allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity
279 Commits 5 Branches 6 Tags
96668fedbb5f0fd90faa8992b6e918730973aa63
Commit Graph

279 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robin Schneider
3df53012b6 ovpn_copy_server_files: Copy openvpn.conf instead of symlinking locally. 
Symlinked files can be resolved by rsync when using the configuration on remote
servers but for local testing having the actual file is beneficial.
 2015-08-27 21:19:27 +02:00
Kyle Manna
74c4ca94a7 Merge pull request #62 from ypid/docs-rework 
Updated documentation.
 2015-08-26 08:42:58 -07:00
Kyle Manna
b96a91e876 Merge pull request #63 from ypid/allow_ciper_setting 
Allow to change security related options tls-cipher, cipher and auth.
 2015-08-26 08:42:30 -07:00
Kyle Manna
407506392f Merge pull request #64 from ypid/copy_server_files-ensure-rm 
ovpn_copy_server_files: Ensure that no other keys then the one for the server is present.
 2015-08-26 08:41:24 -07:00
Robin Schneider
bf9f58f8e1 Reverted Github flavored markdown Shell syntax highlighting. 
Sorry again for the inconvenience.
 2015-08-26 13:12:18 +02:00
Robin Schneider
050d4a1f82 ovpn_copy_server_files: Ensure that no other keys then the one for the server is present. 
When creating a multi-server setup I used a partly copied, partly
symlinked directory structure for the different servers after creating a
certificate for each server with `easyrsa build-server-full`. In that
process I also copied the `server` directory.
The rsync command does not delete files which are not excluded so it
included the correct server key and the original one which can be a
security risk.
 2015-08-26 13:00:17 +02:00
Robin Schneider
d6209eebc2 Allow to change security related options tls-cipher, cipher and auth. 2015-08-26 12:56:40 +02:00
Robin Schneider
2d16231c3c Updated documentation. 
* Related to https://github.com/kylemanna/docker-openvpn/pull/54
* Allow better syntax highlighting.
* Added/Fixed hyperlinks.
* Spelling.
 2015-08-25 12:40:02 +02:00
Kyle Manna
15ac3c89b0 Merge pull request #60 from wernerb/master 
Set custom OVPN_NATDEVICE when using --net=host to custom interface.
 2015-08-24 09:04:51 -07:00
Werner Buck
0181bb93d6 Add ability to set OVPN_NATDEVICE to target specific interface when using net=host 2015-08-24 17:19:40 +02:00
Kyle Manna
e557222753 Merge pull request #59 from thomastweets/master 
Add a parameter to use TAP instead of TUN device.
 2015-08-18 16:38:18 -07:00
Thomas Emmerling
3703d3afc3 Add a parameter to use TAP instead of TUN device. 2015-08-19 00:46:07 +02:00
Kyle Manna
d3d11b660a docs: Update docker key resource 
* Update link to docker.com as the previous URL would redirect
* Add `-L` flag to follow future location headers
 2015-08-15 19:21:09 -07:00
Kyle Manna
4868a35bd3 docs: Second pass on IPv6 
Still needs more work, but updated to reflect the templated systemd file.
 2015-08-12 14:08:59 -07:00
Kyle Manna
bce012b92a Merge pull request #57 from ypid/fixed-ipv6-docs 
Quick read of ipv6 docs and small fixes.
 2015-08-12 13:58:57 -07:00
Robin Schneider
7007c49d34 Reverted docker service restart command to use systemctl directly. 2015-08-12 22:04:01 +02:00
Robin Schneider
c679404695 Quick read of ipv6 docs and small fixes. 
* Why on earth does one directly edit the systemd/system/docker.service
  file just to add a start argument?
* Fixed typos.
* I have not fully tested it yet, but I will when I have time.
 2015-08-11 23:18:41 +02:00
Kyle Manna
2508abd5ad run: Fail gracefully when IPv6 fails 
* Fail gracefully but complain in the log when --privileged isn't used
  for docker run.
* IPv6 is in development for the time being.
* Closes #56
 2015-08-09 18:04:05 -07:00
Kyle Manna
149cd3a3a3 systemd: Set upstream image to latest 
* No longer is the image tagged dev following the merge.
 2015-08-07 12:12:37 -07:00
Kyle Manna
1f47f361eb Merge pull request #55 from kylemanna/dev 
Merge Development Branch
 2015-08-07 11:14:59 -07:00
Kyle Manna
d89cbe5ba3 Merge pull request #54 from pushrax/remove-dh-client-config 
Remove dh param from client config
 2015-08-05 06:38:23 -07:00
Justin Li
02c3ee63a1 Remove dh param from client config 2015-08-04 23:07:47 -04:00
Kyle Manna
34d9601e6e ovpn_run: Assume /etc/openvpn is read-only 
* Systemd service currently marks the mount as read-only, and this is
  regarded as good practice for server/daemon only operation.
* Don't create /etc/openvpn/ccd as the mount may be read-only.
* Append the client-config-dir command line argument if it is found to
  avoid mkdir operation.
* Mount can easily be modified using a different docker run line with
  ":ro" on the volume mount.
 2015-07-27 20:26:43 -07:00
Kyle Manna
5a1e642177 init: systemd: Use systemd style config overrides 
* RIP hacky /etc/default/foo style environement sourcing hack
 2015-07-11 08:50:24 -07:00
Kyle Manna
313d1e756c init: Update init file to be a template 
* Useful for systems with several OpenVPN docker containers running.
 2015-07-11 08:31:58 -07:00
Kyle Manna
7a3cc674f0 docs: backup: Correct mindless typos 
* Correct minor grammatical typos
 2015-07-10 11:27:35 -07:00
Kyle Manna
08d8116e31 docs: faq: How do I edit openvpn.conf? 
* It gets asked too many times.
 2015-07-06 08:55:42 -07:00
Kyle Manna
017580fdaa docs: ipv6: Add section enabling Docker IPv6 
* Oops, doesn't work without this.
 2015-07-05 22:11:19 -07:00
Kyle Manna
0edc11b585 docs: docker: Install apt dependencies 
* Otherwise it's annoying without it.
 2015-07-05 21:52:19 -07:00
Kyle Manna
155c4d4b90 docs: docker: Crash course on installation 
* Nothing less nothing more.
 2015-07-05 21:48:10 -07:00
Kyle Manna
56a8e735b6 docs: ipv6: Add initial development guide 
* Work in progress.
 2015-07-05 21:28:44 -07:00
Kyle Manna
9c8d195880 init: Add docker-openvpn systemd service file 
* Works with IPv6 thanks to ExecStartPost.
 2015-07-05 21:08:47 -07:00
Kyle Manna
e6f7904344 run: Add IPv6 forwarding if default route 
* Enable IPv6 forwarding if docker daemon provided a default route
* For now this requires the --privileged flag, but this could be hacked
  around using `ip netns` madness.
 2015-07-05 21:07:06 -07:00
Kyle Manna
6aca273d89 getclient: Use openssl to prune comments 
* The EasyRSA tools create a certificate file with all the metadata
  readable.  This makes the config file larger then it needs to be, so
  prune it.
* Retrieve text files with `openssl x509 -in <crt> -noout -text`
 2015-07-05 21:07:04 -07:00
Kyle Manna
e3655b5115 init: Move upstart file to init directory 
* No functional changes.
 2015-07-05 21:07:00 -07:00
Kyle Manna
1078267db5 Dockerfile: Clarify port mapping 
* Extend comment about port mapping since everyone seems to want to run
  on port 443/tcp.
* Accept that nobody (except the already competent) will read the
  comment and ask anyway.
 2015-06-21 22:55:16 -07:00
Kyle Manna
27bb8c7149 README: Add example service 
* Example service to demo the container.
 2015-06-21 22:35:46 -07:00
Kyle Manna
868da2ddac Merge pull request #49 from ypid/copy-server-create-ccd 
Create ccd directory to prevent error if /etc is mounted read-only.
 2015-05-31 16:00:39 -07:00
Robin Schneider
7399ff7bbd Create ccd directory to prevent error if /etc is mounted read-only. 
* mkdir: cannot create directory '/etc/openvpn/ccd': Read-only file system
 2015-05-31 22:10:54 +02:00
Kyle Manna
e0f7856e6f Merge pull request #48 from ypid/optimized-copy-server-script 
Optimized ovpn_copy_server_files script. No need to copy the config files.
 2015-05-30 16:09:50 -07:00
Kyle Manna
a52a9cdc8d Merge pull request #47 from ypid/added-raw-client-config 
Added variable OVPN_ADDITIONAL_CLIENT_CONFIG use arbitrary openvpn configuration options.
 2015-05-30 16:09:25 -07:00
Kyle Manna
d1ae4dd305 Merge pull request #46 from ypid/fixed-docs 
Using better example in docs.
 2015-05-30 16:08:54 -07:00
Robin Schneider
e361e757da Optimized ovpn_copy_server_files script. No need to copy the config files. 
* rsync can copy the actual files.
* This change makes it easier to modifier the configuration and sync it
  to the server. You only have to execute the ovpn_copy_server_files
  once.
 2015-05-31 00:52:33 +02:00
Robin Schneider
ca78b46723 Added variable OVPN_ADDITIONAL_CLIENT_CONFIG use arbitrary openvpn configuration options. 2015-05-30 23:03:17 +02:00
Robin Schneider
2e2c66b978 Using better example in docs. 2015-05-30 23:00:53 +02:00
Kyle Manna
5e4bad7bc4 license: Migrate from AGPLv3 -> MIT 
* More liberal license
* Closes #43
 2015-05-12 12:52:25 -07:00
Robin Schneider
debf45ae46 Changed license of scripts I wrote to MIT. Related to #43. 2015-05-12 21:24:59 +02:00
Kyle Manna
e53492850f crl: Pass crl-verify if found 
* Empty CRLs don't work.
* Avoids confusing easyrsa during the init step where it thinks an
  existing PKI configuration exists.
* Add to ovpn_run to help users that are upgrading and ran genconfig
  which now depends on the file being present.
* Use a hardlink to tip toe around permissions issues.
 2015-05-12 02:10:43 -07:00
Kyle Manna
978e072d29 docs: Fix typo to CRL steps 
* Copy paste error. Oops.
 2015-05-11 10:48:09 -07:00
Kyle Manna
5021bad597 ovpn: Add support for revoking certificates (CRL) 
* Add this much needed missing feature.  Easy RSA makes it... easy.
 2015-05-11 10:41:25 -07:00