拉取镜像
docker pull kylemanna/openvpn
生成配置
OVPN_DATA="/etc/openvpn"
# 公网IP
IP="xxx.xxx.xxx.xxx"
docker run -v ${OVPN_DATA}:/etc/openvpn --rm \
kylemanna/openvpn ovpn_genconfig -u tcp://${IP}
密钥配置
docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it \
kylemanna/openvpn ovpn_initpki
Enter PEM pass phrase: 输入123456(你是看不见的)
Verifying - Enter PEM pass phrase: 输入123456(你是看不见的)
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:回车一下
Enter pass phrase for /etc/openvpn/pki/private/ca.key:输入123456
启动容器
docker run -v ${OVPN_DATA}:/etc/openvpn \
-d -p 1194:1194 --cap-add=NET_ADMIN --name openvpn \
kylemanna/openvpn
# 上面那个可能报错 mknod: /dev/net/tun: Operation not permitted,可以试试这个
docker run -v ${OVPN_DATA}:/etc/openvpn \
-d -p 1194:1194 --privileged --name openvpn \
kylemanna/openvpn
客户端证书脚本
创建证书
#!/bin/bash
read -p "please your username: " NAME
docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $NAME nopass
docker run -v ${OVPN_DATA}:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $NAME > /opt/openvpn/conf/"$NAME".ovpn
收回证书
#!/bin/bash
read -p "Delete username: " DNAME
docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn easyrsa revoke $DNAME
docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn easyrsa gen-crl
docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn rm -f /etc/openvpn/pki/reqs/"$DNAME".req
docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn rm -f /etc/openvpn/pki/private/"$DNAME".key
docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn rm -f /etc/openvpn/pki/issued/"$DNAME".crt
参考链接
基于 Docker 搭建 OpenVPN 服务器 | 魔の kyo 的工作室 (kyo86.com)
企业内部 openvpn 快速入门搭建 - 知乎 (zhihu.com)
Docker 解决 Operation not permitted 问题_contiguous 的博客-CSDN 博客