Add: Example config files

2023-05-18 09:36:27 -05:00 · 2023-05-18 09:36:27 -05:00 · fbdf22a762
commit fbdf22a762
parent fc0c4f521d
4 changed files with 62 additions and 4 deletions
--- a/15
+++ b/15
@ -4,7 +4,7 @@ RUN apt update && apt dist-upgrade -y
 RUN apt install -y openvpn openvpn-auth-ldap easy-rsa
-ADD vars /etc/openvpn/vars
+WORKDIR /etc/openvpn
 RUN make-cadir easy-rsa/
@ -17,8 +17,15 @@ RUN export EASYRSA_BATCH=1 && ./easyrsa build-server-full server nopass
 RUN ./easyrsa gen-dh
 RUN  openvpn --genkey secret /etc/openvpn/server/ta.key
-ADD server.conf /etc/openvpn/server.conf
+RUN mkdir -p /dev/net && \
-
+	mknod /dev/net/tun c 10 200 && \
-CMD ['openvpn','/etc/openvpn/server.conf']
+	chmod 600 /dev/net/tun
 COPY server.conf /etc/openvpn/server.conf
 ADD entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["openvpn","/etc/openvpn/server.conf"]
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,8 @@
 #!/bin/bash
 mkdir -p /dev/net
 if [ ! -c /dev/net/tun ]; then
    mknod /dev/net/tun c 10 200
 fi
 exec $@
--- a/examples/ldap.conf
+++ b/examples/ldap.conf
@ -0,0 +1,16 @@
 <LDAP>
 	URL		ldap://ldap
 	BindDN		cn=admin,dc=domain,dc=org
 	Password	secret
 	Timeout		15
 	FollowReferrals yes
 	TLSCACertFile	/usr/local/etc/ssl/ca.pem
 	TLSCACertDir	/etc/ssl/certs
 	TLSCertFile	/usr/local/etc/ssl/client-cert.pem
 	TLSKeyFile	/usr/local/etc/ssl/client-key.pem
 </LDAP>
 <Authorization>
 	BaseDN		"ou=users,dc=domain,dc=org"
 	SearchFilter	"(|(uid=%u)(cn=%u)(mail=%u))"
 	RequireGroup	false
 </Authorization>
--- a/examples/server.conf
+++ b/examples/server.conf
@ -0,0 +1,27 @@
 port 1194
 proto udp
 dev tun
 ca      /etc/openvpn/easy-rsa/pki/ca.crt
 cert    /etc/openvpn/easy-rsa/pki/issued/server.crt
 key     /etc/openvpn/easy-rsa/pki/private/server.key  # keep secret
 dh      /etc/openvpn/easy-rsa/pki/dh.pem
 crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
 topology subnet
 server 10.8.0.0 255.255.255.0
 ifconfig-pool-persist ipp.txt
 push "route 192.168.10.0 255.255.255.0"
 client-to-client
 duplicate-cn
 keepalive 10 120
 cipher AES-256-CBC
 persist-key
 persist-tun
 status /var/log/openvpn-status.log
 verb 3
 explicit-exit-notify 1
 plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf" login
 crl-verify /etc/openvpn/easy-rsa/pki/crl.pem