Docker部署OpenVPN
温馨提醒
拉取镜像
| |
配置OpenVPN
创建目录
1mkdir /data/openvpn/conf -pv生成配置文件
生成密钥文件
1 2 3 4 5docker run -v /data/openvpn:/etc/openvpn --rm -it chenji1506/openvpn:2.4.8 ovpn_initpki Enter PEM pass phrase: 123456 # 输入私钥密码 Verifying - Enter PEM pass phrase: 123456 # 重新输入一次密码 Common Name (eg: your user,host,or server name) [Easy-RSA CA]: # 输入一个CA名称。可以不用输入,直接回车 Enter pass phrase for /etc/openvpn/pki/private/ca.key: 123456 # 输入刚才设置的私钥密码,完成后在输入一次生成客户端证书
导出客户端配置
1docker run -v /data/openvpn:/etc/openvpn --rm chenji1506/openvpn:2.4.8 ovpn_getclient chenji > /data/openvpn/conf/chenji.ovpn启动 OpenVPN
1docker run --name openvpn -v /data/openvpn:/etc/openvpn -d -p 1194:1194/udp -p 1194:1194/tcp --cap-add=NET_ADMIN chenji1506/openvpn:2.4.8或者用 docker-compose 启动
vim docker-compose.yml修改分配给内网机器的IP
vim /data/openvpn/openvpn.conf1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30server 192.168.192.0 255.255.192.0 # 修改为要分配的网段 verb 3 key /etc/openvpn/pki/private/35.241.93.54.key ca /etc/openvpn/pki/ca.crt cert /etc/openvpn/pki/issued/35.241.93.54.crt dh /etc/openvpn/pki/dh.pem tls-auth /etc/openvpn/pki/ta.key key-direction 0 keepalive 10 60 persist-key persist-tun proto udp # Rely on Docker to do port mapping, internally always 1194 port 1194 dev tun0 status /tmp/openvpn-status.log user nobody group nogroup comp-lzo no ### Route Configurations Below route 192.168.254.0 255.255.0.0 ### Push Configurations Below push "block-outside-dns" push "dhcp-option DNS 192.168.1.155" # 内网 DNS 地址 push "dhcp-option DNS 192.168.1.156" # 内网 DNS 地址 push "comp-lzo no"vim /data/openvpn/ovpn_env.sh1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25declare -x OVPN_AUTH= declare -x OVPN_CIPHER= declare -x OVPN_CLIENT_TO_CLIENT= declare -x OVPN_CN=35.241.93.54 # 本机公网 IP declare -x OVPN_COMP_LZO=0 declare -x OVPN_DEFROUTE=1 declare -x OVPN_DEVICE=tun declare -x OVPN_DEVICEN=0 declare -x OVPN_DISABLE_PUSH_BLOCK_DNS=0 declare -x OVPN_DNS=1 declare -x OVPN_DNS_SERVERS=([0]="192.168.1.155" [1]="192.168.1.156") # 内网 DNS 地址 declare -x OVPN_ENV=/etc/openvpn/ovpn_env.sh declare -x OVPN_EXTRA_CLIENT_CONFIG=() declare -x OVPN_EXTRA_SERVER_CONFIG=() declare -x OVPN_FRAGMENT= declare -x OVPN_KEEPALIVE='10 60' declare -x OVPN_MTU= declare -x OVPN_NAT=0 declare -x OVPN_PORT=1122 declare -x OVPN_PROTO=udp declare -x OVPN_PUSH=() declare -x OVPN_ROUTES=([0]="192.168.254.0/24") declare -x OVPN_SERVER=192.168.192.0/18 # 修改为要分配的网段 declare -x OVPN_SERVER_URL=udp://35.241.93.54 # 本机公网 IP declare -x OVPN_TLS_CIPHER=
用户管理
新增用户
vim add_user.sh删除用户
vim del_user.sh1 2 3 4 5 6 7#!/bin/bash read -p "Delete username: " DNAME docker run -v /data/openvpn:/etc/openvpn --rm -it chenji1506/openvpn:2.4.8 easyrsa revoke $DNAME docker run -v /data/openvpn:/etc/openvpn --rm -it chenji1506/openvpn:2.4.8 easyrsa gen-crl docker run -v /data/openvpn:/etc/openvpn --rm -it chenji1506/openvpn:2.4.8 rm -f /etc/openvpn/pki/reqs/"DNAME".req docker run -v /data/openvpn:/etc/openvpn --rm -it chenji1506/openvpn:2.4.8 rm -f /etc/openvpn/pki/private/"DNAME".key docker run -v /data/openvpn:/etc/openvpn --rm -it chenji1506/openvpn:2.4.8 rm -f /etc/openvpn/pki/issued/"DNAME".crt