From 353019b0e9acc5018fe8302eb9345f96a6ae2eab Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Sun, 29 Jun 2014 22:44:05 -0700 Subject: [PATCH 1/7] genconfig: Add client-config-dir * Add client config directory for client specific configuration options such as IP addresses. --- bin/ovpn_genconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index 4b88747..e5f14ff 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -28,6 +28,7 @@ persist-key persist-tun push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" +client-config-dir $OPENVPN/ccd proto udp port 1194 From 20dc3d6ea0b151abd1434780b17b5669faa5fd23 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Sun, 29 Jun 2014 22:45:30 -0700 Subject: [PATCH 2/7] genconfig: Expand the subnet * Use a larger subnet (2x the size) to allow for more hard-coded configurations. --- bin/ovpn_genconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index e5f14ff..8a4a2f0 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -14,7 +14,7 @@ if [ -z "$cn" ]; then fi cat > "$OPENVPN/udp1194.conf" < Date: Sun, 29 Jun 2014 23:04:42 -0700 Subject: [PATCH 3/7] genconfig: Use servername if $1 not specified * Set the common name to servername set during last ovpn_init if $1 is not passed in. * Simplies re-running ovpn_genconfig when features are added. --- bin/ovpn_genconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index 8a4a2f0..921c800 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -6,7 +6,8 @@ set -ex -cn=$1 +servername=$(cat "$OPENVPN/servername" 2> /dev/null) +cn=${1-$servername} if [ -z "$cn" ]; then echo "Common name not specified" From 7b9d82630d6434bb66d5ac011bdab1703be135c7 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Sun, 29 Jun 2014 23:09:18 -0700 Subject: [PATCH 4/7] genconfig: Backup old config file * Backup previous config file before overwriting. --- bin/ovpn_genconfig | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index 921c800..3040c03 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -14,7 +14,14 @@ if [ -z "$cn" ]; then exit 1 fi -cat > "$OPENVPN/udp1194.conf" < $bak" + mv "$conf" "$bak" +fi + +cat > "$conf" < Date: Sun, 29 Jun 2014 23:22:03 -0700 Subject: [PATCH 5/7] run: Always ensure client dir exists * OpenVPN will fail to start if this directory doesn't exist. --- bin/ovpn_run | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/ovpn_run b/bin/ovpn_run index f593ef8..5a9a28a 100755 --- a/bin/ovpn_run +++ b/bin/ovpn_run @@ -11,6 +11,10 @@ if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200 fi +if [ ! -d "$OPENVPN/ccd" ]; then + mkdir -p /etc/openvpn/ccd +fi + iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE openvpn --config "$OPENVPN/udp1194.conf" From 26a14d2f4bc8b45175131ee4834246d4c8fd55eb Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Mon, 30 Jun 2014 00:10:52 -0700 Subject: [PATCH 6/7] clients: Add support for static subnet * Allow static clients to be placed on 192.168.254.0/24 subnet. --- bin/ovpn_genconfig | 2 ++ bin/ovpn_run | 3 +++ 2 files changed, 5 insertions(+) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index 3040c03..e3e47ae 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -36,7 +36,9 @@ persist-key persist-tun push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" + client-config-dir $OPENVPN/ccd +route 192.168.254.0 255.255.255.0 proto udp port 1194 diff --git a/bin/ovpn_run b/bin/ovpn_run index 5a9a28a..77e0c21 100755 --- a/bin/ovpn_run +++ b/bin/ovpn_run @@ -15,6 +15,9 @@ if [ ! -d "$OPENVPN/ccd" ]; then mkdir -p /etc/openvpn/ccd fi +# Static subnet +iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -o eth0 -j MASQUERADE +# Dynamic subnet iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE openvpn --config "$OPENVPN/udp1194.conf" From 9a7ccd45aee1091edca476e94d1b2db59951aa77 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Mon, 30 Jun 2014 00:35:52 -0700 Subject: [PATCH 7/7] docs: Add static IP documentation * Add the documentation while it's fresh. --- docs/static-ips.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 docs/static-ips.md diff --git a/docs/static-ips.md b/docs/static-ips.md new file mode 100644 index 0000000..39ccfe2 --- /dev/null +++ b/docs/static-ips.md @@ -0,0 +1,24 @@ +# Static IP Addresses + +The docker image is setup for static client configuration on the 192.168.254.0/24 subnet. To use it follow the Quick Start section below. Note that the IP addresses octects need to be picked special, see [OpenVPN Documentation](https://openvpn.net/index.php/open-source/documentation/howto.html#policy) for more details. + +## Quick Start + +1. Create a client specific configuration: + + $ echo "ifconfig-push 192.168.254.1 192.168.254.2" | docker run --volumes-from openvpn-data -i --rm kylemanna/openvpn tee /etc/openvpn/ccd/CERT_COMMON_NAME + ifconfig-push 192.168.254.1 192.168.254.2 + +2. Wait for client to reconnect if necessary + +## Advanced Admin + +Login to the openvpn-data volume with a `bash` container, note only changes in /etc/openvpn will persist: + + docker run --volumes-from openvpn-data -it --rm kylemanna/openvpn bash -l + +## Upgrading from Old OpenVPN Configurations + +If you're running an old configuration and need to upgrade it to pull in the ccd directory run the following: + + docker run --volumes-from openvpn-data --rm kylemanna/openvpn ovpn_genconfig