Public Repository

Last pushed: 2 years ago
Short Description
Short description is empty for this repo.
Full Description

USAGE

ENV Parameter

Default values as follows:

QUAGGA_HOSTNAME     hostname            #Quagga Login name
QUAGGA_PASSWORD     password            #Quagga Login password

AUTH_METHOD         cert    <ldap/cert> #The Authenticated Method
CERT_EXPIRE_TIME    3600                #The Expired Time (days)
LDAP_URL            ldap://localhost    #LDAP Url
LDAP_BIND_DN        cn=ldap,dc=org      #LDAP BIND DN 
LDAP_PASSWORD       PASSWORD            #LDAP PASSWORD
LDAP_BASE_DN        o=ldap,dc=org       #LDAP Search Base DN
LDAP_FILTER         ""                  #LDAP Search Filter

RING_NETWORK_ENABLE true                #Enable Ring Network
RING_NETWORK        10.254.254.0        #Ring Network (netmask always /24)
RING_IP             10.254.254.1        #Server IP in Ring Network (Unique)
RING_PORT           10001               #Ring Network Port to container

L2_NETWORK_ENABLE   true                #Enable Tap-L2 Network
L2_NETWORK          10.253.1.0          #L2 Network (netmask always /24)
L2_HOST_IP          10.253.1.254        #Server IP in L2 Network
L2_START_IP         10.253.1.1          #L2 Client DHCP IP From
L2_END_IP           10.253.1.250        #L2 Client DHCP IP End
L2_PORT             10002               #L2 Network Port to container

L3_NETWORK_ENABLE   true                #Enable Tun-L3 Network
L3_NETWORK          10.252.1.0          #L3 Network (netmask always /24)
L3_PORT             10003               #L3 Network Port to container

SERVER_MODE         root                #Server CA Mode, only 'root' now.
SERVER_NAME         openvpn             #Server Name in avahi-daemon
SERVER_IP           12.12.12.12         #Server Public IP
SERVER_COUNTRY      JP                  #Server Certificate Field Country
SERVER_PROVINCE     OTAKA               #Server Certificate Field Province
SERVER_CITY         OTAKA               #Server Certificate Field City
SERVER_ORG          YETIZ.ORG           #Server Certificate Field Org
SERVER_MAIL         MAIN@EXAMPLE.COM    #Server Certificate Field Mail
SERVER_OU           VPN                 #Server Certificate Field OU
KEY_CN              VPN_CN              #Server Certificate Field CommonName

RUN

# ring-container-port 10001
# tap-container-port 10002
# tun-container-port 10003

docker run \
--restart=always \
-i \
-p 34:10001 \
-p 8080:10002 \
-p 465:10003 \
--name="openvpn" \
-h openvpn \
-e QUAGGA_HOSTNAME='hostname' \
-e QUAGGA_PASSWORD='hostnamepassword' \
-e RING_NETWORK_ENABLE='true' \
-e RING_NETWORK='10.254.0.0' \
-e RING_IP='10.254.0.3' \
-e RING_PORT='34' \
-e L2_NETWORK_ENABLE='true' \
-e L2_NETWORK='10.253.3.0' \
-e L2_HOST_IP='10.253.3.254' \
-e L2_START_IP='10.253.3.1' \
-e L2_END_IP='10.253.3.250' \
-e L2_PORT='8080' \
-e L3_NETWORK_ENABLE='true' \
-e L3_NETWORK='10.252.3.0' \
-e L3_PORT='465' \
-e SERVER_MODE='root' \
-e SERVER_NAME='openvpn' \
-e SERVER_IP='120.120.120.120' \
-e SERVER_COUNTRY='TW' \
-e SERVER_PROVINCE='TW' \
-e SERVER_CITY='Taipei' \
-e SERVER_ORG='YETIZ.ORG' \
-e SERVER_MAIL='MAIN@EXAMPLE.COM' \
-e SERVER_OU='MAIN' \
-e KEY_CN='MAIN_CN' \
--privileged \
-v /pool/service-storage/openvpn/:/root/data/db \
-t yeti/openvpn

Directory Structure & Join Ring

Place your configure folder into ring folder. The directory structure likes:

/root/data/db
    │
    ├── keys
    ├── log
    │   ├── openvpn-ring.log
    │   ├── openvpn-tap.log
    │   ├── openvpn-tun.log
    │   ├── ripd.log
    │   └── zebra.log
    └── ring <------------------ring folder
        └── ring-apn <----------your configure folder
            ├── OTlmN2Y5.crt
            ├── OTlmN2Y5.key
            ├── Ring.ovpn <-----connection configure file
            ├── ta.key
            ├── up.sh
            └── verify.crt

Create Client Connection File

Enter openvpn container.

docker attach openvpn

Choose Create Client Connection File and enter 2

Choose operation:
[1] Connect Ring
[2] Create Client Connection File

The connection file folder is at /root/data/db/OTVkZTc0, take it from your mount volume.

NOTE: If you run ./clean-all, I will be doing a rm -rf on /root/data/db/keys
Using Common Name: OTVkZTc0
Generating a 2048 bit RSA private key
...................+++
...................+++
writing new private key to 'OTVkZTc0.key'
-----
Using configuration from /root/data/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'TW'
stateOrProvinceName   :PRINTABLE:'TW'
localityName          :PRINTABLE:'TAIPEI'
organizationName      :PRINTABLE:'YETIZ.ORG'
organizationalUnitName:PRINTABLE:'TAIPEI'
commonName            :PRINTABLE:'OTVkZTc0'
name                  :PRINTABLE:'YETIZ.ORG'
emailAddress          :IA5STRING:'TAIPEI@YETIZ.ORG'
Certificate is to be certified until Apr 18 07:28:34 2025 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Configure file directory [at /root/data/db/OTVkZTc0] created!

Notice

  1. You have to mount a volume to /root/data/db, this will contain client connection folder, ring folder and server setting.
  2. --privileged for network operation.
  3. Ring Network will help you to create a connection between different VPN network, if you only need one VPN Network, just pass -e RING_NETWORK_ENABLE='false'.
  4. L2 Network use tap device to make connection to VPN, didn't support mobile platform. Tap-L2.ovpn is connection configure file.
  5. L3 Network use tunnel to make connection to VPN, this is support mobile platform. Tun-L3.ovpn is connection configure file.
  6. All Client connection need verify.crt, ta.key, [Name].crt, [Name].key and Ring Network connection need up.sh

DELETE

docker stop openvpn;docker rm openvpn; docker rmi yeti/openvpn
Docker Pull Command
Owner
yeti

Comments (0)