allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Merge pull request #69 from ypid/docker_no_network_paranoid_doc

Browse Source 
Only setup networking for containers which need it.
This commit is contained in:
Kyle Manna
2015-09-08 06:54:42 -07:00
parent 41f7fd22ad ee9f4531ad
commit 314eb15507
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/paranoid.md
View File

@@ -5,9 +5,9 @@ As mentioned in the [backup section](/docs/backup.md), there are good reasons to
Execute the following commands. Note that you might want to change the volume `$PWD` or use a data docker container for this. Execute the following commands. Note that you might want to change the volume `$PWD` or use a data docker container for this.
docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM docker run --net=none --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_initpki docker run --net=none --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_initpki
docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_copy_server_files docker run --net=none --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_copy_server_files
The [`ovpn_copy_server_files`](/bin/ovpn_copy_server_files) script puts all the needed configuration in a subdirectory which defaults to `$OPENVPN/server`. All you need to do now is to copy this directory to the server and you are good to go. The [`ovpn_copy_server_files`](/bin/ovpn_copy_server_files) script puts all the needed configuration in a subdirectory which defaults to `$OPENVPN/server`. All you need to do now is to copy this directory to the server and you are good to go.
@@ -22,7 +22,7 @@ If you want to select the cyphers used by OpenVPN the following parameters of th
The following options have been tested successfully: The following options have been tested successfully:
docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -C 'AES-256-CBC' -a 'SHA384' docker run --volumes-from $OVPN_DATA --net=none --rm kylemanna/openvpn ovpn_genconfig -C 'AES-256-CBC' -a 'SHA384'
Changing the `tls-cipher` option seems to be more complicated because some clients (namely NetworkManager in Debian Jessie) seem to have trouble with this. Running `openvpn` manually also did not solve the issue: Changing the `tls-cipher` option seems to be more complicated because some clients (namely NetworkManager in Debian Jessie) seem to have trouble with this. Running `openvpn` manually also did not solve the issue: