1 概述
本文用来教大家如何快速使用docker搭建openvpn,话不多说直接进入正题。
2 部署
2.1 环境需求
需要有外网IP。
2.2 步骤。
docker pull kylemanna/openvpn:2.4#生成配置文件#fu服务器公网 公网IPdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_genconfig -u udp://公网IP#生成密钥文件docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpkiinit-pki complete; you may now create a CA or requests.Your newly created PKI dir is: /etc/openvpn/pkiUsing SSL: openssl OpenSSL 1.1.1g 21 Apr 2020Enter New CA Key Passphrase: 12345678Re-Enter New CA Key Passphrase: 12345678Generating RSA private key, 2048 bit long modulus (2 primes)..........................+++++.....................................................................................+++++e is 65537 (0x010001)You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Common Name (eg: your user, host, or server name) [Easy-RSA CA]:WEIHUCA creation complete and you may now import and sign cert requests.Your new CA certificate file for publishing is at:/etc/openvpn/pki/ca.crtUsing SSL: openssl OpenSSL 1.1.1g 21 Apr 2020Generating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long time.....................................................................................................................................+.......................................................................+...................+........................................+......................................................................+......................................................................+..............+........+..............................................................................................................................................................................................+.......................................................+................................................................................................................................................+...........................................+...................................................................+.................................................................................................................................................................................................................................................................................................................................................+..........................................................................................+..........+.......................................................+....................+.......................................................................................................................................................+...........................+.....................................................................................................................................................+.................................................................................+.............+.............................................+..............................................+...................................+.......................................................................+.......................................................................................+..........................+........................................................................+...........................................................................................................+...................................................................................................................................................................................................+................................................................................................................................................................................................................+.....................................................................+................................................................................+......................................+..................................................................................................................+.................................................................+........+.............+................................................................................................................................................................................................................+.....................................................................+......................................................+..............................+.....................................................................+..........................................................................................................................................................................................................................+...........................................+.........................+.................................................................................................................................................+................................................................................................................................+............................................................................................................................................+................................................................................................................................................................................+..........................................................................................+................................................................................+...........................................................+......................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................+.............................................+................................................................................................................................................+.......................+.........................................................+.........................+..............................................................................................+.+.............................+.....................................................................................................................................................+..........+...........................+...+........................................+.....+...................................+...................................................................+.............+...................................+............................................................................................................................................................................................................................................................................................................................................................................................+................................+.................................................................................................................................................................+.............................+................................+..................................................+..............................................................................................................................+......................................................................................++*++*++*++*DH parameters of size 2048 created at /etc/openvpn/pki/dh.pemUsing SSL: openssl OpenSSL 1.1.1g 21 Apr 2020Generating a RSA private key........................+++++........................................................+++++writing new private key to '/etc/openvpn/pki/easy-rsa-72.obdilb/tmp.OkeLiC'-----Using configuration from /etc/openvpn/pki/easy-rsa-72.obdilb/tmp.lAFMAnEnter pass phrase for /etc/openvpn/pki/private/ca.key:Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName :ASN.1 12:'82.157.165.162'Certificate is to be certified until Sep 17 00:59:32 2024 GMT (825 days)Write out database with 1 new entriesData Base UpdatedUsing SSL: openssl OpenSSL 1.1.1g 21 Apr 2020Using configuration from /etc/openvpn/pki/easy-rsa-147.MolDfl/tmp.faLnEKEnter pass phrase for /etc/openvpn/pki/private/ca.key:12345678An updated CRL has been created.CRL file: /etc/openvpn/pki/crl.pem[root@VM-24-9-centos openvpn]# #生成客户端证书(这里的weihu改成你想要的名字)docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopassUsing SSL: openssl OpenSSL 1.1.1g 21 Apr 2020Generating a RSA private key...+++++....................................................................................+++++writing new private key to '/etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.AjJCaO'-----Using configuration from /etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.LJIhlMEnter pass phrase for /etc/openvpn/pki/private/ca.key: 12345678Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName :ASN.1 12:'weihu'Certificate is to be certified until Sep 17 01:01:23 2024 GMT (825 days)Write out database with 1 new entriesData Base Updated[root@VM-24-9-centos openvpn]# #导出客户端配置mkdir -p /opt/apps/openvpn/confdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient weihu> /opt/apps/openvpn/conf/weihu.ovpn#启动OpenV服务docker run --name openvpn -v /opt/apps/openvpn:/etc/openvpn -d -p 8000:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn:2.4PS:停止 openvpndocker stop openvpn启动 openvpndocker start openvpn#设置防火墙 (这个先不加也可以用)iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADEiptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADEiptables -t nat -A DOCKER -i docker0 -j RETURNiptables -t nat -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADEipconfig-save#创建用户脚本 user_create.sh#!/bin/bashread -p "please your username: " NAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full $NAME nopassdocker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient $NAME > /opt/apps/openvpn/conf/"$NAME".ovpn#删除用户脚本 user_del.sh#!/bin/bashread -p "Delete username: " DNAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa revoke $DNAMEdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa gen-crldocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/reqs/"$DNAME".reqdocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/private/"$DNAME".keydocker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/issued/"$DNAME".crt#需要重启openvpndocker restart openvpn2.3 参考地址
https://blog.csdn.net/qq_42761569/article/details/106538056