From fbdf22a762e166be191628d9924d0d7db4f29869 Mon Sep 17 00:00:00 2001 From: Luca Rullo Date: Thu, 18 May 2023 09:36:27 -0500 Subject: [PATCH] Add: Example config files --- Dockerfile | 15 +++++++++++---- entrypoint.sh | 8 ++++++++ examples/ldap.conf | 16 ++++++++++++++++ examples/server.conf | 27 +++++++++++++++++++++++++++ 4 files changed, 62 insertions(+), 4 deletions(-) create mode 100755 entrypoint.sh create mode 100644 examples/ldap.conf create mode 100644 examples/server.conf diff --git a/Dockerfile b/Dockerfile index acd5eb5..5b2bdff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apt update && apt dist-upgrade -y RUN apt install -y openvpn openvpn-auth-ldap easy-rsa -ADD vars /etc/openvpn/vars +WORKDIR /etc/openvpn RUN make-cadir easy-rsa/ @@ -17,8 +17,15 @@ RUN export EASYRSA_BATCH=1 && ./easyrsa build-server-full server nopass RUN ./easyrsa gen-dh RUN openvpn --genkey secret /etc/openvpn/server/ta.key -ADD server.conf /etc/openvpn/server.conf - -CMD ['openvpn','/etc/openvpn/server.conf'] +RUN mkdir -p /dev/net && \ + mknod /dev/net/tun c 10 200 && \ + chmod 600 /dev/net/tun +COPY server.conf /etc/openvpn/server.conf + +ADD entrypoint.sh /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] + +CMD ["openvpn","/etc/openvpn/server.conf"] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..babc776 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +mkdir -p /dev/net +if [ ! -c /dev/net/tun ]; then + mknod /dev/net/tun c 10 200 +fi + +exec $@ diff --git a/examples/ldap.conf b/examples/ldap.conf new file mode 100644 index 0000000..392a3da --- /dev/null +++ b/examples/ldap.conf @@ -0,0 +1,16 @@ + + URL ldap://ldap + BindDN cn=admin,dc=domain,dc=org + Password secret + Timeout 15 + FollowReferrals yes + TLSCACertFile /usr/local/etc/ssl/ca.pem + TLSCACertDir /etc/ssl/certs + TLSCertFile /usr/local/etc/ssl/client-cert.pem + TLSKeyFile /usr/local/etc/ssl/client-key.pem + + + BaseDN "ou=users,dc=domain,dc=org" + SearchFilter "(|(uid=%u)(cn=%u)(mail=%u))" + RequireGroup false + diff --git a/examples/server.conf b/examples/server.conf new file mode 100644 index 0000000..022197a --- /dev/null +++ b/examples/server.conf @@ -0,0 +1,27 @@ +port 1194 +proto udp +dev tun + +ca /etc/openvpn/easy-rsa/pki/ca.crt +cert /etc/openvpn/easy-rsa/pki/issued/server.crt +key /etc/openvpn/easy-rsa/pki/private/server.key # keep secret +dh /etc/openvpn/easy-rsa/pki/dh.pem +crl-verify /etc/openvpn/easy-rsa/pki/crl.pem + +topology subnet +server 10.8.0.0 255.255.255.0 +ifconfig-pool-persist ipp.txt +push "route 192.168.10.0 255.255.255.0" + +client-to-client +duplicate-cn +keepalive 10 120 +cipher AES-256-CBC + +persist-key +persist-tun +status /var/log/openvpn-status.log +verb 3 +explicit-exit-notify 1 +plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf" login +crl-verify /etc/openvpn/easy-rsa/pki/crl.pem