在docker上架設 OpenVPN

詳細內容: 作者 Evan; 分類: Ubuntu; 發佈: 28 三月 2021; 點擊數: 4329

這裡只講如何用 Docker 執行 OpenVPN，不講 Docker 的安裝

1. 先把下面的 git repository clone 到 server 上

git clone https://github.com/kylemanna/docker-openvpn.git

2. 切換到 docker-openvpn 資料夾

cd docker-openvpn

3. 使用下面的指令 build Docker image，並使用 myvpn 當做 image 的名字

docker build -t myvpn .

4. 建立一個公用資料夾來存放設定檔

cd /opt
mkdir vpn-data
touch vpn-data/vars

5. 使用下面的指令產生 OpenVPN 設定檔

docker run -v /opt/vpn-data:/etc/openvpn --rm myvpn ovpn_genconfig -u udp://[VPN SERVER IP]:[VPN Port]

畫面會出現下面的訊息:
Processing PUSH Config: 'block-outside-dns'
Processing Route Config: '192.168.254.0/24'
Processing PUSH Config: 'dhcp-option DNS 8.8.8.8'
Processing PUSH Config: 'dhcp-option DNS 8.8.4.4'
Processing PUSH Config: 'comp-lzo no'
Successfully generated config
Cleaning up before Exit ...

6. 切使化 PKI，包含一個 CA 憑證，及 PKI 私鑰

docker run -v /opt/vpn-data:/etc/openvpn --rm -it myvpn ovpn_initpki

畫面會出現下面的訊息:
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki

Using SSL: openssl OpenSSL 1.1.1i 8 Dec 2020

Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:
Generating RSA private key, 2048 bit long modulus (2 primes)
........................+++++
..................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]: <= 可以直接按 Enter 使用預設值

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt

Using SSL: openssl OpenSSL 1.1.1i 8 Dec 2020
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time

....然後等它跑完。

7. 啟動 OpenVPN

docker run -v /opt/vpn-data:/etc/openvpn -d -p 7777:1194/udp --cap-add=NET_ADMIN myvpn

如果要讓 OpenVPN 在重開機時會自動啟動，請用下面的指令

docker run --restart=always -v /opt/vpn-data:/etc/openvpn -d -p 7777:1194/udp --cap-add=NET_ADMIN myvpn

8. 建立使用者，然後匯出 OpenVPN 連線設定檔

docker run -v $PWD/vpn-data:/etc/openvpn --rm -it myownvpn easyrsa build-client-full vpnuser nopass
docker run -v $PWD/vpn-data:/etc/openvpn --rm myownvpn ovpn_getclient vpnuser > vpnuser.ovpn

9. 把 ovpn 檔案匯入 OpenVPN connect，就可以開始使用 VPN 連線了。

在docker上架設 OpenVPN

Main Menu

Login Form

廣告