OR博客
使用容器部署OpenVPN服务
苗锦洲
创建于:2023-01-20 21:25:54
更新于:2023-01-20 21:29:38
新疆
1
32
293
0
### 拉取镜像 ```bash docker pull kylemanna/openvpn ``` ### 生成配置 ```bash OVPN_DATA="/etc/openvpn" # 公网IP IP="xxx.xxx.xxx.xxx" docker run -v ${OVPN_DATA}:/etc/openvpn --rm \ kylemanna/openvpn ovpn_genconfig -u tcp://${IP} ``` ### 密钥配置 ```bash docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it \ kylemanna/openvpn ovpn_initpki Enter PEM pass phrase: 输入123456(你是看不见的) Verifying - Enter PEM pass phrase: 输入123456(你是看不见的) Common Name (eg: your user, host, or server name) [Easy-RSA CA]:回车一下 Enter pass phrase for /etc/openvpn/pki/private/ca.key:输入123456 ``` ### 启动容器 ```bash docker run -v ${OVPN_DATA}:/etc/openvpn \ -d -p 1194:1194 --cap-add=NET_ADMIN --name openvpn \ kylemanna/openvpn # 上面那个可能报错 mknod: /dev/net/tun: Operation not permitted,可以试试这个 docker run -v ${OVPN_DATA}:/etc/openvpn \ -d -p 1194:1194 --privileged --name openvpn \ kylemanna/openvpn ``` ### 客户端证书脚本 #### 创建证书 ```bash #!/bin/bash read -p "please your username: " NAME docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $NAME nopass docker run -v ${OVPN_DATA}:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $NAME > /opt/openvpn/conf/"$NAME".ovpn ``` #### 收回证书 ```bash #!/bin/bash read -p "Delete username: " DNAME docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn easyrsa revoke $DNAME docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn easyrsa gen-crl docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn rm -f /etc/openvpn/pki/reqs/"$DNAME".req docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn rm -f /etc/openvpn/pki/private/"$DNAME".key docker run -v ${OVPN_DATA}:/etc/openvpn --rm -it kylemanna/openvpn rm -f /etc/openvpn/pki/issued/"$DNAME".crt ``` ### 参考链接 1. [基于Docker搭建OpenVPN服务器 | 魔のkyo的工作室 (kyo86.com)](http://www.kyo86.com/2022/10/08/openvpn/) 2. [企业内部openvpn快速入门搭建 - 知乎 (zhihu.com)](https://zhuanlan.zhihu.com/p/440346670) 3. [Docker 解决Operation not permitted问题_contiguous的博客-CSDN博客](https://blog.csdn.net/contiguous/article/details/127650480)
评论