OpenVPN - andreydiveev/wiki GitHub Wiki
Panel: https://github.com/kleberbaum/docker-openvpn-web-ui
Server:
apt-get install openvpn ufw
cd /etc/openvpn/ && make-cadir easy-rsa
cd /etc/openvpn/easy-rsa
ln -s openssl-1.0.0.cnf openssl.cnf
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp ca.crt ca.key dh2048.pem server.crt server.key /etc/openvpn
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz >/etc/openvpn/server.conf
sed -i "s/dh dh1024.pem/dh dh2048.pem/g" /etc/openvpn/server.conf
/etc/init.d/openvpn restart
ufw allow 22/tcp
ufw allow 22/udp
ufw allow 1194/tcp
ufw allow 1194/udp
ufw enable
reboot
Client:
apt-get install openvpn
cd /etc/openvpn/
scp server:/etc/openvpn/easy-rsa/keys/client.crt .
scp server:/etc/openvpn/easy-rsa/keys/ca.crt .
scp server:/etc/openvpn/easy-rsa/keys/client.key .
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf .
sed -i "s/my-server-1/vpn.example.com/g" client.conf
reboot
Docker:
version: '2'
services:
mysql:
image: mysql
# option `network_mode` only for using without Rancher
# assign to IP 192.168.42.1, no longer available by FQDN `mysql`
network_mode: service:openvpn
openvpn:
privileged: true
image: mdns/rancher-openvpn
environment:
AUTH_HTTPBASIC_URL: https://api.github.com/user
AUTH_METHOD: httpbasic
CERT_CITY: MOSCOW
CERT_COUNTRY: RU
CERT_EMAIL: [email protected]
CERT_ORG: ACME
CERT_OU: RU
CERT_PROVINCE: RU
OPENVPN_EXTRACONF: push "dhcp-option DOMAIN rancher.internal"
PUSHDNS: 169.254.169.250
PUSHSEARCH: rancher.internal
REMOTE_IP: 123.123.123.123
REMOTE_PORT: '1194'
ROUTE_NETMASK: 255.255.0.0
ROUTE_NETWORK: 10.42.0.0
VPNPOOL_CIDR: '24'
VPNPOOL_NETWORK: 192.168.42.0
stdin_open: true
volumes:
- /opt/data/openvpn:/etc/openvpn
tty: true
ports:
- 1194:1194/tcp
labels:
host: webapp
io.rancher.container.pull_image: always