当前位置:   article > 正文

使用docker快速搭建openvpn

使用docker快速搭建openvpn

1 概述

本文用来教大家如何快速使用docker搭建openvpn,话不多说直接进入正题。

2 部署

2.1 环境需求

需要有外网IP

2.2 步骤。

docker pull kylemanna/openvpn:2.4
#生成配置文件
#fu服务器公网 公网IP
docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_genconfig -u udp://公网IP
#生成密钥文件
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki

[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki


Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020

Enter New CA Key Passphrase: 12345678
Re-Enter New CA Key Passphrase: 12345678
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................+++++
.....................................................................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:WEIHU

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt


Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....................................................................................................................................+.......................................................................+...................+........................................+......................................................................+......................................................................+..............+........+..............................................................................................................................................................................................+.......................................................+................................................................................................................................................+...........................................+...................................................................+.................................................................................................................................................................................................................................................................................................................................................+..........................................................................................+..........+.......................................................+....................+.......................................................................................................................................................+...........................+.....................................................................................................................................................+.................................................................................+.............+.............................................+..............................................+...................................+.......................................................................+.......................................................................................+..........................+........................................................................+...........................................................................................................+...................................................................................................................................................................................................+................................................................................................................................................................................................................+.....................................................................+................................................................................+......................................+..................................................................................................................+.................................................................+........+.............+................................................................................................................................................................................................................+.....................................................................+......................................................+..............................+.....................................................................+..........................................................................................................................................................................................................................+...........................................+.........................+.................................................................................................................................................+................................................................................................................................+............................................................................................................................................+................................................................................................................................................................................+..........................................................................................+................................................................................+...........................................................+......................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................+.............................................+................................................................................................................................................+.......................+.........................................................+.........................+..............................................................................................+.+.............................+.....................................................................................................................................................+..........+...........................+...+........................................+.....+...................................+...................................................................+.............+...................................+............................................................................................................................................................................................................................................................................................................................................................................................+................................+.................................................................................................................................................................+.............................+................................+..................................................+..............................................................................................................................+......................................................................................++*++*++*++*

DH parameters of size 2048 created at /etc/openvpn/pki/dh.pem


Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
Generating a RSA private key
........................+++++
........................................................+++++
writing new private key to '/etc/openvpn/pki/easy-rsa-72.obdilb/tmp.OkeLiC'
-----
Using configuration from /etc/openvpn/pki/easy-rsa-72.obdilb/tmp.lAFMAn
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'82.157.165.162'
Certificate is to be certified until Sep 17 00:59:32 2024 GMT (825 days)

Write out database with 1 new entries
Data Base Updated

Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
Using configuration from /etc/openvpn/pki/easy-rsa-147.MolDfl/tmp.faLnEK
Enter pass phrase for /etc/openvpn/pki/private/ca.key:12345678

An updated CRL has been created.
CRL file: /etc/openvpn/pki/crl.pem


[root@VM-24-9-centos openvpn]# 


#生成客户端证书(这里的weihu改成你想要的名字)
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass

[root@VM-24-9-centos openvpn]# docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full weihu nopass
Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
Generating a RSA private key
...+++++
....................................................................................+++++
writing new private key to '/etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.AjJCaO'
-----
Using configuration from /etc/openvpn/pki/easy-rsa-1.hDjaFE/tmp.LJIhlM
Enter pass phrase for /etc/openvpn/pki/private/ca.key: 12345678
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'weihu'
Certificate is to be certified until Sep 17 01:01:23 2024 GMT (825 days)

Write out database with 1 new entries
Data Base Updated

[root@VM-24-9-centos openvpn]# 

#导出客户端配置
mkdir -p /opt/apps/openvpn/conf
docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient weihu> /opt/apps/openvpn/conf/weihu.ovpn
#启动OpenV服务
docker run --name openvpn -v /opt/apps/openvpn:/etc/openvpn -d -p 8000:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn:2.4
PS:
停止 openvpn
docker stop openvpn
启动 openvpn
docker start openvpn

#设置防火墙 (这个先不加也可以用)
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE
iptables -t nat -A DOCKER -i docker0 -j RETURN

iptables -t nat -A DOCKER ! -i docker0 -p udp -m udp --dport 1194 -j DNAT --to-destination 172.17.0.2:1194
iptables -t nat -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 1194 -j MASQUERADE
ipconfig-save

#创建用户脚本 user_create.sh
#!/bin/bash
read -p "please your username: " NAME
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full $NAME nopass
docker run -v /opt/apps/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient $NAME > /opt/apps/openvpn/conf/"$NAME".ovpn

#删除用户脚本 user_del.sh
#!/bin/bash
read -p "Delete username: " DNAME
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa revoke $DNAME
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa gen-crl
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/reqs/"$DNAME".req
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/private/"$DNAME".key
docker run -v /opt/apps/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 rm -f /etc/openvpn/pki/issued/"$DNAME".crt

#需要重启openvpn
docker restart openvpn
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131

2.3 参考地址

https://blog.csdn.net/qq_42761569/article/details/106538056

码字不易,请点赞收藏。

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/205609?site
推荐阅读
相关标签
  

闽ICP备14008679号