allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity
215 Commits 5 Branches 6 Tags
9b824fb35ab69c92a94cada81ad5e7d76d2f6bbc
Commit Graph

215 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kyle Manna
bce012b92a Merge pull request #57 from ypid/fixed-ipv6-docs 
Quick read of ipv6 docs and small fixes.
 2015-08-12 13:58:57 -07:00
Robin Schneider
7007c49d34 Reverted docker service restart command to use systemctl directly. 2015-08-12 22:04:01 +02:00
Robin Schneider
c679404695 Quick read of ipv6 docs and small fixes. 
* Why on earth does one directly edit the systemd/system/docker.service
  file just to add a start argument?
* Fixed typos.
* I have not fully tested it yet, but I will when I have time.
 2015-08-11 23:18:41 +02:00
Kyle Manna
2508abd5ad run: Fail gracefully when IPv6 fails 
* Fail gracefully but complain in the log when --privileged isn't used
  for docker run.
* IPv6 is in development for the time being.
* Closes #56
 2015-08-09 18:04:05 -07:00
Kyle Manna
149cd3a3a3 systemd: Set upstream image to latest 
* No longer is the image tagged dev following the merge.
 2015-08-07 12:12:37 -07:00
Kyle Manna
1f47f361eb Merge pull request #55 from kylemanna/dev 
Merge Development Branch
 2015-08-07 11:14:59 -07:00
Kyle Manna
d89cbe5ba3 Merge pull request #54 from pushrax/remove-dh-client-config 
Remove dh param from client config
 2015-08-05 06:38:23 -07:00
Justin Li
02c3ee63a1 Remove dh param from client config 2015-08-04 23:07:47 -04:00
Kyle Manna
34d9601e6e ovpn_run: Assume /etc/openvpn is read-only 
* Systemd service currently marks the mount as read-only, and this is
  regarded as good practice for server/daemon only operation.
* Don't create /etc/openvpn/ccd as the mount may be read-only.
* Append the client-config-dir command line argument if it is found to
  avoid mkdir operation.
* Mount can easily be modified using a different docker run line with
  ":ro" on the volume mount.
 2015-07-27 20:26:43 -07:00
Kyle Manna
5a1e642177 init: systemd: Use systemd style config overrides 
* RIP hacky /etc/default/foo style environement sourcing hack
 2015-07-11 08:50:24 -07:00
Kyle Manna
313d1e756c init: Update init file to be a template 
* Useful for systems with several OpenVPN docker containers running.
 2015-07-11 08:31:58 -07:00
Kyle Manna
7a3cc674f0 docs: backup: Correct mindless typos 
* Correct minor grammatical typos
 2015-07-10 11:27:35 -07:00
Kyle Manna
08d8116e31 docs: faq: How do I edit openvpn.conf? 
* It gets asked too many times.
 2015-07-06 08:55:42 -07:00
Kyle Manna
017580fdaa docs: ipv6: Add section enabling Docker IPv6 
* Oops, doesn't work without this.
 2015-07-05 22:11:19 -07:00
Kyle Manna
0edc11b585 docs: docker: Install apt dependencies 
* Otherwise it's annoying without it.
 2015-07-05 21:52:19 -07:00
Kyle Manna
155c4d4b90 docs: docker: Crash course on installation 
* Nothing less nothing more.
 2015-07-05 21:48:10 -07:00
Kyle Manna
56a8e735b6 docs: ipv6: Add initial development guide 
* Work in progress.
 2015-07-05 21:28:44 -07:00
Kyle Manna
9c8d195880 init: Add docker-openvpn systemd service file 
* Works with IPv6 thanks to ExecStartPost.
 2015-07-05 21:08:47 -07:00
Kyle Manna
e6f7904344 run: Add IPv6 forwarding if default route 
* Enable IPv6 forwarding if docker daemon provided a default route
* For now this requires the --privileged flag, but this could be hacked
  around using `ip netns` madness.
 2015-07-05 21:07:06 -07:00
Kyle Manna
6aca273d89 getclient: Use openssl to prune comments 
* The EasyRSA tools create a certificate file with all the metadata
  readable.  This makes the config file larger then it needs to be, so
  prune it.
* Retrieve text files with `openssl x509 -in <crt> -noout -text`
 2015-07-05 21:07:04 -07:00
Kyle Manna
e3655b5115 init: Move upstart file to init directory 
* No functional changes.
 2015-07-05 21:07:00 -07:00
Kyle Manna
1078267db5 Dockerfile: Clarify port mapping 
* Extend comment about port mapping since everyone seems to want to run
  on port 443/tcp.
* Accept that nobody (except the already competent) will read the
  comment and ask anyway.
 2015-06-21 22:55:16 -07:00
Kyle Manna
27bb8c7149 README: Add example service 
* Example service to demo the container.
 2015-06-21 22:35:46 -07:00
Kyle Manna
868da2ddac Merge pull request #49 from ypid/copy-server-create-ccd 
Create ccd directory to prevent error if /etc is mounted read-only.
 2015-05-31 16:00:39 -07:00
Robin Schneider
7399ff7bbd Create ccd directory to prevent error if /etc is mounted read-only. 
* mkdir: cannot create directory '/etc/openvpn/ccd': Read-only file system
 2015-05-31 22:10:54 +02:00
Kyle Manna
e0f7856e6f Merge pull request #48 from ypid/optimized-copy-server-script 
Optimized ovpn_copy_server_files script. No need to copy the config files.
 2015-05-30 16:09:50 -07:00
Kyle Manna
a52a9cdc8d Merge pull request #47 from ypid/added-raw-client-config 
Added variable OVPN_ADDITIONAL_CLIENT_CONFIG use arbitrary openvpn configuration options.
 2015-05-30 16:09:25 -07:00
Kyle Manna
d1ae4dd305 Merge pull request #46 from ypid/fixed-docs 
Using better example in docs.
 2015-05-30 16:08:54 -07:00
Robin Schneider
e361e757da Optimized ovpn_copy_server_files script. No need to copy the config files. 
* rsync can copy the actual files.
* This change makes it easier to modifier the configuration and sync it
  to the server. You only have to execute the ovpn_copy_server_files
  once.
 2015-05-31 00:52:33 +02:00
Robin Schneider
ca78b46723 Added variable OVPN_ADDITIONAL_CLIENT_CONFIG use arbitrary openvpn configuration options. 2015-05-30 23:03:17 +02:00
Robin Schneider
2e2c66b978 Using better example in docs. 2015-05-30 23:00:53 +02:00
Kyle Manna
5e4bad7bc4 license: Migrate from AGPLv3 -> MIT 
* More liberal license
* Closes #43
 2015-05-12 12:52:25 -07:00
Robin Schneider
debf45ae46 Changed license of scripts I wrote to MIT. Related to #43. 2015-05-12 21:24:59 +02:00
Kyle Manna
e53492850f crl: Pass crl-verify if found 
* Empty CRLs don't work.
* Avoids confusing easyrsa during the init step where it thinks an
  existing PKI configuration exists.
* Add to ovpn_run to help users that are upgrading and ran genconfig
  which now depends on the file being present.
* Use a hardlink to tip toe around permissions issues.
 2015-05-12 02:10:43 -07:00
Kyle Manna
978e072d29 docs: Fix typo to CRL steps 
* Copy paste error. Oops.
 2015-05-11 10:48:09 -07:00
Kyle Manna
5021bad597 ovpn: Add support for revoking certificates (CRL) 
* Add this much needed missing feature.  Easy RSA makes it... easy.
 2015-05-11 10:41:25 -07:00
Kyle Manna
bcb55f6255 docs: Tweak case and arguments 
* Makes the reading more uniform with the rest of the documentation.
 2015-05-11 10:32:58 -07:00
Kyle Manna
c3024ce335 genconfig: Remove duplicate-cn mention 
* Remove the commented out duplicate-cn configuration option
* Leads to confusion
* Related #42
 2015-05-09 15:19:24 -07:00
Kyle Manna
2f9947c8e4 run: Pass cmd line arguments to openvpn 
* Pass command line arguments to openvpn if passed in.  Enables users to
  easily override or add settings.
* Resolves #42
 2015-05-09 15:18:53 -07:00
Kyle Manna
35c5d7bf70 license: Add AGPLv3 license 
* Not sure how I missed this for so long.
v1.0 		2015-03-20 22:32:48 -07:00
Kyle Manna
bf34f341fc Merge remote-tracking branch 'ypid/getclient' into dev 2015-03-20 16:54:22 -07:00
Kyle Manna
a42a42885e Merge pull request #37 from ypid/fix-docs-paranoid 
Fix paranoid doc.
 2015-03-20 11:49:26 -07:00
Robin Schneider
47cc0e3ae6 Fixed based on the review by @kylemanna. Thanks. 2015-03-14 13:22:28 +01:00
Robin Schneider
06c005a449 Fixed up Markdown. 2015-03-14 13:00:11 +01:00
Robin Schneider
190ab9ae51 Fixed typos. 2015-03-14 12:59:07 +01:00
Kyle Manna
f208847f54 Merge pull request #34 from ypid/master 
Wrote script to copy only the needed files to the docker host which runs the docker openvpn server.
 2015-03-12 21:03:28 -07:00
Robin Schneider
f431d179aa Fixed spelling. 2015-03-13 02:00:04 +01:00
Robin Schneider
fd4a5dc38e EASYRSA_PKI might not be defined. 2015-03-13 00:43:50 +01:00
Robin Schneider
e6e2221d8b Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-13 00:32:40 +01:00
Robin Schneider
3c64367583 Removed the --dry-run from rsync. Make it actually do something. 2015-03-12 23:49:49 +01:00