The hassio-openvpn from theskorm

hassio-openvpn's Introduction

We use this to connect our HASS system to another server in the cloud so we can reverse proxy to HASS.

OpenVPN server config looks like this

dev tun
ifconfig 10.1.0.2 10.1.0.1
secret ha.key
port 1194
comp-lzo
ping 15
ping-restart 45
ping-timer-rem
verb 3

Plugin addon looks like this

{
  "config": "dev tun\nifconfig 10.1.0.2 10.1.0.1\nport 1194\ncomp-lzo\nping 15\nping-restart 45\nping-timer-rem\nremote server.domaname\nverb 3\n",
  "key": "#\n# 2048 bit OpenVPN static key\n#\n-----BEGIN OpenVPN Static key V1-----\n\n-----END OpenVPN Static key V1-----\n"
}

Nginx config is

server {
    server_name servername;
	listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live//fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live//privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
	ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off; # Requires nginx >= 1.5.9
	ssl_stapling on; # Requires nginx >= 1.3.7
	ssl_stapling_verify on; # Requires nginx => 1.3.7
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header Authorization $http_authorization;
	location / {
		proxy_pass http://10.1.0.1:8123;
	}
    location ~ /.well-known {
            allow all;
    }
}

hassio-openvpn's People

Contributors

Stargazers

Watchers

hassio-openvpn's Issues

OpenVPN client?

Can I simply use it with a OpenVPN client config? For me it makes more sense that the Pi runs a client that can connect to centra node (cloud).

Also, I already have a central node running a OpenVPN with easy rsa

renew certification

Do you have trouble renewing your certification? It looks to me that letsencrypt is trying to look for "files" on the https connection, i.e. hassio, and not on the server it's running on.

Invalid response from https://xxxxx.servername.com/.well-known/acme-challenge/longstringofcharacters [IP address of nginx server] 404 File not found

ExpressVPN USERNAME and PASSWORD.

No Longer relevant.

How to implement into hass.io

Hey, I tried to manually add this repository into the hassio addon store but this method didn't work. How else should I install this to get a vpn-connection to work?

Recommend Projects