|
|
@ -531,53 +531,48 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b |
|
|
|
<div class="title">create-vpn.sh</div> |
|
|
|
<div class="content"> |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#!/bin/bash |
|
|
|
IP=192.168.89.5 # Server IP |
|
|
|
IP=127.0.0.1 # Server IP |
|
|
|
P=1194 # Server Port |
|
|
|
OVPN_SERVER='10.80.0.0/16' # VPN Network |
|
|
|
vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist ** |
|
|
|
|
|
|
|
#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist ** |
|
|
|
vpn_data=$PWD/openvpn-services/ |
|
|
|
if [ ! -d $vpn_data ]; then |
|
|
|
mkdir -p $vpn_data |
|
|
|
fi |
|
|
|
|
|
|
|
NAME=swarmlab-vpn-services # name of docker service |
|
|
|
DOCKERnetwork=swarmlab-vpn-services-network # docker network |
|
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image |
|
|
|
|
|
|
|
docker stop $NAME #stop container |
|
|
|
sleep 3 |
|
|
|
sleep 1 |
|
|
|
docker container rm $NAME #rm container |
|
|
|
|
|
|
|
# rm config files |
|
|
|
sudo rm -f $vpn_data/openvpn.conf.*.bak |
|
|
|
sudo rm -f $vpn_data/openvpn.conf |
|
|
|
sudo rm -f $vpn_data/ovpn_env.sh.*.bak |
|
|
|
sudo rm -f $vpn_data/ovpn_env.sh |
|
|
|
rm -f $vpn_data/openvpn.conf.*.bak |
|
|
|
rm -f $vpn_data/openvpn.conf |
|
|
|
rm -f $vpn_data/ovpn_env.sh.*.bak |
|
|
|
rm -f $vpn_data/ovpn_env.sh |
|
|
|
|
|
|
|
# create network |
|
|
|
sleep 2 |
|
|
|
sleep 1 |
|
|
|
docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 --gateway=172.50.0.1 $DOCKERnetwork |
|
|
|
|
|
|
|
read -d '' MULTILINE_EXTRA_SERVER_CONF << EOF |
|
|
|
duplicate-cn |
|
|
|
max-clients 35000 |
|
|
|
topology subnet |
|
|
|
EOF |
|
|
|
|
|
|
|
#run container |
|
|
|
sleep 3 |
|
|
|
docker run --net=none -it -v $vpn_data:/etc/openvpn --rm $docker ovpn_genconfig -u udp://$IP:1194 \ |
|
|
|
#run container see ovpn_genconfig |
|
|
|
docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \ |
|
|
|
-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER |
|
|
|
|
|
|
|
|
|
|
|
# create pki |
|
|
|
sleep 3 |
|
|
|
echo "new pki is disabled" |
|
|
|
# create pki see ovpn_initpki |
|
|
|
docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki |
|
|
|
|
|
|
|
#sleep 3 |
|
|
|
# see ovpn_copy_server_files |
|
|
|
#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files |
|
|
|
|
|
|
|
#create vpn |
|
|
|
sleep 3 |
|
|
|
#create vpn see --cap-add=NET_ADMIN |
|
|
|
sleep 1 |
|
|
|
docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker |
|
|
|
|
|
|
|
sleep 5 |
|
|
|
sudo sysctl -w net.ipv4.ip_forward=1 |
|
|
|
|
|
|
|
#show created |
|
|
@ -590,84 +585,28 @@ docker ps</code></pre> |
|
|
|
<h2 id="_create_user">4. Create user</h2> |
|
|
|
<div class="sectionbody"> |
|
|
|
<div class="listingblock"> |
|
|
|
<div class="title">config</div> |
|
|
|
<div class="title">create-user.sh</div> |
|
|
|
<div class="content"> |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#!/bin/bash |
|
|
|
IP=83.212.114.14 |
|
|
|
P=5194 |
|
|
|
vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ |
|
|
|
NAME=swarmlab-vpn-services |
|
|
|
DOCKERnetwork=swarmlab-vpn-services-network |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">USERNAME=test1 |
|
|
|
vpn_data=$PWD/openvpn-services/ |
|
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn |
|
|
|
PATHNAME=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config |
|
|
|
vpn_data_user_config=$PATHNAME |
|
|
|
|
|
|
|
vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ |
|
|
|
vpn_data_user_config=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config |
|
|
|
NAME=swarmlab-vpn-services |
|
|
|
|
|
|
|
MANAGER=/var/lib/swarmlab/openvpn/etc/managers |
|
|
|
WORKER=/var/lib/swarmlab/openvpn/etc/workers |
|
|
|
MANAGERkeys=/var/lib/swarmlab/openvpn/etc/managers_keys</code></pre> |
|
|
|
docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass |
|
|
|
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.ovpn</code></pre> |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
<div class="listingblock"> |
|
|
|
<div class="title">create-user.sh</div> |
|
|
|
<div class="title">add to $USERNAME.ovpn file</div> |
|
|
|
<div class="content"> |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#!/bin/bash |
|
|
|
|
|
|
|
. ./config |
|
|
|
|
|
|
|
sudo mkdir -p $vpn_data |
|
|
|
sudo mkdir -p $vpn_data_user_config |
|
|
|
sudo mkdir -p $MANAGERkeys |
|
|
|
|
|
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn |
|
|
|
echo $vpnip |
|
|
|
echo $# |
|
|
|
|
|
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn |
|
|
|
echo $vpnip |
|
|
|
echo $# |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">client |
|
|
|
nobind |
|
|
|
dev tun |
|
|
|
comp-lzo |
|
|
|
resolv-retry infinite |
|
|
|
keepalive 15 60 |
|
|
|
|
|
|
|
if [ $# -eq 1 ]; then |
|
|
|
CLIENTNAME=$1 |
|
|
|
U=$CLIENTNAME |
|
|
|
mkdir users |
|
|
|
docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $CLIENTNAME nopass |
|
|
|
sleep 3 |
|
|
|
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $CLIENTNAME > users/$CLIENTNAME.ovpn |
|
|
|
|
|
|
|
file="users/$CLIENTNAME.ovpn" |
|
|
|
|
|
|
|
ps='remote ' |
|
|
|
pi="remote $IP $P udp" |
|
|
|
grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "5a $pi" $file |
|
|
|
|
|
|
|
ps='comp-lzo' |
|
|
|
pi='comp-lzo no' |
|
|
|
grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "6a $pi" $file |
|
|
|
|
|
|
|
ps='resolv-retry' |
|
|
|
pi='resolv-retry infinite' |
|
|
|
grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "7a $pi" $file |
|
|
|
ps='persist-key' |
|
|
|
pi='persist-key' |
|
|
|
grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "8a $pi" $file |
|
|
|
|
|
|
|
ps='persist-tun' |
|
|
|
pi='persist-tun' |
|
|
|
grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "9a $pi" $file |
|
|
|
|
|
|
|
ps='keepalive' |
|
|
|
pi='keepalive 15 60' |
|
|
|
grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "10a $pi" $file |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
else |
|
|
|
echo "no clientname" |
|
|
|
fi</code></pre> |
|
|
|
remote-cert-tls server |
|
|
|
remote 192.168.1.5 1194 udp</code></pre> |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
</div> |
|
|
@ -679,30 +618,27 @@ fi</code></pre> |
|
|
|
<div class="title">rm-user.sh</div> |
|
|
|
<div class="content"> |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#!/bin/bash |
|
|
|
. ./config |
|
|
|
|
|
|
|
CLIENTNAME=$1 |
|
|
|
CLIENTNAME=test1 |
|
|
|
U=$CLIENTNAME |
|
|
|
|
|
|
|
if [ $# -eq 1 ]; then |
|
|
|
sudo rm -f $vpn_data/pki/reqs/$CLIENTNAME.req |
|
|
|
sudo rm -f $vpn_data/pki/private/$CLIENTNAME.key |
|
|
|
sudo rm -f $vpn_data/pki/issued/$CLIENTNAME.crt |
|
|
|
sudo rm -f $vpn_data/server/ccd/$CLIENTNAME |
|
|
|
sudo rm -f $vpn_data/ccd/$CLIENTNAME |
|
|
|
vpn_data=$PWD/openvpn-services/ |
|
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn |
|
|
|
|
|
|
|
rm -f $vpn_data/pki/reqs/$CLIENTNAME.req |
|
|
|
rm -f $vpn_data/pki/private/$CLIENTNAME.key |
|
|
|
rm -f $vpn_data/pki/issued/$CLIENTNAME.crt |
|
|
|
rm -f $vpn_data/server/ccd/$CLIENTNAME |
|
|
|
rm -f $vpn_data/ccd/$CLIENTNAME |
|
|
|
pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4) |
|
|
|
#/var/lab/gswarm/vpn-data/pki/certs_by_serial/BACA61827E65D0E5F695245519410952.pem |
|
|
|
sudo rm -f $vpn_data/pki/certs_by_serial/$pem.pem |
|
|
|
sudo sed -i "/CN=$U$/d" $vpn_data/pki/index.txt |
|
|
|
|
|
|
|
rm -f $vpn_data/pki/certs_by_serial/$pem.pem |
|
|
|
sed -i "/CN=$U$/d" $vpn_data/pki/index.txt |
|
|
|
echo $pem |
|
|
|
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove |
|
|
|
|
|
|
|
|
|
|
|
sudo rm -f $vpn_data_user_config/$CLIENTNAME.ovpn |
|
|
|
sudo rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn |
|
|
|
else |
|
|
|
echo "no client" |
|
|
|
fi</code></pre> |
|
|
|
rm -f $vpn_data_user_config/$CLIENTNAME.ovpn |
|
|
|
rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn</code></pre> |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
</div> |
|
|
@ -713,8 +649,7 @@ fi</code></pre> |
|
|
|
<div class="listingblock"> |
|
|
|
<div class="title">show-user.sh</div> |
|
|
|
<div class="content"> |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">. ./config |
|
|
|
|
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">NAME=swarmlab-vpn-services # name of docker service |
|
|
|
docker exec -it $NAME ovpn_listclients</code></pre> |
|
|
|
</div> |
|
|
|
</div> |
|
|
@ -726,8 +661,7 @@ docker exec -it $NAME ovpn_listclients</code></pre> |
|
|
|
<div class="listingblock"> |
|
|
|
<div class="title">show-conn-user.sh</div> |
|
|
|
<div class="content"> |
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">. ./config |
|
|
|
|
|
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">NAME=swarmlab-vpn-services # name of docker service |
|
|
|
docker exec -it $NAME cat /tmp/openvpn-status.log</code></pre> |
|
|
|
</div> |
|
|
|
</div> |
|
|
@ -765,7 +699,7 @@ the path is made by walking.</p> |
|
|
|
</div> |
|
|
|
<div id="footer"> |
|
|
|
<div id="footer-text"> |
|
|
|
Last updated 2020-10-21 10:03:40 UTC |
|
|
|
Last updated 2020-12-08 20:34:28 UTC |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
</body> |
|
|
|