ovpen_init: Remove external IP resolution
* Disable auto guessing the external IP in favor of the user explicitly specifying the server name. Save the servername for client cert generation later. * Remove dnsutils from build since dig is no longer necessary. Favor learn and mean images.
This commit is contained in:
Kyle Manna
parent
1869cd85d0
commit
939cf7ab67
@ -4,7 +4,7 @@ FROM ubuntu:14.04
|
|||||||
|
|
||||||
MAINTAINER Kyle Manna <kyle@kylemanna.com>
|
MAINTAINER Kyle Manna <kyle@kylemanna.com>
|
||||||
|
|
||||||
RUN apt-get install -y openvpn iptables git-core dnsutils
|
RUN apt-get install -y openvpn iptables git-core
|
||||||
|
|
||||||
# Update checkout to use tags when v3.0 is finally released
|
# Update checkout to use tags when v3.0 is finally released
|
||||||
RUN git clone https://github.com/OpenVPN/easy-rsa.git /usr/local/share/easy-rsa
|
RUN git clone https://github.com/OpenVPN/easy-rsa.git /usr/local/share/easy-rsa
|
||||||
|
|||||||
@ -22,13 +22,15 @@ easyrsa build-ca nopass
|
|||||||
easyrsa gen-dh
|
easyrsa gen-dh
|
||||||
openvpn --genkey --secret $OPENVPN/pki/ta.key
|
openvpn --genkey --secret $OPENVPN/pki/ta.key
|
||||||
|
|
||||||
if [ -z "$cn"]; then
|
# Was nice to autoset, but probably a bad idea in practice, users should
|
||||||
#TODO: Handle IPv6 (when I get a VPS with IPv6)...
|
# have to explicitly specify the common name of their server
|
||||||
ip4=$(dig +short myip.opendns.com @resolver1.opendns.com)
|
#if [ -z "$cn"]; then
|
||||||
ptr=$(dig +short -x $ip4 | sed -e 's:\.$::')
|
# #TODO: Handle IPv6 (when I get a VPS with IPv6)...
|
||||||
|
# ip4=$(dig +short myip.opendns.com @resolver1.opendns.com)
|
||||||
[ -n "$ptr" ] && cn=$ptr || cn=$ip4
|
# ptr=$(dig +short -x $ip4 | sed -e 's:\.$::')
|
||||||
fi
|
#
|
||||||
|
# [ -n "$ptr" ] && cn=$ptr || cn=$ip4
|
||||||
|
#fi
|
||||||
|
|
||||||
echo "$cn" > $OPENVPN/servername
|
echo "$cn" > $OPENVPN/servername
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user