allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity
172 Commits 5 Branches 6 Tags
2d16231c3cf3c0fdc5a544cd01b6b018998cb05a
Commit Graph

172 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kyle Manna
76a230b3be Merge branch 'docs' 2014-07-09 12:24:30 -07:00
Kyle Manna
5fd47763d7 README: Add --rm to init steps 
* Don't need these containers to stick around polluting docker.
 2014-07-09 12:23:48 -07:00
Kyle Manna
37f86037d8 advanced: Add advanced configs 
* Copy paste stuff for using host mounted volumes
 2014-07-09 12:21:50 -07:00
Kyle Manna
e9c5108a8f debug: Add mention of shells 
* Very useful for getting in a running container or fix a data volume.
 2014-07-09 12:21:38 -07:00
Kyle Manna
816eff9af6 docs: openvpn-data -> $OVPN_DATA 
* Easier to work with.
 2014-07-09 12:09:27 -07:00
Kyle Manna
c38b412dc6 Merge branch 'private_subnet' 
Closes #5
 2014-07-09 11:10:54 -07:00
Kyle Manna
b9cc5b347a genconfig: Convert OVPN_ROUTES to array 
* Convert to an array to simplify the code.
* This breaks running `ovpn_genconfig` multiple times with the same
  route argument as the array will just grow.  This needs to be fixed in
  the future.
* Recommended way to work around this is to remove ovpn_env.sh.
 2014-07-09 11:06:02 -07:00
Kyle Manna
20be0f90a5 genconfig: Add push support 
* Add ability to specify push commands with `-p` argument.
 2014-07-09 10:55:02 -07:00
Kyle Manna
0c873ab4cf genconfig: Print success 
* Print success message to console. Provides positive feedback.
 2014-07-09 10:53:41 -07:00
Kyle Manna
f263eb9a61 genconfig: Add client-to-client support 2014-07-09 10:53:25 -07:00
Kyle Manna
d5979915cf README: Use variable for volume container name 
* Use a variable for the volume container name to simplify my life.
* I can set the variable and then copy/paste from the README.
 2014-07-09 00:07:35 -07:00
Kyle Manna
201bab6f3d Dockerfile: Set WORKDIR to /etc/openvpn 
* Set WORKDIR to simply admin when I run cmd `bash`
* Add comment on port
v0.1 		2014-07-06 10:55:17 -07:00
Kyle Manna
e933fbe923 genconfig: Handle "-r 0" to disable extra routes 
* Disable extra routes for minimal VPNs.
 2014-07-06 10:52:39 -07:00
Kyle Manna
f1e85c959e genconfig: Fix typo, use Docker for port mapping 
* Use docker run ... -p 1337:1194/udp kylemanna/openvpn
 2014-07-06 10:51:44 -07:00
Kyle Manna
d412ce9f7e getclient: Fix sourced env variables 
* Update to use the sourced environemental variables.
* Add switch for not using default gateway.
 2014-07-06 00:25:14 -07:00
Kyle Manna
c3321abce5 README: Minor typo 
* Multiple steps now. Tweak.
 2014-07-06 00:24:54 -07:00
Kyle Manna
ca8f41f341 backup: Add restore step 
* Add restore step
* Use lzma compression since we're in the 2010's
 2014-07-06 00:11:27 -07:00
Kyle Manna
31d631443f README: Update to reflect recent changes 
* Change argument parameters.

Closes #4
 2014-07-05 23:35:47 -07:00
Kyle Manna
f221b0f0d0 genconfig: Handle route default env 
* Handle re-inheriting previous routes if not overriden
* Handle leading whitespace
 2014-07-05 22:27:30 -07:00
Kyle Manna
3b13cf9918 run: Handle NAT routes dynamically 
* Handle the NAT routes dynamically
* Stop caring about backwards compatibility for now
 2014-07-05 22:27:15 -07:00
Kyle Manna
6ca11162a5 init: Rename to initpki 
* This function only initialize the EasyRSA PKI tools now.
* Decoupled from the init process.
 2014-07-05 22:27:15 -07:00
Kyle Manna
6fe867c52b genconfig: Add getopts parsing 
* Pass public server URL via -u argument instead of $1
* Add ability to specify multiple alternative routes
* Add ability to specify override default server internal subnet
* Add ability to write configs without a default route out, not
  implemented in other configs yet
 2014-07-05 22:27:04 -07:00
Kyle Manna
852d404c12 env: Re-work environment code 
* Instead of storing just a server_url which was necessary to
  regenerate the OpenVPN configs, instead store an env file.
* Move all the env parsing to `ovpn_genconfig` so that it can be re-run
  from genconfig instead of from `ovpn_init`.
* Remove all the parsing and env defaults except for genconfig.

NOTE: This breaks the older config method, uesrs will need to re-run
genconfig with an arg[1] as the previous server_url, this will create
the necessary env file the rest of the tools expect.

Example recovery for legacy users:

    host$ docker run --rm -it kylemanna/openvpn bash -l
    container# ovpn_genconfig $(cat /etc/openvpn/server_url)
 2014-07-05 22:07:24 -07:00
Kyle Manna
60671e6819 genconfig: Delete backup if configs are identical 
* Avoid accumulating noise.
 2014-07-01 08:30:28 -07:00
Kyle Manna
a3f80e625f docs: Add debug document 
* Start of something useful, maybe.
 2014-07-01 00:09:00 -07:00
Kyle Manna
fbc53ebda0 Merge branch 'tweak_configs' 2014-06-30 23:52:37 -07:00
Kyle Manna
e4feb29b87 README: Correct dynamic subnet 
* Correct dynamic client subnet that recently changed.
 2014-06-30 23:45:36 -07:00
Kyle Manna
9951ca6ca2 README: Use long server_url 
* Attempt to reveal the configurability to the curious.
 2014-06-30 23:43:41 -07:00
Kyle Manna
836b473d20 ovpn: Remove reference to udp/1194 
* Remove references to udp/1194.
* Works better with non-standard ports and tcp.
 2014-06-30 23:27:00 -07:00
Kyle Manna
34eca5b96f ovpn: Convert from servername -> server_url 
* Previously the server name cached the common name generated during
  init and assumed always 1194/udp.
* The new configuration allows for users to pass in a url in a new form
  that allows the protocol to be specified as well as the port.
* Example: udp://vpn.example.com:1194
* Try to be backwards compatible.
 2014-06-30 23:27:00 -07:00
Kyle Manna
507f27a9e0 docs: Add backup documentation 
* Brain dump on ways to backup the docker volume container for peace of
  mind.
 2014-06-30 09:19:36 -07:00
Kyle Manna
aeb1e255cf Merge branch 'static-ips' 
Closes #2
 2014-06-30 00:39:11 -07:00
Kyle Manna
9a7ccd45ae docs: Add static IP documentation 
* Add the documentation while it's fresh.
 2014-06-30 00:35:52 -07:00
Kyle Manna
26a14d2f4b clients: Add support for static subnet 
* Allow static clients to be placed on 192.168.254.0/24 subnet.
 2014-06-30 00:13:55 -07:00
Kyle Manna
5e3c9719c8 run: Always ensure client dir exists 
* OpenVPN will fail to start if this directory doesn't exist.
 2014-06-29 23:26:23 -07:00
Kyle Manna
7b9d82630d genconfig: Backup old config file 
* Backup previous config file before overwriting.
 2014-06-29 23:26:23 -07:00
Kyle Manna
1aaf6a4359 genconfig: Use servername if $1 not specified 
* Set the common name to servername set during last ovpn_init if $1 is
  not passed in.
* Simplies re-running ovpn_genconfig when features are added.
 2014-06-29 23:26:23 -07:00
Kyle Manna
20dc3d6ea0 genconfig: Expand the subnet 
* Use a larger subnet (2x the size) to allow for more hard-coded
  configurations.
 2014-06-29 23:26:23 -07:00
Kyle Manna
353019b0e9 genconfig: Add client-config-dir 
* Add client config directory for client specific configuration options
  such as IP addresses.
 2014-06-29 23:26:23 -07:00
Kyle Manna
024fa95f19 README: Update to describe current implementation 
* Update to describe the current implementation as changed following the
  fork.
 2014-06-05 09:02:49 -07:00
Kyle Manna
126f3a4557 ovpn_init: Protect the CA key by default 
* Protect the CA key with a passphrase by default to protect it from a
  filsystem compromise.  An attacker could still steal the other keys
  stored (ie the server's cert key), but not issue new keys.
* This is a good compromise for now.
 2014-06-04 17:07:07 -07:00
Kyle Manna
e1902bc2cd ovpn_genconfig: Add generate config script 
* Create a generate config script so that the new docker containers can
  regenerate the OpenVPN configuration without clobbering the PKI setup.
 2014-06-04 16:50:53 -07:00
Kyle Manna
d180cce5d0 README: Update with quick blurb on how to use 
* Brain dump of an example until I get time to properly update.
 2014-06-04 15:42:35 -07:00
Kyle Manna
4728990da3 ovpn_getclient: Verify server certificate 
* Verify the server's certificate to avoid MITM attacks
 2014-06-04 15:38:49 -07:00
Kyle Manna
bc4165e587 tls-auth: Enable tls-auth for security 
* Enabling tls-auth improves security and helps protect against DDoS.
 2014-06-04 15:35:18 -07:00
Kyle Manna
1751d00fc9 Dockerfile: Switch to leaner Debian image 
* Debian testing/Jessie is approximately 30% smaller the Ubuntu, use
  that instead.
 2014-06-04 11:42:37 -07:00
Kyle Manna
939cf7ab67 ovpen_init: Remove external IP resolution 
* Disable auto guessing the external IP in favor of the user explicitly
  specifying the server name.  Save the servername for client cert
  generation later.
* Remove dnsutils from build since dig is no longer necessary.  Favor
  learn and mean images.
 2014-06-04 11:15:43 -07:00
Kyle Manna
1869cd85d0 openvpn.sh: Split in to smaller scripts 
* Split soon to be massive wrapper into smaller managable scripts.
* Re-organized Dockerfile to exploit cache when rebuilding
 2014-06-04 11:13:59 -07:00
Kyle Manna
035ff64200 Dockerfile: Add ENV configuration 
* Add ENV configuration options to Dockerfile as opposed to keeping in
  the wrapper script.
* First step to splitting up openvpn.sh in to smaller scripts.
 2014-06-04 10:52:59 -07:00
Kyle Manna
f6474d06f9 Dockerfile: Remove unused ports 
* These ports are unused, remove them to reduce confusion.
 2014-06-04 09:30:04 -07:00