diff --git a/README.md b/README.md index c93a54e..5171b6d 100644 --- a/README.md +++ b/README.md @@ -18,48 +18,34 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq). * Create the `$OVPN_DATA` volume container, i.e. `OVPN_DATA="ovpn-data"` -```Shell -docker run --name $OVPN_DATA -v /etc/openvpn busybox -``` + docker run --name $OVPN_DATA -v /etc/openvpn busybox * Initialize the `$OVPN_DATA` container that will hold the configuration files and certificates -```Shell -docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM -docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki -``` + docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM + docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki * Start OpenVPN server process - On Docker [version 1.2](http://blog.docker.com/2014/08/announcing-docker-1-2-0/) and newer - ```Shell - docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn - ``` + docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn - On Docker older than version 1.2 - ```Shell - docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged kylemanna/openvpn - ``` + docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged kylemanna/openvpn * Generate a client certificate without a passphrase - ```Shell - docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass - ``` + docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass * Retrieve the client configuration with embedded certificates - ```Shell - docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn - ``` + docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn * Create an environment variable with the name DEBUG and value of 1 to enable debug output (using "docker -e"). - ```Shell - docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged -e DEBUG=1 kylemanna/openvpn - ``` + docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged -e DEBUG=1 kylemanna/openvpn ## How Does It Work? diff --git a/docs/advanced.md b/docs/advanced.md index beaa87f..59cb9be 100644 --- a/docs/advanced.md +++ b/docs/advanced.md @@ -7,18 +7,14 @@ The [`ovpn_genconfig`](/bin/ovpn_genconfig) script is intended for simple config * Refer to the Quick Start document, and substitute `--volumes-from $OVPN_DATA` with `-v /path/on/host/openvpn0:/etc/openvpn` * Quick example that is likely to be out of date, but here's how to get started: -```Shell -mkdir openvpn0 -cd openvpn0 -docker run --rm -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM:1194 -docker run --rm -v $PWD:/etc/openvpn -it kylemanna/openvpn ovpn_initpki -vim openvpn.conf -docker run --rm -v $PWD:/etc/openvpn -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass -docker run --rm -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn -``` + mkdir openvpn0 + cd openvpn0 + docker run --rm -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM:1194 + docker run --rm -v $PWD:/etc/openvpn -it kylemanna/openvpn ovpn_initpki + vim openvpn.conf + docker run --rm -v $PWD:/etc/openvpn -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass + docker run --rm -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn * Start the server with: -```Shell -docker run -v $PWD:/etc/openvpn -d -p 1194:1194/udp --privileged kylemanna/openvpn -``` + docker run -v $PWD:/etc/openvpn -d -p 1194:1194/udp --privileged kylemanna/openvpn diff --git a/docs/backup.md b/docs/backup.md index d05f4ec..e7729c8 100644 --- a/docs/backup.md +++ b/docs/backup.md @@ -11,14 +11,10 @@ I'd recommend encrypting the archive with something strong (e.g. gpg or openssl ## Backup to Archive -```Shell -docker run --volumes-from $OVPN_DATA --rm busybox tar -cvf - -C /etc openvpn | xz > openvpn-backup.tar.xz -``` + docker run --volumes-from $OVPN_DATA --rm busybox tar -cvf - -C /etc openvpn | xz > openvpn-backup.tar.xz ## Restore to New Container Assumes an existing container named `$OVPN_DATA` to extract the data over the top. -```Shell -xzcat openvpn-backup.tar.xz | docker run --name $OVPN_DATA -v /etc/openvpn -i busybox tar -xvf - -C /etc -``` + xzcat openvpn-backup.tar.xz | docker run --name $OVPN_DATA -v /etc/openvpn -i busybox tar -xvf - -C /etc diff --git a/docs/clients.md b/docs/clients.md index 6f2d735..228916e 100644 --- a/docs/clients.md +++ b/docs/clients.md @@ -15,9 +15,7 @@ If you have more than a few clients, you will want to generate and update your c Execute the following to generate the configuration for all clients: -```Shell -docker run --rm -it --volumes-from $OVPN_DATA --volume /tmp/openvpn_clients:/etc/openvpn/clients kylemanna/openvpn ovpn_getclient_all -``` + docker run --rm -it --volumes-from $OVPN_DATA --volume /tmp/openvpn_clients:/etc/openvpn/clients kylemanna/openvpn ovpn_getclient_all After doing so, you will find the following files in each of the `$cn` directories: @@ -32,9 +30,7 @@ After doing so, you will find the following files in each of the `$cn` directori Revoke `client1`'s certificate and generate the certificate revocation list (CRL): -```Shell -docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa revoke client1 -docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa gen-crl -``` + docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa revoke client1 + docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa gen-crl The OpenVPN server will read this change every time a client connects (no need to restart server) and deny clients access using revoked certificates. diff --git a/docs/debug.md b/docs/debug.md index 2c00487..8b55554 100644 --- a/docs/debug.md +++ b/docs/debug.md @@ -7,9 +7,7 @@ Random things I do to debug the containers. * Create a shell in the running docker container (aka namespace) with [nsenter](https://github.com/jpetazzo/nsenter) * If you don't have nsenter/docker-enter, you can mount the data container and modify it with -```Shell -docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn bash -l -``` + docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn bash -l ## Stream OpenVPN Logs diff --git a/docs/docker.md b/docs/docker.md index 8f37392..b7bede5 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -41,15 +41,11 @@ After **re-logging in** verify the group membership using the id command. The ex Run a Debian jessie docker container: -```Shell -docker run --rm -it debian:jessie bash -l -``` + docker run --rm -it debian:jessie bash -l Once inside the container you'll see the `root@:/#` prompt signifying that the current shell is in a Docker container. To confirm that it's different from the host, check the version of Debian running in the container: -```Shell -cat /etc/issue.net -``` + cat /etc/issue.net Expected result: diff --git a/docs/paranoid.md b/docs/paranoid.md index e98db93..64c7181 100644 --- a/docs/paranoid.md +++ b/docs/paranoid.md @@ -4,10 +4,8 @@ As mentioned in the [backup section](/docs/backup.md), there are good reasons to Execute the following commands. Note that you might want to change the volume `$PWD` or use a data docker container for this. -```Shell -docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM -docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_initpki -docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_copy_server_files -``` + docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM + docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_initpki + docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_copy_server_files The [`ovpn_copy_server_files`](/bin/ovpn_copy_server_files) script puts all the needed configuration in a subdirectory which defaults to `$OPENVPN/server`. All you need to do now is to copy this directory to the server and you are good to go. diff --git a/docs/static-ips.md b/docs/static-ips.md index 5b5b5b1..f96dd54 100644 --- a/docs/static-ips.md +++ b/docs/static-ips.md @@ -6,10 +6,8 @@ The docker image is setup for static client configuration on the 192.168.254.0/2 1. Create a client specific configuration: -```Shell -echo "ifconfig-push 192.168.254.1 192.168.254.2" | docker run --volumes-from $OVPN_DATA -i --rm kylemanna/openvpn tee /etc/openvpn/ccd/CERT_COMMON_NAME -ifconfig-push 192.168.254.1 192.168.254.2 -``` + $ echo "ifconfig-push 192.168.254.1 192.168.254.2" | docker run --volumes-from $OVPN_DATA -i --rm kylemanna/openvpn tee /etc/openvpn/ccd/CERT_COMMON_NAME + ifconfig-push 192.168.254.1 192.168.254.2 2. Wait for client to reconnect if necessary @@ -17,14 +15,10 @@ ifconfig-push 192.168.254.1 192.168.254.2 Login to the data volume with a `bash` container, note only changes in /etc/openvpn will persist: -```Shell -docker run --volumes-from $OVPN_DATA -it --rm kylemanna/openvpn bash -l -``` + docker run --volumes-from $OVPN_DATA -it --rm kylemanna/openvpn bash -l ## Upgrading from Old OpenVPN Configurations If you're running an old configuration and need to upgrade it to pull in the ccd directory run the following: -```Shell -docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -``` + docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig