Поднимаем openvpn со статическим ip в docker-compose

openvpn with docker-compose

build docker

Clone repo

mkdir -p /docker-compose
cd /docker-compose
git clone https://gitlab.com/itc-life/openvpn.git
cd openvpn

build

docker-compose build

Init service

mkdir -p configs/openvpn/conf
docker-compose run --rm openvpn ovpn_genconfig -u udp://openvpn.itc-life.ru
docker-compose run --rm openvpn ovpn_initpki nopass

Start service

Configure openvpn — change network and add custom ip for client via add client-config-dir in config

nano configs/openvpn/conf/openvpn.conf
dev tun
verb 3
###tls-setting
#tls-version-min 1.0
#tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
#cipher AES-256-CBC
cipher BF-CBC # Шифровать пакеты заданным алгоритмом
#auth SHA512
key /etc/openvpn/pki/private/openvpn.itc-life.ru.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/openvpn.itc-life.ru.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 120
client-to-client
max-clients 500
client-config-dir ccd
#ifconfig-pool-persist /etc/openvpn/ipp.list
proto udp
port 1194
tun-mtu 1460
mtu-disc yes
mssfix 1420
user nobody
group nogroup
comp-lzo
topology subnet
persist-tun
persist-key
mode server
tls-server
push "topology subnet"
server 10.17.0.0 255.255.252.0
route 10.17.0.0 255.255.252.0
status /tmp/openvpn-status.log

Edit file

configs/openvpn/conf/open_env.sh
declare -x OVPN_AUTH=
declare -x OVPN_CIPHER=
declare -x OVPN_CLIENT_TO_CLIENT=
declare -x OVPN_CN=openvpn.itc-life.ru
declare -x OVPN_COMP_LZO=1
declare -x OVPN_DEFROUTE=0
declare -x OVPN_DEVICE=tun10
declare -x OVPN_DEVICEN=
declare -x OVPN_DISABLE_PUSH_BLOCK_DNS=0
declare -x OVPN_DNS=0
declare -x OVPN_DNS_SERVERS=([0]="8.8.8.8" [1]="8.8.4.4")
declare -x OVPN_ENV=/etc/openvpn/ovpn_env.sh
declare -x OVPN_EXTRA_CLIENT_CONFIG=()
declare -x OVPN_EXTRA_SERVER_CONFIG=()
declare -x OVPN_FRAGMENT=
declare -x EASYRSA_CRL_DAYS='3650'
declare -x OVPN_KEEPALIVE='10 120'
declare -x OVPN_MTU=
declare -x OVPN_NAT=0
declare -x OVPN_PORT=1194
declare -x OVPN_PROTO=udp
declare -x OVPN_PUSH=()
declare -x OVPN_ROUTES=([0]="10.17.0.0/22")
declare -x OVPN_SERVER=10.17.0.0/22
declare -x OVPN_SERVER_URL=udp://openvpn.itc-life.ru
declare -x OVPN_TLS_CIPHER=

I use subnet cal for this porposes on http://www.subnet-calculator.com/subnet.php?net_class=A.

And start up docker

docker-compose up -d openvpn

Generate,delete and list users for openvpn

Gen cert for client

Add staic ip addr

export CLIENTNAME="your_client_name"
docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass
docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
echo 'ifconfig-push 10.17.0.2  255.255.252.0' > configs/openvpn/conf/ccd/$CLIENTNAME

Delete cert

docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove

List users

docker-compose run --rm openvpn ovpn_listclients

Create supervisor for openvpn

Install supervisor

apt-get install supervisor
sudo nano /etc/supervisor/conf.d/vpn.conf
[supervisord]
nodaemon=true
environment=HOME="/usr/bin/"
[program:openvpn]
command=/usr/sbin/openvpn --config  /home/user/user1@itc-life.ru.ovpn
autostart=true
autorestart=true
startretries=3
stderr_logfile=/var/log/openvpn.err
stdout_logfile=/var/log/openvpn.log
[include]
files = /etc/supervisor/conf.d/*.conf

Update supervisor config

suspervisorctl reread && supervisorctl update

Добавить комментарий

Войти с помощью: 

Ваш e-mail не будет опубликован. Обязательные поля помечены *

 

Этот сайт использует Akismet для борьбы со спамом. Узнайте как обрабатываются ваши данные комментариев.