当前位置:首页 » 《我的小黑屋》 » 正文

使用docker快速搭建openvpn

17 人参与  2024年05月27日 11:02  分类 : 《我的小黑屋》  评论

点击全文阅读


1 概述

本文用来教大家如何快速使用docker搭建openvpn,话不多说直接进入正题。

2 部署

2.1 环境需求

需要有外网IP。

2.2 步骤。

docker pull kylemanna/openvpn:2.4#生成配置文件#fu服务器公网 公网IPdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_genconfig -u udp://公网IP#生成密钥文件docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpkiinit-pki complete; you may now create a CA or requests.Your newly created PKI dir is: /etc/openvpn/pkiUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Enter New CA Key Passphrase: 12345678Re-Enter New CA Key Passphrase: 12345678Generating RSA private key, 2048 bit long modulus (2 primes)..........................+++++.....................................................................................+++++e is 65537 (0x010001)You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Common Name (eg: your user, host, or server name) [Easy-RSA CA]:WEIHUCA creation complete and you may now import and sign cert requests.Your new CA certificate file for publishing is at:/etc/openvpn/pki/ca.crtUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Generating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long time.....................................................................................................................................+.......................................................................+...................+........................................+......................................................................+......................................................................+..............+........+..............................................................................................................................................................................................+.......................................................+................................................................................................................................................+...........................................+...................................................................+.................................................................................................................................................................................................................................................................................................................................................+..........................................................................................+..........+.......................................................+....................+.......................................................................................................................................................+...........................+.....................................................................................................................................................+.................................................................................+.............+.............................................+..............................................+...................................+.......................................................................+.......................................................................................+..........................+........................................................................+...........................................................................................................+...................................................................................................................................................................................................+................................................................................................................................................................................................................+.....................................................................+................................................................................+......................................+..................................................................................................................+.................................................................+........+.............+................................................................................................................................................................................................................+.....................................................................+......................................................+..............................+.....................................................................+..........................................................................................................................................................................................................................+...........................................+.........................+.................................................................................................................................................+................................................................................................................................+............................................................................................................................................+................................................................................................................................................................................+..........................................................................................+................................................................................+...........................................................+......................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................+.............................................+................................................................................................................................................+.......................+.........................................................+.........................+..............................................................................................+.+.............................+.....................................................................................................................................................+..........+...........................+...+........................................+.....+...................................+...................................................................+.............+...................................+............................................................................................................................................................................................................................................................................................................................................................................................+................................+.................................................................................................................................................................+.............................+................................+..................................................+..............................................................................................................................+......................................................................................++*++*++*++*DH parameters of size 2048 created at /etc/openvpn/pki/dh.pemUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Generating a RSA private key........................+++++........................................................+++++writing new private key to '/etc/openvpn/pki/easy-rsa-72.obdilb/tmp.OkeLiC'-----Using configuration from /etc/openvpn/pki/easy-rsa-72.obdilb/tmp.lAFMAnEnter pass phrase for /etc/openvpn/pki/private/ca.key:Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName            :ASN.1 12:'82.157.165.162'Certificate is to be certified until Sep 17 00:59:32 2024 GMT (825 days)Write out database with 1 new entriesData Base UpdatedUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Using configuration from /etc/openvpn/pki/easy-rsa-147.MolDfl/tmp.faLnEKEnter pass phrase for /etc/openvpn/pki/private/ca.key:12345678An updated CRL has been created.CRL file: /etc/openvpn/pki/crl.pem[root@VM-24-9-centos openvpn]# #生成客户端证书(这里的weihu改成你想要的名字)docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopassUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Generating a RSA private key...+++++....................................................................................+++++writing new private key to '/etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.AjJCaO'-----Using configuration from /etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.LJIhlMEnter pass phrase for /etc/openvpn/pki/private/ca.key: 12345678Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName            :ASN.1 12:'weihu'Certificate is to be certified until Sep 17 01:01:23 2024 GMT (825 days)Write out database with 1 new entriesData Base Updated[root@VM-24-9-centos openvpn]# #导出客户端配置mkdir -p /opt/apps/openvpn/confdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient weihu> /opt/apps/openvpn/conf/weihu.ovpn#启动OpenV服务docker run --name openvpn -v /opt/apps/openvpn:/etc/openvpn -d -p 8000:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn:2.4PS:停止 openvpndocker stop openvpn启动 openvpndocker start openvpn#设置防火墙 (这个先不加也可以用)iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADEiptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADEiptables -t nat -A DOCKER -i docker0 -j RETURNiptables -t nat -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADEipconfig-save#创建用户脚本 user_create.sh#!/bin/bashread -p "please your username: " NAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full $NAME nopassdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient $NAME > /opt/apps/openvpn/conf/"$NAME".ovpn#删除用户脚本 user_del.sh#!/bin/bashread -p "Delete username: " DNAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa revoke $DNAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa gen-crldocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/reqs/"$DNAME".reqdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/private/"$DNAME".keydocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/issued/"$DNAME".crt#需要重启openvpndocker restart openvpn

2.3 参考地址

https://blog.csdn.net/qq_42761569/article/details/106538056

码字不易,请点赞收藏。


点击全文阅读


本文链接:http://zhangshiyu.com/post/114116.html

<< 上一篇 下一篇 >>

  • 评论(0)
  • 赞助本站

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

最新文章

  • 抽卡后,气运之子怎么都缠上来了小说(夏挽棠)(抽卡后,气运之子怎么都缠上来了)全书+后续+结局在线阅读
  • 前传爱意随风消逝续集:全文+番外乔清浅宋轻舟:结局+番外新上热文
  • 宋昭黎陆铭绪(假如从没拥抱你)前文+全本完整阅读预售作品抢先看
  • 终章小说搬空海港!我携军舰嫁军官躺赢了完结篇(温婉历战)已更新+延伸(搬空海港!我携军舰嫁军官躺赢了)清爽版
  • 贵妻在上:废材老公来护航完结篇(贵妻在上:废材老公来护航)章节目录+章节前文(宋锦瑶霍少霆)全章无套路在线
  • 离婚后,前夫一家给我跪下了隐藏剧情_明白双宿双飞江城必读文_小说后续在线阅读_无删减免费完结_
  • 乔芊芊顾宴夜小说(乔芊芊顾宴夜)(踹了渣男后,禁欲大佬为我失控)前传+阅读全新作品预订
  • 假如从没拥抱你小说(宋昭黎陆铭绪)全本完整阅读最新章节(假如从没拥抱你)_笔趣阁
  • 特工医妃,摄政王的腹黑掌上欢前言+后续_苏清叙裴玄褚最新阅读_小说后续在线阅读_无删减免费完结_
  • 热文推荐绑定站姐系统后,我成娱乐巨头了附加(沈霁月沈暨星)(绑定站姐系统后,我成娱乐巨头了)最新章节列表
  • 爱你的事当做秘密惊天黑幕_鹿言裴禹连载_小说后续在线阅读_无删减免费完结_
  • 和前夫穿越后又重生了番外+结局(挽星阙靖安)小说在线阅读

    关于我们 | 我要投稿 | 免责申明

    Copyright © 2020-2022 ZhangShiYu.com Rights Reserved.豫ICP备2022013469号-1