這裡只講如何用 Docker 執行 OpenVPN,不講 Docker 的安裝
1. 先把下面的 git repository clone 到 server 上
2. 切換到 docker-openvpn 資料夾
cd docker-openvpn
3. 使用下面的指令 build Docker image,並使用 myvpn 當做 image 的名字
docker build -t myvpn .
4. 建立一個公用資料夾來存放設定檔
cd /opt
mkdir vpn-data
touch vpn-data/vars
5. 使用下面的指令產生 OpenVPN 設定檔
docker run -v /opt/vpn-data:/etc/openvpn --rm myvpn ovpn_genconfig -u udp://[VPN SERVER IP]:[VPN Port]
畫面會出現下面的訊息:
Processing PUSH Config: 'block-outside-dns'
Processing Route Config: '192.168.254.0/24'
Processing PUSH Config: 'dhcp-option DNS 8.8.8.8'
Processing PUSH Config: 'dhcp-option DNS 8.8.4.4'
Processing PUSH Config: 'comp-lzo no'
Successfully generated config
Cleaning up before Exit ...
6. 切使化 PKI,包含一個 CA 憑證,及 PKI 私鑰
docker run -v /opt/vpn-data:/etc/openvpn --rm -it myvpn ovpn_initpki
畫面會出現下面的訊息:
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki
Using SSL: openssl OpenSSL 1.1.1i 8 Dec 2020
Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:
Generating RSA private key, 2048 bit long modulus (2 primes)
........................+++++
..................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]: <= 可以直接按 Enter 使用預設值
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt
Using SSL: openssl OpenSSL 1.1.1i 8 Dec 2020
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
....然後等它跑完。
7. 啟動 OpenVPN
docker run -v /opt/vpn-data:/etc/openvpn -d -p 7777:1194/udp --cap-add=NET_ADMIN myvpn
如果要讓 OpenVPN 在重開機時會自動啟動,請用下面的指令
docker run --restart=always -v /opt/vpn-data:/etc/openvpn -d -p 7777:1194/udp --cap-add=NET_ADMIN myvpn
8. 建立使用者,然後匯出 OpenVPN 連線設定檔
docker run -v $PWD/vpn-data:/etc/openvpn --rm -it myownvpn easyrsa build-client-full vpnuser nopass
docker run -v $PWD/vpn-data:/etc/openvpn --rm myownvpn ovpn_getclient vpnuser > vpnuser.ovpn
9. 把 ovpn 檔案匯入 OpenVPN connect,就可以開始使用 VPN 連線了。