-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
962 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # Original credit: https://github.com/jpetazzo/dockvpn | ||
| # Original credit: https://github.com/kylemanna/docker-openvpn | ||
|
|
||
| # Smallest base image | ||
| FROM alpine:latest | ||
|
|
||
| LABEL maintainer="Carlos Giraldo <cgiraldo@gradiant.org>" | ||
|
|
||
| # Testing: pamtester | ||
| RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \ | ||
| apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester libqrencode && \ | ||
| ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \ | ||
| rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/* | ||
|
|
||
| # Needed by scripts | ||
| ENV OPENVPN=/etc/openvpn | ||
| ENV EASYRSA=/usr/share/easy-rsa \ | ||
| EASYRSA_CRL_DAYS=3650 \ | ||
| EASYRSA_PKI=$OPENVPN/pki | ||
|
|
||
| VOLUME ["/etc/openvpn"] | ||
|
|
||
| # Internally uses port 1194/udp, remap using `docker run -p 443:1194/tcp` | ||
| EXPOSE 1194/udp | ||
|
|
||
| CMD ["ovpn_run"] | ||
|
|
||
| ADD ./bin /usr/local/bin | ||
| RUN chmod a+x /usr/local/bin/* | ||
|
|
||
| # Add support for OTP authentication using a PAM module | ||
| ADD ./otp/openvpn /etc/pam.d/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| #!/bin/bash | ||
| ## @licence MIT <http://opensource.org/licenses/MIT> | ||
| ## @author Copyright (C) 2015 Robin Schneider <ypid@riseup.net> | ||
|
|
||
| set -e | ||
|
|
||
| if [ -z "$OPENVPN" ]; then | ||
| export OPENVPN="$PWD" | ||
| fi | ||
| if ! source "$OPENVPN/ovpn_env.sh"; then | ||
| echo "Could not source $OPENVPN/ovpn_env.sh." | ||
| exit 1 | ||
| fi | ||
|
|
||
| TARGET="$OPENVPN/server" | ||
| if [ -n "$1" ]; then | ||
| TARGET="$1" | ||
| fi | ||
| mkdir -p "${TARGET}" | ||
|
|
||
| ## Ensure that no other keys then the one for the server is present. | ||
| rm -rf "$TARGET/pki/private" "$TARGET/pki/issued" | ||
|
|
||
| FILES=( | ||
| "openvpn.conf" | ||
| "ovpn_env.sh" | ||
| "pki/private/${OVPN_CN}.key" | ||
| "pki/issued/${OVPN_CN}.crt" | ||
| "pki/dh.pem" | ||
| "pki/ta.key" | ||
| "pki/ca.crt" | ||
| "ccd" | ||
| ) | ||
|
|
||
| if [ -f "${OPENVPN}/pki/crl.pem" ]; then | ||
| FILES+=("pki/crl.pem") | ||
| fi | ||
|
|
||
| # Ensure the ccd directory exists, even if empty | ||
| mkdir -p "ccd" | ||
|
|
||
| # rsync isn't available to keep size down | ||
| # cp --parents isn't in busybox version | ||
| # hack the directory structure with tar | ||
| tar cf - -C "${OPENVPN}" "${FILES[@]}" | tar xvf - -C "${TARGET}" | ||
|
|
||
| echo "Created the openvpn configuration for the server: $TARGET" |
Oops, something went wrong.