Adrian Olek
8c7d020074
Use --cap-add=NET_ADMIN instead of --privileged
...
Ovpn doesn't need all the capabilities.
https://docs.docker.com/reference/run/#runtime-privilege-linux-capabilities-and-lxc-configuration says:
For interacting with the network stack, instead of using --privileged they should use --cap-add=NET_ADMIN to modify the network interfaces.
2014-10-06 20:09:23 +02:00
Kyle Manna
a69ca8d65e
Merge pull request #8 from disassembler/master
...
fixing regexp to allow dashes in OVPN_SERVER_URL
2014-08-17 12:53:31 -07:00
Samuel Leathers
f1616f7196
fixing regexp to allow dashes in OVPN_SERVER_URL
2014-08-16 22:32:16 -04:00
Kyle Manna
d36bb7ecba
getclient: Do not autogenerate key
...
* Do not autogenerate a key if it does not exist. Instead fail.
* Requires users to explicitly generate keys and prevents generating
erroneous keys in the event of a typo.
2014-07-10 09:55:06 -07:00
Kyle Manna
76a230b3be
Merge branch 'docs'
2014-07-09 12:24:30 -07:00
Kyle Manna
5fd47763d7
README: Add --rm to init steps
...
* Don't need these containers to stick around polluting docker.
2014-07-09 12:23:48 -07:00
Kyle Manna
37f86037d8
advanced: Add advanced configs
...
* Copy paste stuff for using host mounted volumes
2014-07-09 12:21:50 -07:00
Kyle Manna
e9c5108a8f
debug: Add mention of shells
...
* Very useful for getting in a running container or fix a data volume.
2014-07-09 12:21:38 -07:00
Kyle Manna
816eff9af6
docs: openvpn-data -> $OVPN_DATA
...
* Easier to work with.
2014-07-09 12:09:27 -07:00
Kyle Manna
c38b412dc6
Merge branch 'private_subnet'
...
Closes #5
2014-07-09 11:10:54 -07:00
Kyle Manna
b9cc5b347a
genconfig: Convert OVPN_ROUTES to array
...
* Convert to an array to simplify the code.
* This breaks running `ovpn_genconfig` multiple times with the same
route argument as the array will just grow. This needs to be fixed in
the future.
* Recommended way to work around this is to remove ovpn_env.sh.
2014-07-09 11:06:02 -07:00
Kyle Manna
20be0f90a5
genconfig: Add push support
...
* Add ability to specify push commands with `-p` argument.
2014-07-09 10:55:02 -07:00
Kyle Manna
0c873ab4cf
genconfig: Print success
...
* Print success message to console. Provides positive feedback.
2014-07-09 10:53:41 -07:00
Kyle Manna
f263eb9a61
genconfig: Add client-to-client support
2014-07-09 10:53:25 -07:00
Kyle Manna
d5979915cf
README: Use variable for volume container name
...
* Use a variable for the volume container name to simplify my life.
* I can set the variable and then copy/paste from the README.
2014-07-09 00:07:35 -07:00
Kyle Manna
201bab6f3d
Dockerfile: Set WORKDIR to /etc/openvpn
...
* Set WORKDIR to simply admin when I run cmd `bash`
* Add comment on port
2014-07-06 10:55:17 -07:00
Kyle Manna
e933fbe923
genconfig: Handle "-r 0" to disable extra routes
...
* Disable extra routes for minimal VPNs.
2014-07-06 10:52:39 -07:00
Kyle Manna
f1e85c959e
genconfig: Fix typo, use Docker for port mapping
...
* Use docker run ... -p 1337:1194/udp kylemanna/openvpn
2014-07-06 10:51:44 -07:00
Kyle Manna
d412ce9f7e
getclient: Fix sourced env variables
...
* Update to use the sourced environemental variables.
* Add switch for not using default gateway.
2014-07-06 00:25:14 -07:00
Kyle Manna
c3321abce5
README: Minor typo
...
* Multiple steps now. Tweak.
2014-07-06 00:24:54 -07:00
Kyle Manna
ca8f41f341
backup: Add restore step
...
* Add restore step
* Use lzma compression since we're in the 2010's
2014-07-06 00:11:27 -07:00
Kyle Manna
31d631443f
README: Update to reflect recent changes
...
* Change argument parameters.
Closes #4
2014-07-05 23:35:47 -07:00
Kyle Manna
f221b0f0d0
genconfig: Handle route default env
...
* Handle re-inheriting previous routes if not overriden
* Handle leading whitespace
2014-07-05 22:27:30 -07:00
Kyle Manna
3b13cf9918
run: Handle NAT routes dynamically
...
* Handle the NAT routes dynamically
* Stop caring about backwards compatibility for now
2014-07-05 22:27:15 -07:00
Kyle Manna
6ca11162a5
init: Rename to initpki
...
* This function only initialize the EasyRSA PKI tools now.
* Decoupled from the init process.
2014-07-05 22:27:15 -07:00
Kyle Manna
6fe867c52b
genconfig: Add getopts parsing
...
* Pass public server URL via -u argument instead of $1
* Add ability to specify multiple alternative routes
* Add ability to specify override default server internal subnet
* Add ability to write configs without a default route out, not
implemented in other configs yet
2014-07-05 22:27:04 -07:00
Kyle Manna
852d404c12
env: Re-work environment code
...
* Instead of storing just a server_url which was necessary to
regenerate the OpenVPN configs, instead store an env file.
* Move all the env parsing to `ovpn_genconfig` so that it can be re-run
from genconfig instead of from `ovpn_init`.
* Remove all the parsing and env defaults except for genconfig.
NOTE: This breaks the older config method, uesrs will need to re-run
genconfig with an arg[1] as the previous server_url, this will create
the necessary env file the rest of the tools expect.
Example recovery for legacy users:
host$ docker run --rm -it kylemanna/openvpn bash -l
container# ovpn_genconfig $(cat /etc/openvpn/server_url)
2014-07-05 22:07:24 -07:00
Kyle Manna
60671e6819
genconfig: Delete backup if configs are identical
...
* Avoid accumulating noise.
2014-07-01 08:30:28 -07:00
Kyle Manna
a3f80e625f
docs: Add debug document
...
* Start of something useful, maybe.
2014-07-01 00:09:00 -07:00
Kyle Manna
fbc53ebda0
Merge branch 'tweak_configs'
2014-06-30 23:52:37 -07:00
Kyle Manna
e4feb29b87
README: Correct dynamic subnet
...
* Correct dynamic client subnet that recently changed.
2014-06-30 23:45:36 -07:00
Kyle Manna
9951ca6ca2
README: Use long server_url
...
* Attempt to reveal the configurability to the curious.
2014-06-30 23:43:41 -07:00
Kyle Manna
836b473d20
ovpn: Remove reference to udp/1194
...
* Remove references to udp/1194.
* Works better with non-standard ports and tcp.
2014-06-30 23:27:00 -07:00
Kyle Manna
34eca5b96f
ovpn: Convert from servername -> server_url
...
* Previously the server name cached the common name generated during
init and assumed always 1194/udp.
* The new configuration allows for users to pass in a url in a new form
that allows the protocol to be specified as well as the port.
* Example: udp://vpn.example.com:1194
* Try to be backwards compatible.
2014-06-30 23:27:00 -07:00
Kyle Manna
507f27a9e0
docs: Add backup documentation
...
* Brain dump on ways to backup the docker volume container for peace of
mind.
2014-06-30 09:19:36 -07:00
Kyle Manna
aeb1e255cf
Merge branch 'static-ips'
...
Closes #2
2014-06-30 00:39:11 -07:00
Kyle Manna
9a7ccd45ae
docs: Add static IP documentation
...
* Add the documentation while it's fresh.
2014-06-30 00:35:52 -07:00
Kyle Manna
26a14d2f4b
clients: Add support for static subnet
...
* Allow static clients to be placed on 192.168.254.0/24 subnet.
2014-06-30 00:13:55 -07:00
Kyle Manna
5e3c9719c8
run: Always ensure client dir exists
...
* OpenVPN will fail to start if this directory doesn't exist.
2014-06-29 23:26:23 -07:00
Kyle Manna
7b9d82630d
genconfig: Backup old config file
...
* Backup previous config file before overwriting.
2014-06-29 23:26:23 -07:00
Kyle Manna
1aaf6a4359
genconfig: Use servername if $1 not specified
...
* Set the common name to servername set during last ovpn_init if $1 is
not passed in.
* Simplies re-running ovpn_genconfig when features are added.
2014-06-29 23:26:23 -07:00
Kyle Manna
20dc3d6ea0
genconfig: Expand the subnet
...
* Use a larger subnet (2x the size) to allow for more hard-coded
configurations.
2014-06-29 23:26:23 -07:00
Kyle Manna
353019b0e9
genconfig: Add client-config-dir
...
* Add client config directory for client specific configuration options
such as IP addresses.
2014-06-29 23:26:23 -07:00
Kyle Manna
024fa95f19
README: Update to describe current implementation
...
* Update to describe the current implementation as changed following the
fork.
2014-06-05 09:02:49 -07:00
Kyle Manna
126f3a4557
ovpn_init: Protect the CA key by default
...
* Protect the CA key with a passphrase by default to protect it from a
filsystem compromise. An attacker could still steal the other keys
stored (ie the server's cert key), but not issue new keys.
* This is a good compromise for now.
2014-06-04 17:07:07 -07:00
Kyle Manna
e1902bc2cd
ovpn_genconfig: Add generate config script
...
* Create a generate config script so that the new docker containers can
regenerate the OpenVPN configuration without clobbering the PKI setup.
2014-06-04 16:50:53 -07:00
Kyle Manna
d180cce5d0
README: Update with quick blurb on how to use
...
* Brain dump of an example until I get time to properly update.
2014-06-04 15:42:35 -07:00
Kyle Manna
4728990da3
ovpn_getclient: Verify server certificate
...
* Verify the server's certificate to avoid MITM attacks
2014-06-04 15:38:49 -07:00
Kyle Manna
bc4165e587
tls-auth: Enable tls-auth for security
...
* Enabling tls-auth improves security and helps protect against DDoS.
2014-06-04 15:35:18 -07:00
Kyle Manna
1751d00fc9
Dockerfile: Switch to leaner Debian image
...
* Debian testing/Jessie is approximately 30% smaller the Ubuntu, use
that instead.
2014-06-04 11:42:37 -07:00