52
docs/docker.md
Normal file
52
docs/docker.md
Normal file
@ -0,0 +1,52 @@
|
||||
# Install Latest Docker Service
|
||||
|
||||
Docker included with some distributions lags far behind upstream. This guide aims to provide a quick and reliable way to install or update it.
|
||||
|
||||
It is recommended to use platforms that support systemd as future versions of this docker image may require systemd to help with some tasks:
|
||||
|
||||
* Fedora
|
||||
* Debian 8.1+
|
||||
|
||||
## Debian / Ubuntu
|
||||
|
||||
### Step 1 — Set Up Docker
|
||||
|
||||
Docker is moving fast and Debian / Ubuntu's long term support (LTS) policy doesn't keep up. To work around this we'll install a PPA that will get us the latest version of Docker.
|
||||
|
||||
Ensure dependencies are installed:
|
||||
|
||||
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
|
||||
|
||||
Add the upstream Docker repository package signing key. The apt-key command uses elevated privileges via sudo, so a password prompt for the user's password may appear:
|
||||
|
||||
curl https://get.docker.io/gpg | sudo apt-key add -
|
||||
|
||||
Add the upstream Docker repository to the system list:
|
||||
|
||||
echo deb https://get.docker.io/ubuntu docker main | sudo tee /etc/apt/sources.list.d/docker.list
|
||||
|
||||
Update the package list and install the Docker package:
|
||||
|
||||
sudo apt-get update && sudo apt-get install -y lxc-docker
|
||||
|
||||
Add your user to the `docker` group to enable communication with the Docker daemon as a normal user, where `$USER` is your username. Exit and log in again for the new group to take effect:
|
||||
|
||||
sudo usermod -aG docker $USER
|
||||
|
||||
After **re-logging in** verify the group membership using the id command. The expected response should include docker like the following example:
|
||||
|
||||
uid=1001(test0) gid=1001(test0) groups=1001(test0),27(sudo),999(docker)
|
||||
|
||||
### Step 2 — Test Docker
|
||||
|
||||
Run a Debian jessie docker container:
|
||||
|
||||
docker run --rm -it debian:jessie bash -l
|
||||
|
||||
Once inside the container you'll see the `root@<container id>:/#` prompt signifying that the current shell is in a Docker container. To confirm that it's different from the host, check the version of Debian running in the container:
|
||||
|
||||
cat /etc/issue.net
|
||||
|
||||
Expected result:
|
||||
|
||||
Debian GNU/Linux 8
|
@ -1,5 +1,12 @@
|
||||
# Frequently Asked Questions
|
||||
|
||||
## How do I edit `openvpn.conf`?
|
||||
|
||||
Use a Docker image with a text editor pre-installed (i.e. Ubuntu) and connect the volume container:
|
||||
|
||||
docker run --volumes-from $OVPN_DATA --rm -it ubuntu vi /etc/openvpn/openvpn.conf
|
||||
|
||||
|
||||
## Why not keep everything in one image?
|
||||
|
||||
The run-time image (`kylemanna/openvpn`) is intended to be an ephemeral image. Nothing should be saved in it so that it can be re-downloaded and re-run when updates are pushed (i.e. newer version of OpenVPN or even Debian). The data container contains all this data and is attached at run time providing a safe home.
|
||||
|
91
docs/ipv6.md
Normal file
91
docs/ipv6.md
Normal file
@ -0,0 +1,91 @@
|
||||
# IPv6 Support
|
||||
|
||||
This is a work in progress, more polish to follow. Use the `dev` git branch and `dev` docker image tag for testing.
|
||||
|
||||
## Tunnel IPv6 Address To OpenVPN Clients
|
||||
|
||||
This feature is advanced and recommended only for those who already have a functioning IPv4 tunnel and know how IPv6 works.
|
||||
|
||||
Systemd is used to setup a static route and Debian 8.1 or later is recommended as the host distribution. Others probably work, but haven't been tested.
|
||||
|
||||
|
||||
### Step 1 — Setup IPv6 on the Host Machine
|
||||
|
||||
The tutorial uses a free tunnel from [tunnelbroker.net](https://tunnelbroker.net/) to get a /64 and /48 prefix allocated to me. The tunnel endpoint is less then 3 ms away from Digital Ocean's San Francisco datacenter.
|
||||
|
||||
Place the following in `/etc/network/interfaces`. Relace `PUBLIC_IP` with your host's public IPv4 address and replace 2001:db8::2 and 2001:db8::1 with the corresponding tunnel endpoints:
|
||||
|
||||
auto he-ipv6
|
||||
iface he-ipv6 inet6 v4tunnel
|
||||
address 2001:db8::2
|
||||
netmask 64
|
||||
endpoint 72.52.104.74
|
||||
local PUBLIC_IP
|
||||
ttl 255
|
||||
gateway 2001:db8::1
|
||||
|
||||
Bring the interface up:
|
||||
|
||||
ifup he-ipv6
|
||||
|
||||
Test that IPv6 works on the host:
|
||||
|
||||
ping6 google.com
|
||||
|
||||
If this doesn't work, figure it out. It may be necessary to add an firewall rule to allow IP protocol 41 through the firewall.
|
||||
|
||||
|
||||
### Step 2 — Update Docker's Init To Enable IPv6 Support
|
||||
|
||||
Copy the system's existing docker file and append the `--ipv6` argument to the end of the command line:
|
||||
|
||||
sed -e 's:^\(ExecStart.*\):\1 --ipv6:' /lib/systemd/system/docker.service | tee /etc/systemd/system/docker.service
|
||||
|
||||
Reload the daemon and restart docker so that it takes affect:
|
||||
|
||||
systemctl daemon-reload && systemctl restart docker.service
|
||||
|
||||
|
||||
### Step 3 — Setup the systemd Unit File
|
||||
|
||||
Copy the systemd init file from the docker-openvpn /init directory of the repository and install into `/etc/systemd/system/docker-openvpn.service`
|
||||
|
||||
curl -o /etc/systemd/system/docker-openvpn.service https://raw.githubusercontent.com/kylemanna/docker-openvpn/dev/init/docker-openvpn.service
|
||||
|
||||
Edit the file, replace `IP6_PREFIX` value with the value of your /64 prefix.
|
||||
|
||||
vi /etc/systemd/system/docker-openvpn.service
|
||||
|
||||
Finally, reload systemd so the changes take affect:
|
||||
|
||||
systemctl daemon-reload
|
||||
|
||||
### Step 4 — Start OpenVPN
|
||||
|
||||
Ensure that OpenVPN has been initialized and configured as described in the top level `README.md`.
|
||||
|
||||
Start the systemd service file:
|
||||
|
||||
systemctl start docker-openvpn
|
||||
|
||||
Verify logs if needed:
|
||||
|
||||
systemctl status docker-openvpn
|
||||
docker logs openvpn0
|
||||
|
||||
### Step 4 — Modify Client Config for IPv6 Default Route
|
||||
|
||||
Append the default route for the public Internet:
|
||||
|
||||
echo "route-ipv6 2000::/3" >> clientname.ovpn
|
||||
|
||||
### Step 5 — Start up Client
|
||||
|
||||
If all went according to plan, then `ping6 2600::` and `ping6 google.com` should work.
|
||||
|
||||
Fire up a web browser and attempt to navigate to [https://ipv6.google.com](https://ipv6.google.com).
|
||||
|
||||
|
||||
## Connect to the OpenVPN Server Over IPv6
|
||||
|
||||
Not implemented, yet.
|
Reference in New Issue
Block a user