allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Use --cap-add=NET_ADMIN instead of --privileged

Browse Source 
Ovpn doesn't need all the capabilities.
https://docs.docker.com/reference/run/#runtime-privilege-linux-capabilities-and-lxc-configuration says:
For interacting with the network stack, instead of using --privileged they should use --cap-add=NET_ADMIN to modify the network interfaces.
This commit is contained in:
Adrian Olek
2014-10-06 10:07:27 +02:00
parent a69ca8d65e
commit 8c7d020074
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -15,6 +15,12 @@ OpenVPN server in a Docker container complete with an EasyRSA PKI CA.
* Start OpenVPN server process * Start OpenVPN server process
- On Docker [version 1.2](http://blog.docker.com/2014/08/announcing-docker-1-2-0/) and newer
docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
- On Docker older than 1.2 version
docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged kylemanna/openvpn docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged kylemanna/openvpn
* Generate a client certificate without a passphrase * Generate a client certificate without a passphrase