Add: Example config files
This commit is contained in:
parent
fc0c4f521d
commit
fbdf22a762
GPG Key ID:
A04E97D8E19A58A7
15
Dockerfile
15
Dockerfile
@ -4,7 +4,7 @@ RUN apt update && apt dist-upgrade -y
|
||||
|
||||
RUN apt install -y openvpn openvpn-auth-ldap easy-rsa
|
||||
|
||||
ADD vars /etc/openvpn/vars
|
||||
WORKDIR /etc/openvpn
|
||||
|
||||
RUN make-cadir easy-rsa/
|
||||
|
||||
@ -17,8 +17,15 @@ RUN export EASYRSA_BATCH=1 && ./easyrsa build-server-full server nopass
|
||||
RUN ./easyrsa gen-dh
|
||||
RUN openvpn --genkey secret /etc/openvpn/server/ta.key
|
||||
|
||||
ADD server.conf /etc/openvpn/server.conf
|
||||
|
||||
CMD ['openvpn','/etc/openvpn/server.conf']
|
||||
RUN mkdir -p /dev/net && \
|
||||
mknod /dev/net/tun c 10 200 && \
|
||||
chmod 600 /dev/net/tun
|
||||
|
||||
|
||||
COPY server.conf /etc/openvpn/server.conf
|
||||
|
||||
ADD entrypoint.sh /entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
CMD ["openvpn","/etc/openvpn/server.conf"]
|
||||
|
||||
8
entrypoint.sh
Executable file
8
entrypoint.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
mkdir -p /dev/net
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mknod /dev/net/tun c 10 200
|
||||
fi
|
||||
|
||||
exec $@
|
||||
16
examples/ldap.conf
Normal file
16
examples/ldap.conf
Normal file
@ -0,0 +1,16 @@
|
||||
<LDAP>
|
||||
URL ldap://ldap
|
||||
BindDN cn=admin,dc=domain,dc=org
|
||||
Password secret
|
||||
Timeout 15
|
||||
FollowReferrals yes
|
||||
TLSCACertFile /usr/local/etc/ssl/ca.pem
|
||||
TLSCACertDir /etc/ssl/certs
|
||||
TLSCertFile /usr/local/etc/ssl/client-cert.pem
|
||||
TLSKeyFile /usr/local/etc/ssl/client-key.pem
|
||||
</LDAP>
|
||||
<Authorization>
|
||||
BaseDN "ou=users,dc=domain,dc=org"
|
||||
SearchFilter "(|(uid=%u)(cn=%u)(mail=%u))"
|
||||
RequireGroup false
|
||||
</Authorization>
|
||||
27
examples/server.conf
Normal file
27
examples/server.conf
Normal file
@ -0,0 +1,27 @@
|
||||
port 1194
|
||||
proto udp
|
||||
dev tun
|
||||
|
||||
ca /etc/openvpn/easy-rsa/pki/ca.crt
|
||||
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
|
||||
key /etc/openvpn/easy-rsa/pki/private/server.key # keep secret
|
||||
dh /etc/openvpn/easy-rsa/pki/dh.pem
|
||||
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
|
||||
|
||||
topology subnet
|
||||
server 10.8.0.0 255.255.255.0
|
||||
ifconfig-pool-persist ipp.txt
|
||||
push "route 192.168.10.0 255.255.255.0"
|
||||
|
||||
client-to-client
|
||||
duplicate-cn
|
||||
keepalive 10 120
|
||||
cipher AES-256-CBC
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
status /var/log/openvpn-status.log
|
||||
verb 3
|
||||
explicit-exit-notify 1
|
||||
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf" login
|
||||
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
|
||||
Loading…
Reference in New Issue
Block a user