL=info \
-e VSS_CONTACT_INTERVAL=300 \
-e VSS_SEND_LOGS_INTERVAL=120 \
-e VSS_VERIFY_SSL_CERTIFICATE="True" \
-v vpncontainerclient-volume-filestorage:/filestorage \
-v /proc/sys/net/ipv4/ip_forward:/ip_forward \
--device /dev/net/tun:/dev/net/tun \
--network host \
--cap-add NET_ADMIN \
--name vpncontainerclient \
welotec/vpncc:1.3.0
Variable | Discribtion |
---|---|
INITIAL_NAME | By default this variable is commented out. In that case VPN Container Client will use the system hostname as an initial name. You can uncomment it and define it depending on your needs |
VSS_ADDRESS | Address to Welotec VPN Security Suite application |
VSS_API_USER | VPN Container Client API User (defined in Welotec VPN Security Suite application) |
VSS_API_KEY | VPN Container Client API Password (defined in Welotec VPN Security Suite application) |
VSS_LOG_LEVEL | Lowest log level of messages shown on the docker logs. Available options are: debug, info, error |
VSS_SEND_LOG_LEVEL | Lowest log level of messages sent to Welotec VPN Security Suite application. Available options are: debug, info, error |
VSS_CONTACT_INTERVAL | How often VPN Container Client should contact Welotec VPN Security Suite application (i.e. to get new configuration). Value is defined in seconds |
VSS_SEND_LOGS_INTERVAL | How often VPN Container Client should send logs to Welotec VPN Security Suite application. Value is defined in seconds |
VSS_VERIFY_SSL_CERTIFICATE | Enables SSL certifictate verification of VPN Security Suite. Set to "False" to disable. |
VSS_ENDPOINT_PREFIX | Define the API endpoint the VPN Container Client will use. By default /api/vpncontainerclient is used. |
-v “<volume name:/filestorage>” | Has to have same name of volume as one created before. |
--name container name | Sets container name it might be useful if multiple containers are started on same host |
-d --restart always | Restart container if it stops |
Explanation:
-e parameter sets environmental variables
docker-compose VPN-CC
To start, a Docker-Compose file (.yml) docker-compose is required. This can be started with docker-compose -f vpncc-compose.yml up -d
version: "2.1"
services:
vpncontainerclient-1.3.0:
image: welotec/vpncc:1.3.0
container_name: vpncc
network_mode: host
restart: unless-stopped
environment:
#INITIAL_NAME: "VPN Container Client" #Please fill in initial instance name, or leave blank to use system hostname
VSS_ADDRESS: https://SMART-EMS IP # Please fill in smartems instance address
#VSS_ENDPOINT_PREFIX /api/edgegatewayvcc # Please fill in the API endpoint the VPN Container Client will use. By default /api/vpncontainerclient is used.
VSS_API_USER: connector #Please fill in VPN Container Client API user
VSS_API_KEY: 123456 #Please fill in VPN Container Client API password
VSS_LOG_LEVEL: debug #Lowest log level of messages shown on the docker logs, available options: debug, info, error
VSS_SEND_LOG_LEVEL: info #Lowest log level of messages sent to Smart EMS, available options: debug, info, error
VSS_CONTACT_INTERVAL: 300 #Interval of contact to Smart EMS (to check for configuration change), value is in seconds
VSS_SEND_LOGS_INTERVAL: 120 #Interval of sending logs to Smart EMS, value is in seconds
DISABLE_IPTABLES_PURGE: "false" #Disabling might solve docker other containers issue
#In some OS adding iptables rules in container makes docker masquarading rules overriten
IPTABLES_MASQ_TYPE: "disabled" # Available options: "disabled", "enabled", "iface", "networks"
# if above is enabled, network from docker0 interface will be used for masquerading, if iface is choosen network from IPTABLES_MASQ_IFACE interface will be used for masquerading, if networks is choosen - networks from IPTABLES_MASQ_NETWORKS will be used for masquerading
#IPTABLES_MASQ_IFACE: "docker1" # Available after choosing "iface" option above,
#IPTABLES_MASQ_NETWORKS: "172.17.0.0/16 172.99.3.0/24" # Available after choosing "networks" option above this parameter if filled adds those rules e.g. "172.17.0.0/16 172.99.3.0/24", or leave empty to disable
VSS_VERIFY_SSL_CERTIFICATE: "True" #Enables SSL certifictate verification of VPN Security Suite. Set to "False" to disable.
# If incorrect options are set we should stop container
cap_add:
- NET_ADMIN
volumes:
- /proc/sys/net/ipv4/ip_forward:/ip_forward
- "filestorage:/filestorage"
devices:
- /dev/net/tun:/dev/net/tun
volumes:
# Volume for storing files e.g. uuid
filestorage:
name: vpncontainerclient-volume-filestorage
You could check if VPN-CC is running correctly by take a look inside of the docker logs.docker logs -f vpncontainerclient
With our software solution Welotec VPN Security Suite users benefit from a fully automated VPN infrastructure enabling connectivity and secure access to devices like HMI, PLC, IPC and machines in the field. It comes with an easy deployment, brings flexibility in case of applications and ads an additional security layer to the network infrastructure. The advantages at a glance:
Learn more about our solution here: https://www.welotec.com/product/welotec-vpn-security-suite/
In case on interest, please get in touch: https://www.welotec.com/contact/
As a service provider we are responsible according to § 7 Abs.1 TMG for our own contents on these pages according to the general laws. According to §§ 8 to 10 TMG, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information in accordance with general laws remain unaffected by this. However, liability in this respect is only possible from the time of knowledge of a concrete violation of the law. As soon as we become aware of such infringements, we will remove the content immediately.
Liability for links
Our offer contains links to external websites of third parties on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal infringements at the time of linking. Illegal contents were not recognisable at the time of linking.
A permanent control of the contents of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements, we will remove such links immediately.
Copyright
The contents and works on these pages created by the site operators are subject to German copyright law. Duplication, processing, distribution and any form of commercialization of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of these pages are only permitted for private, non-commercial use.
Insofar as the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, contents of third parties are marked as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. As soon as we become aware of any infringements, we will remove such content immediately.
docker pull welotec/vpncc