Add: Example config files

This commit is contained in:
Luca 2023-05-18 09:36:27 -05:00
parent fc0c4f521d
commit fbdf22a762
Signed by: lrullo
GPG Key ID: A04E97D8E19A58A7
4 changed files with 62 additions and 4 deletions

View File

@ -4,7 +4,7 @@ RUN apt update && apt dist-upgrade -y
RUN apt install -y openvpn openvpn-auth-ldap easy-rsa
ADD vars /etc/openvpn/vars
WORKDIR /etc/openvpn
RUN make-cadir easy-rsa/
@ -17,8 +17,15 @@ RUN export EASYRSA_BATCH=1 && ./easyrsa build-server-full server nopass
RUN ./easyrsa gen-dh
RUN openvpn --genkey secret /etc/openvpn/server/ta.key
ADD server.conf /etc/openvpn/server.conf
CMD ['openvpn','/etc/openvpn/server.conf']
RUN mkdir -p /dev/net && \
mknod /dev/net/tun c 10 200 && \
chmod 600 /dev/net/tun
COPY server.conf /etc/openvpn/server.conf
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["openvpn","/etc/openvpn/server.conf"]

8
entrypoint.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
mkdir -p /dev/net
if [ ! -c /dev/net/tun ]; then
mknod /dev/net/tun c 10 200
fi
exec $@

16
examples/ldap.conf Normal file
View File

@ -0,0 +1,16 @@
<LDAP>
URL ldap://ldap
BindDN cn=admin,dc=domain,dc=org
Password secret
Timeout 15
FollowReferrals yes
TLSCACertFile /usr/local/etc/ssl/ca.pem
TLSCACertDir /etc/ssl/certs
TLSCertFile /usr/local/etc/ssl/client-cert.pem
TLSKeyFile /usr/local/etc/ssl/client-key.pem
</LDAP>
<Authorization>
BaseDN "ou=users,dc=domain,dc=org"
SearchFilter "(|(uid=%u)(cn=%u)(mail=%u))"
RequireGroup false
</Authorization>

27
examples/server.conf Normal file
View File

@ -0,0 +1,27 @@
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key # keep secret
dh /etc/openvpn/easy-rsa/pki/dh.pem
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
explicit-exit-notify 1
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf" login
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem