allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity
204 Commits 5 Branches 6 Tags
2650d4a286435e9168a11b7081778f9af4029007
Commit Graph

204 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Tawfik
2650d4a286 COMP-lzo param is set in client config, if defined in server. 2015-11-29 10:15:15 -08:00
Christian Tawfik
2abbcf1999 added config param to enable COMP-LZO compression 2015-11-29 10:14:07 -08:00
Kyle Manna
818e8682d1 Dockerfile: EasyRSA is in community now 
* No longer in testing.
 2015-11-28 09:10:55 -08:00
Kyle Manna
3edc12a6b7 Merge pull request #78 from gdb/gdb/master 
Respect the -D flag
 2015-11-01 10:38:26 -08:00
Greg Brockman
ded4414ef4 Respect the -D flag 
It looks like edfbffb85f caused the
OVPN_DNS variable to start being ignored, meaning the -D flag was a
no-op.
 2015-10-31 19:39:32 -07:00
Kyle Manna
f277449569 Merge pull request #76 from discordianfish/push-custom-dns-servers 
Support pushing custom DNS servers
 2015-10-16 07:44:53 -07:00
Johannes 'fish' Ziemke
edfbffb85f Support pushing custom DNS servers 2015-10-16 15:41:22 +02:00
Kyle Manna
98cf2128c7 Merge pull request #70 from kylemanna/alpine 
Switch to Alpine for Base
 2015-10-04 08:24:18 -07:00
Kyle Manna
c3d526fd67 Merge branch 'master' into alpine 2015-09-29 11:43:08 -07:00
Kyle Manna
1498795de2 ovpn_copy_server_files: Use short flags with rm 
* The busybox tool in the alpine distro doesn't support long flags.
v1.1.0 		2015-09-29 11:42:17 -07:00
Kyle Manna
f00de363c7 ovpn_copy_server_files: Copy files without rsync 
* Hack around the missing rsync by using tar to preserve the directory
  structure.
* Fixes #73
 2015-09-29 11:28:04 -07:00
Kyle Manna
7f58926aa2 tests: Add test for paranoid ovpn_copy_server_files 
* Make sure this works
* Related to #73
 2015-09-29 10:44:53 -07:00
Kyle Manna
ba7860cced Merge branch 'travis-ci' into alpine 2015-09-22 15:03:20 -07:00
Kyle Manna
98340d7602 Merge pull request #71 from kylemanna/travis-ci 
Add Travis CI Testing
 2015-09-22 15:02:50 -07:00
Kyle Manna
9459804a1d README: Add Travis CI build status 
* Keeps people honest
 2015-09-22 14:36:19 -07:00
Kyle Manna
b298eb16bc travis-ci: Extend test to actually do a connection 
* Start the server
* Start the client
* Connect
* Profit
 2015-09-22 14:32:55 -07:00
Kyle Manna
2c3284acd6 travis-ci: Initial build test 
* Build and reports package version.
 2015-09-22 08:59:15 -07:00
Kyle Manna
23f66094ff alpine: Use easy-rsa in testing branch of alpine 
* Simplifes the Dockerfile significantly.
* No need for curl.
 2015-09-10 10:33:05 -07:00
Kyle Manna
3da0efa5bc alpine: Use alpine as base image instead of Debian 
* Debian Jessie -> Alpine 3.2: 150MB -> 15MB
 2015-09-08 10:07:16 -07:00
Kyle Manna
314eb15507 Merge pull request #69 from ypid/docker_no_network_paranoid_doc 
Only setup networking for containers which need it.
 2015-09-08 06:54:42 -07:00
Robin Schneider
ee9f4531ad Only setup networking for containers which need it. 
This should mitigate a hypothetical compromise of the scripts used to
manage the CA and other sensitive material.

The examples should still work and make sense although I have not tried
all of them with this change applied.

Note that I did not append the --net=none to all examples because in
some cases network is probably wanted.

* Changing this for all docs was not accepted by @kylemanna.
  https://github.com/kylemanna/docker-openvpn/pull/65#issuecomment-138559257
 2015-09-08 15:34:58 +02:00
Kyle Manna
41f7fd22ad Merge pull request #66 from ypid/copy_server_not_symlink 
ovpn_copy_server_files: Copy openvpn.conf instead of symlinking locally.
 2015-09-07 20:03:09 -07:00
Kyle Manna
d08df0189b Dockerfile: Chmod everything in /usr/local/bin 
* Keep it simple.
* Nothing should ever be put in bin that isn't excutable.
 2015-09-07 19:21:55 -07:00
Kyle Manna
d96378a391 Dockerfile: Streamline tarball extraction 
* No point in writing it to the disk and then deleting it
* Extract it in place
 2015-09-07 19:21:07 -07:00
Julian Vassev
32029c98c8 Update to easyrsa 3.0 
virtual size 60mb smaller, git replaced by curl
 2015-09-08 01:11:32 +03:00
Robin Schneider
3df53012b6 ovpn_copy_server_files: Copy openvpn.conf instead of symlinking locally. 
Symlinked files can be resolved by rsync when using the configuration on remote
servers but for local testing having the actual file is beneficial.
 2015-08-27 21:19:27 +02:00
Kyle Manna
74c4ca94a7 Merge pull request #62 from ypid/docs-rework 
Updated documentation.
 2015-08-26 08:42:58 -07:00
Kyle Manna
b96a91e876 Merge pull request #63 from ypid/allow_ciper_setting 
Allow to change security related options tls-cipher, cipher and auth.
 2015-08-26 08:42:30 -07:00
Kyle Manna
407506392f Merge pull request #64 from ypid/copy_server_files-ensure-rm 
ovpn_copy_server_files: Ensure that no other keys then the one for the server is present.
 2015-08-26 08:41:24 -07:00
Robin Schneider
bf9f58f8e1 Reverted Github flavored markdown Shell syntax highlighting. 
Sorry again for the inconvenience.
 2015-08-26 13:12:18 +02:00
Robin Schneider
050d4a1f82 ovpn_copy_server_files: Ensure that no other keys then the one for the server is present. 
When creating a multi-server setup I used a partly copied, partly
symlinked directory structure for the different servers after creating a
certificate for each server with `easyrsa build-server-full`. In that
process I also copied the `server` directory.
The rsync command does not delete files which are not excluded so it
included the correct server key and the original one which can be a
security risk.
 2015-08-26 13:00:17 +02:00
Robin Schneider
d6209eebc2 Allow to change security related options tls-cipher, cipher and auth. 2015-08-26 12:56:40 +02:00
Robin Schneider
2d16231c3c Updated documentation. 
* Related to https://github.com/kylemanna/docker-openvpn/pull/54
* Allow better syntax highlighting.
* Added/Fixed hyperlinks.
* Spelling.
 2015-08-25 12:40:02 +02:00
Kyle Manna
15ac3c89b0 Merge pull request #60 from wernerb/master 
Set custom OVPN_NATDEVICE when using --net=host to custom interface.
 2015-08-24 09:04:51 -07:00
Werner Buck
0181bb93d6 Add ability to set OVPN_NATDEVICE to target specific interface when using net=host 2015-08-24 17:19:40 +02:00
Kyle Manna
e557222753 Merge pull request #59 from thomastweets/master 
Add a parameter to use TAP instead of TUN device.
 2015-08-18 16:38:18 -07:00
Thomas Emmerling
3703d3afc3 Add a parameter to use TAP instead of TUN device. 2015-08-19 00:46:07 +02:00
Kyle Manna
d3d11b660a docs: Update docker key resource 
* Update link to docker.com as the previous URL would redirect
* Add `-L` flag to follow future location headers
 2015-08-15 19:21:09 -07:00
Kyle Manna
4868a35bd3 docs: Second pass on IPv6 
Still needs more work, but updated to reflect the templated systemd file.
 2015-08-12 14:08:59 -07:00
Kyle Manna
bce012b92a Merge pull request #57 from ypid/fixed-ipv6-docs 
Quick read of ipv6 docs and small fixes.
 2015-08-12 13:58:57 -07:00
Robin Schneider
7007c49d34 Reverted docker service restart command to use systemctl directly. 2015-08-12 22:04:01 +02:00
Robin Schneider
c679404695 Quick read of ipv6 docs and small fixes. 
* Why on earth does one directly edit the systemd/system/docker.service
  file just to add a start argument?
* Fixed typos.
* I have not fully tested it yet, but I will when I have time.
 2015-08-11 23:18:41 +02:00
Kyle Manna
2508abd5ad run: Fail gracefully when IPv6 fails 
* Fail gracefully but complain in the log when --privileged isn't used
  for docker run.
* IPv6 is in development for the time being.
* Closes #56
 2015-08-09 18:04:05 -07:00
Kyle Manna
149cd3a3a3 systemd: Set upstream image to latest 
* No longer is the image tagged dev following the merge.
 2015-08-07 12:12:37 -07:00
Kyle Manna
1f47f361eb Merge pull request #55 from kylemanna/dev 
Merge Development Branch
 2015-08-07 11:14:59 -07:00
Kyle Manna
d89cbe5ba3 Merge pull request #54 from pushrax/remove-dh-client-config 
Remove dh param from client config
 2015-08-05 06:38:23 -07:00
Justin Li
02c3ee63a1 Remove dh param from client config 2015-08-04 23:07:47 -04:00
Kyle Manna
34d9601e6e ovpn_run: Assume /etc/openvpn is read-only 
* Systemd service currently marks the mount as read-only, and this is
  regarded as good practice for server/daemon only operation.
* Don't create /etc/openvpn/ccd as the mount may be read-only.
* Append the client-config-dir command line argument if it is found to
  avoid mkdir operation.
* Mount can easily be modified using a different docker run line with
  ":ro" on the volume mount.
 2015-07-27 20:26:43 -07:00
Kyle Manna
5a1e642177 init: systemd: Use systemd style config overrides 
* RIP hacky /etc/default/foo style environement sourcing hack
 2015-07-11 08:50:24 -07:00
Kyle Manna
313d1e756c init: Update init file to be a template 
* Useful for systems with several OpenVPN docker containers running.
 2015-07-11 08:31:58 -07:00