使用docker快速搭建openvpn
1 概述本文用来教大家怎样快速使用docker搭建openvpn,话不多说直接进入正题。
2 摆设
2.1 情况需求
需要有外网IP。
2.2 步骤。
docker pull kylemanna/openvpn:2.4
#生成配置文件
#fu服务器公网 公网IP
docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_genconfig -u udp://公网IP
#生成密钥文件
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki
# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki
Using SSL: openssl OpenSSL 1.1.1g21 Apr 2020
Enter New CA Key Passphrase: 12345678
Re-Enter New CA Key Passphrase: 12345678
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................+++++
.....................................................................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) :WEIHU
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt
Using SSL: openssl OpenSSL 1.1.1g21 Apr 2020
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....................................................................................................................................+.......................................................................+...................+........................................+......................................................................+......................................................................+..............+........+..............................................................................................................................................................................................+.......................................................+................................................................................................................................................+...........................................+...................................................................+.................................................................................................................................................................................................................................................................................................................................................+..........................................................................................+..........+.......................................................+....................+.......................................................................................................................................................+...........................+.....................................................................................................................................................+.................................................................................+.............+.............................................+..............................................+...................................+.......................................................................+.......................................................................................+..........................+........................................................................+...........................................................................................................+...................................................................................................................................................................................................+................................................................................................................................................................................................................+.....................................................................+................................................................................+......................................+..................................................................................................................+.................................................................+........+.............+................................................................................................................................................................................................................+.....................................................................+......................................................+..............................+.....................................................................+..........................................................................................................................................................................................................................+...........................................+.........................+.................................................................................................................................................+................................................................................................................................+............................................................................................................................................+................................................................................................................................................................................+..........................................................................................+................................................................................+...........................................................+......................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................+.............................................+................................................................................................................................................+.......................+.........................................................+.........................+..............................................................................................+.+.............................+.....................................................................................................................................................+..........+...........................+...+........................................+.....+...................................+...................................................................+.............+...................................+............................................................................................................................................................................................................................................................................................................................................................................................+................................+.................................................................................................................................................................+.............................+................................+..................................................+..............................................................................................................................+......................................................................................++*++*++*++*
DH parameters of size 2048 created at /etc/openvpn/pki/dh.pem
Using SSL: openssl OpenSSL 1.1.1g21 Apr 2020
Generating a RSA private key
........................+++++
........................................................+++++
writing new private key to '/etc/openvpn/pki/easy-rsa-72.obdilb/tmp.OkeLiC'
-----
Using configuration from /etc/openvpn/pki/easy-rsa-72.obdilb/tmp.lAFMAn
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'82.157.165.162'
Certificate is to be certified until Sep 17 00:59:32 2024 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
Using SSL: openssl OpenSSL 1.1.1g21 Apr 2020
Using configuration from /etc/openvpn/pki/easy-rsa-147.MolDfl/tmp.faLnEK
Enter pass phrase for /etc/openvpn/pki/private/ca.key:12345678
An updated CRL has been created.
CRL file: /etc/openvpn/pki/crl.pem
#
#生成客户端证书(这里的weihu改成你想要的名字)
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass
# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass
Using SSL: openssl OpenSSL 1.1.1g21 Apr 2020
Generating a RSA private key
...+++++
....................................................................................+++++
writing new private key to '/etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.AjJCaO'
-----
Using configuration from /etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.LJIhlM
Enter pass phrase for /etc/openvpn/pki/private/ca.key: 12345678
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'weihu'
Certificate is to be certified until Sep 17 01:01:23 2024 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
#
#导出客户端配置
mkdir -p /opt/apps/openvpn/conf
docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient weihu> /opt/apps/openvpn/conf/weihu.ovpn
#启动OpenV服务
docker run --name openvpn -v /opt/apps/openvpn:/etc/openvpn -d -p 8000:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn:2.4
PS:
停止 openvpn
docker stop openvpn
启动 openvpn
docker start openvpn
#设置防火墙 (这个先不加也可以用)
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE
iptables -t nat -A DOCKER -i docker0 -j RETURN
iptables -t nat -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194
iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE
ipconfig-save
#创建用户脚本 user_create.sh
#!/bin/bash
read -p "please your username: " NAME
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full $NAME nopass
docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient $NAME > /opt/apps/openvpn/conf/"$NAME".ovpn
#删除用户脚本 user_del.sh
#!/bin/bash
read -p "Delete username: " DNAME
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa revoke $DNAME
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa gen-crl
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/reqs/"$DNAME".req
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/private/"$DNAME".key
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/issued/"$DNAME".crt
#需要重启openvpn
docker restart openvpn
2.3 参考地址
https://blog.csdn.net/qq_42761569/article/details/106538056
码字不易,请点赞收藏。
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]