当前位置:首页 » 《我的小黑屋》 » 正文

使用docker快速搭建openvpn

22 人参与  2024年05月27日 11:02  分类 : 《我的小黑屋》  评论

点击全文阅读


1 概述

本文用来教大家如何快速使用docker搭建openvpn,话不多说直接进入正题。

2 部署

2.1 环境需求

需要有外网IP。

2.2 步骤。

docker pull kylemanna/openvpn:2.4#生成配置文件#fu服务器公网 公网IPdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_genconfig -u udp://公网IP#生成密钥文件docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpkiinit-pki complete; you may now create a CA or requests.Your newly created PKI dir is: /etc/openvpn/pkiUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Enter New CA Key Passphrase: 12345678Re-Enter New CA Key Passphrase: 12345678Generating RSA private key, 2048 bit long modulus (2 primes)..........................+++++.....................................................................................+++++e is 65537 (0x010001)You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Common Name (eg: your user, host, or server name) [Easy-RSA CA]:WEIHUCA creation complete and you may now import and sign cert requests.Your new CA certificate file for publishing is at:/etc/openvpn/pki/ca.crtUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Generating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long time.....................................................................................................................................+.......................................................................+...................+........................................+......................................................................+......................................................................+..............+........+..............................................................................................................................................................................................+.......................................................+................................................................................................................................................+...........................................+...................................................................+.................................................................................................................................................................................................................................................................................................................................................+..........................................................................................+..........+.......................................................+....................+.......................................................................................................................................................+...........................+.....................................................................................................................................................+.................................................................................+.............+.............................................+..............................................+...................................+.......................................................................+.......................................................................................+..........................+........................................................................+...........................................................................................................+...................................................................................................................................................................................................+................................................................................................................................................................................................................+.....................................................................+................................................................................+......................................+..................................................................................................................+.................................................................+........+.............+................................................................................................................................................................................................................+.....................................................................+......................................................+..............................+.....................................................................+..........................................................................................................................................................................................................................+...........................................+.........................+.................................................................................................................................................+................................................................................................................................+............................................................................................................................................+................................................................................................................................................................................+..........................................................................................+................................................................................+...........................................................+......................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................+.............................................+................................................................................................................................................+.......................+.........................................................+.........................+..............................................................................................+.+.............................+.....................................................................................................................................................+..........+...........................+...+........................................+.....+...................................+...................................................................+.............+...................................+............................................................................................................................................................................................................................................................................................................................................................................................+................................+.................................................................................................................................................................+.............................+................................+..................................................+..............................................................................................................................+......................................................................................++*++*++*++*DH parameters of size 2048 created at /etc/openvpn/pki/dh.pemUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Generating a RSA private key........................+++++........................................................+++++writing new private key to '/etc/openvpn/pki/easy-rsa-72.obdilb/tmp.OkeLiC'-----Using configuration from /etc/openvpn/pki/easy-rsa-72.obdilb/tmp.lAFMAnEnter pass phrase for /etc/openvpn/pki/private/ca.key:Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName            :ASN.1 12:'82.157.165.162'Certificate is to be certified until Sep 17 00:59:32 2024 GMT (825 days)Write out database with 1 new entriesData Base UpdatedUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Using configuration from /etc/openvpn/pki/easy-rsa-147.MolDfl/tmp.faLnEKEnter pass phrase for /etc/openvpn/pki/private/ca.key:12345678An updated CRL has been created.CRL file: /etc/openvpn/pki/crl.pem[root@VM-24-9-centos openvpn]# #生成客户端证书(这里的weihu改成你想要的名字)docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopassUsing SSL: openssl OpenSSL 1.1.1g  21 Apr 2020Generating a RSA private key...+++++....................................................................................+++++writing new private key to '/etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.AjJCaO'-----Using configuration from /etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.LJIhlMEnter pass phrase for /etc/openvpn/pki/private/ca.key: 12345678Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName            :ASN.1 12:'weihu'Certificate is to be certified until Sep 17 01:01:23 2024 GMT (825 days)Write out database with 1 new entriesData Base Updated[root@VM-24-9-centos openvpn]# #导出客户端配置mkdir -p /opt/apps/openvpn/confdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient weihu> /opt/apps/openvpn/conf/weihu.ovpn#启动OpenV服务docker run --name openvpn -v /opt/apps/openvpn:/etc/openvpn -d -p 8000:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn:2.4PS:停止 openvpndocker stop openvpn启动 openvpndocker start openvpn#设置防火墙 (这个先不加也可以用)iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADEiptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADEiptables -t nat -A DOCKER -i docker0 -j RETURNiptables -t nat -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADEipconfig-save#创建用户脚本 user_create.sh#!/bin/bashread -p "please your username: " NAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full $NAME nopassdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient $NAME > /opt/apps/openvpn/conf/"$NAME".ovpn#删除用户脚本 user_del.sh#!/bin/bashread -p "Delete username: " DNAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa revoke $DNAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa gen-crldocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/reqs/"$DNAME".reqdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/private/"$DNAME".keydocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/issued/"$DNAME".crt#需要重启openvpndocker restart openvpn

2.3 参考地址

https://blog.csdn.net/qq_42761569/article/details/106538056

码字不易,请点赞收藏。


点击全文阅读


本文链接:http://zhangshiyu.com/post/114116.html

<< 上一篇 下一篇 >>

  • 评论(0)
  • 赞助本站

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

关于我们 | 我要投稿 | 免责申明

Copyright © 2020-2022 ZhangShiYu.com Rights Reserved.豫ICP备2022013469号-1