|
@ -57,17 +57,17 @@ https://en.wikipedia.org/wiki/OpenVPN[More: wikipedia] |
|
|
[source,bash] |
|
|
[source,bash] |
|
|
---- |
|
|
---- |
|
|
#!/bin/bash |
|
|
#!/bin/bash |
|
|
IP=127.0.0.1 # Server IP |
|
|
IP=127.0.0.1 # Server IP // <1> |
|
|
P=1194 # Server Port |
|
|
P=1194 # Server Port // <2> |
|
|
OVPN_SERVER='10.80.0.0/16' # VPN Network |
|
|
OVPN_SERVER='10.80.0.0/16' # VPN Network // <3> |
|
|
|
|
|
|
|
|
#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist ** |
|
|
#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist ** |
|
|
vpn_data=$PWD/openvpn-services/ |
|
|
vpn_data=$PWD/openvpn-services/ // <4> |
|
|
if [ ! -d $vpn_data ]; then |
|
|
if [ ! -d $vpn_data ]; then |
|
|
mkdir -p $vpn_data |
|
|
mkdir -p $vpn_data |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
NAME=swarmlab-vpn-services # name of docker service |
|
|
NAME=swarmlab-vpn-services # name of docker service // <5> |
|
|
DOCKERnetwork=swarmlab-vpn-services-network # docker network |
|
|
DOCKERnetwork=swarmlab-vpn-services-network # docker network |
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image |
|
|
docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image |
|
|
|
|
|
|
|
@ -87,23 +87,31 @@ docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 - |
|
|
|
|
|
|
|
|
#run container see ovpn_genconfig |
|
|
#run container see ovpn_genconfig |
|
|
docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \ |
|
|
docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \ |
|
|
-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER |
|
|
-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER // <6> |
|
|
|
|
|
|
|
|
# create pki see ovpn_initpki |
|
|
# create pki see ovpn_initpki |
|
|
docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki |
|
|
docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki // <7> |
|
|
|
|
|
|
|
|
# see ovpn_copy_server_files |
|
|
# see ovpn_copy_server_files |
|
|
#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files |
|
|
#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files |
|
|
|
|
|
|
|
|
#create vpn see --cap-add=NET_ADMIN |
|
|
#create vpn see --cap-add=NET_ADMIN |
|
|
sleep 1 |
|
|
sleep 1 |
|
|
docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker |
|
|
docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker // <8> |
|
|
|
|
|
|
|
|
sudo sysctl -w net.ipv4.ip_forward=1 |
|
|
sudo sysctl -w net.ipv4.ip_forward=1 |
|
|
|
|
|
|
|
|
#show created |
|
|
#show created |
|
|
docker ps |
|
|
docker ps |
|
|
---- |
|
|
---- |
|
|
|
|
|
<1> *localhost* inside of a container will resolve to the network stack of this container |
|
|
|
|
|
<2> Port |
|
|
|
|
|
<3> Specify Addresses and Netmasks for VPN Clients |
|
|
|
|
|
<4> Directory to mount data |
|
|
|
|
|
<5> Name of docker services |
|
|
|
|
|
<6> Create config |
|
|
|
|
|
<7> keys |
|
|
|
|
|
<8> Run docker vpn service |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
== Create user |
|
|
== Create user |
|
|