关于docker:搭建openvpn

86次阅读

共计 3106 个字符,预计需要花费 8 分钟才能阅读完成。

setting 配置教程

http://blog.joylau.cn/2020/05…

https://community.openvpn.net…

开启 压缩项


compress lz4-v2
push "compress lz4-v2"


max-clients 200

openvpn 只容许 单点登录

批改 配置文件
server.conf

 批改 openVPN 配置文件 server.conf,内容如下

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.16.1.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
duplicate-cn

# duplicate-cn:这是字段就是开启一个证书或账户多人同时 登录。

OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"

Retrieve the client configuration with embedded certificates

OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"

docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient wuhan > wuhan.ovpn

demo2

cat /free_cicdfs0/data/openvpn/openvpn/openvpn.conf

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/119.36.243.58.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/119.36.243.58.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1195
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
route 192.168.254.0 255.255.255.0

### Push Configurations Below
# push "block-outside-dns"
# push "dhcp-option DNS 192.168.99.114"
# push "dhcp-option DNS 114.114.114.114"
# push "dhcp-option DNS 8.8.8.8"
push "comp-lzo no"

duplicate-cn

压缩传输

cat /free_cicdfs0/data/openvpn/openvpn/openvpn.conf

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/119.36.243.58.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/119.36.243.58.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1195
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup

compress lz4-v2
push "compress lz4-v2"

max-clients 200

### Route Configurations Below
route 192.168.254.0 255.255.255.0

push "dhcp-option DNS 192.168.99.114"

duplicate-cn


教程

Pick a name for the $OVPN_DATA data volume container. It’s recommended to use the ovpn-data- prefix to operate seamlessly with the reference systemd service. Users are encourage to replace example with a descriptive name of their choosing.


OVPN_DATA="ovpn-data-example"
OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"

Initialize the $OVPN_DATA container that will hold the configuration files and certificates. The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority.


passwd=free_cicdkit


docker volume create --name $OVPN_DATA

# 119 是 服务器 ip

docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://119.36.243.58

docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

Start OpenVPN server process


docker run -v $OVPN_DATA:/etc/openvpn -d -p 192.168.71.100:1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

Generate a client certificate without a passphrase


docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full wuhan nopass

Retrieve the client configuration with embedded certificates


docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient wuhan > wuhan.ovpn

正文完
 0