热门标签
热门文章
- 1李沐动手学深度学习V2-双向循环神经网络Bidirectional RNN和代码实现_bidirectional 加载 实现
- 2Python+scrcpy+pyminitouch实现自动化(一)——scrcpy的安装_scrcpy python
- 3突发!Stable Diffusion 3,可通过API使用啦_stable diffusion 3 turbo
- 4Git学习笔记(流程图+示例)_git常用流程图
- 5关于input[type=number]的输入框禁止输入.、e、+、-的解决方案_input框不允许输入.号
- 62024最新华为OD机试试题库全 -【高效货运】- C卷_华为od题库
- 7自动驾驶(七十二)---------LQR控制算法
- 8安装多个版本的Node以及版本切换_多个node如何切换
- 9深度学习5之目标检测、人脸识别(简洁)_人脸检测和目标识别的关系
- 10信息系统项目管理师(第1章)_信息系统项目管理师 csdn
当前位置: article > 正文
使用docker快速搭建openvpn_docker openpn
作者:我家自动化 | 2024-05-14 04:21:09
赞
踩
docker openpn
1 概述
本文用来教大家如何快速使用docker搭建openvpn,话不多说直接进入正题。
2 部署
2.1 环境需求
需要有外网IP。
2.2 步骤。
docker pull kylemanna/openvpn:2.4 #生成配置文件 #fu服务器公网 公网IP docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_genconfig -u udp://公网IP #生成密钥文件 docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki [root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /etc/openvpn/pki Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Enter New CA Key Passphrase: 12345678 Re-Enter New CA Key Passphrase: 12345678 Generating RSA private key, 2048 bit long modulus (2 primes) ..........................+++++ .....................................................................................+++++ e is 65537 (0x010001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [Easy-RSA CA]:WEIHU CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: /etc/openvpn/pki/ca.crt Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .....................................................................................................................................+.......................................................................+...................+........................................+......................................................................+......................................................................+..............+........+..............................................................................................................................................................................................+.......................................................+................................................................................................................................................+...........................................+...................................................................+.................................................................................................................................................................................................................................................................................................................................................+..........................................................................................+..........+.......................................................+....................+.......................................................................................................................................................+...........................+.....................................................................................................................................................+.................................................................................+.............+.............................................+..............................................+...................................+.......................................................................+.......................................................................................+..........................+........................................................................+...........................................................................................................+...................................................................................................................................................................................................+................................................................................................................................................................................................................+.....................................................................+................................................................................+......................................+..................................................................................................................+.................................................................+........+.............+................................................................................................................................................................................................................+.....................................................................+......................................................+..............................+.....................................................................+..........................................................................................................................................................................................................................+...........................................+.........................+.................................................................................................................................................+................................................................................................................................+............................................................................................................................................+................................................................................................................................................................................+..........................................................................................+................................................................................+...........................................................+......................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................+.............................................+................................................................................................................................................+.......................+.........................................................+.........................+..............................................................................................+.+.............................+.....................................................................................................................................................+..........+...........................+...+........................................+.....+...................................+...................................................................+.............+...................................+............................................................................................................................................................................................................................................................................................................................................................................................+................................+.................................................................................................................................................................+.............................+................................+..................................................+..............................................................................................................................+......................................................................................++*++*++*++* DH parameters of size 2048 created at /etc/openvpn/pki/dh.pem Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Generating a RSA private key ........................+++++ ........................................................+++++ writing new private key to '/etc/openvpn/pki/easy-rsa-72.obdilb/tmp.OkeLiC' ----- Using configuration from /etc/openvpn/pki/easy-rsa-72.obdilb/tmp.lAFMAn Enter pass phrase for /etc/openvpn/pki/private/ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'82.157.165.162' Certificate is to be certified until Sep 17 00:59:32 2024 GMT (825 days) Write out database with 1 new entries Data Base Updated Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Using configuration from /etc/openvpn/pki/easy-rsa-147.MolDfl/tmp.faLnEK Enter pass phrase for /etc/openvpn/pki/private/ca.key:12345678 An updated CRL has been created. CRL file: /etc/openvpn/pki/crl.pem [root@VM-24-9-centos openvpn]# #生成客户端证书(这里的weihu改成你想要的名字) docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass [root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Generating a RSA private key ...+++++ ....................................................................................+++++ writing new private key to '/etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.AjJCaO' ----- Using configuration from /etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.LJIhlM Enter pass phrase for /etc/openvpn/pki/private/ca.key: 12345678 Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'weihu' Certificate is to be certified until Sep 17 01:01:23 2024 GMT (825 days) Write out database with 1 new entries Data Base Updated [root@VM-24-9-centos openvpn]# #导出客户端配置 mkdir -p /opt/apps/openvpn/conf docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient weihu> /opt/apps/openvpn/conf/weihu.ovpn #启动OpenV服务 docker run --name openvpn -v /opt/apps/openvpn:/etc/openvpn -d -p 8000:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn:2.4 PS: 停止 openvpn docker stop openvpn 启动 openvpn docker start openvpn #设置防火墙 (这个先不加也可以用) iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE iptables -t nat -A DOCKER -i docker0 -j RETURN iptables -t nat -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194 iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE ipconfig-save #创建用户脚本 user_create.sh #!/bin/bash read -p "please your username: " NAME docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full $NAME nopass docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient $NAME > /opt/apps/openvpn/conf/"$NAME".ovpn #删除用户脚本 user_del.sh #!/bin/bash read -p "Delete username: " DNAME docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa revoke $DNAME docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa gen-crl docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/reqs/"$DNAME".req docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/private/"$DNAME".key docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/issued/"$DNAME".crt #需要重启openvpn docker restart openvpn
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
2.3 参考地址
https://blog.csdn.net/qq_42761569/article/details/106538056
码字不易,请点赞收藏。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/我家自动化/article/detail/567260
推荐阅读
相关标签
