Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add openvpn image #282

Merged
merged 1 commit into from
Oct 4, 2024
Merged

add openvpn image #282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions images/openvpn/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Original credit: https://github.com/jpetazzo/dockvpn
# Original credit: https://github.com/kylemanna/docker-openvpn

# Smallest base image
FROM alpine:latest

LABEL maintainer="Carlos Giraldo <cgiraldo@gradiant.org>"

# Testing: pamtester
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \
apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester libqrencode && \
ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*

# Needed by scripts
ENV OPENVPN=/etc/openvpn
ENV EASYRSA=/usr/share/easy-rsa \
EASYRSA_CRL_DAYS=3650 \
EASYRSA_PKI=$OPENVPN/pki

VOLUME ["/etc/openvpn"]

# Internally uses port 1194/udp, remap using `docker run -p 443:1194/tcp`
EXPOSE 1194/udp

CMD ["ovpn_run"]

ADD ./bin /usr/local/bin
RUN chmod a+x /usr/local/bin/*

# Add support for OTP authentication using a PAM module
ADD ./otp/openvpn /etc/pam.d/
47 changes: 47 additions & 0 deletions images/openvpn/bin/ovpn_copy_server_files
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
#!/bin/bash
## @licence MIT <http://opensource.org/licenses/MIT>
## @author Copyright (C) 2015 Robin Schneider <ypid@riseup.net>

set -e

if [ -z "$OPENVPN" ]; then
export OPENVPN="$PWD"
fi
if ! source "$OPENVPN/ovpn_env.sh"; then
echo "Could not source $OPENVPN/ovpn_env.sh."
exit 1
fi

TARGET="$OPENVPN/server"
if [ -n "$1" ]; then
TARGET="$1"
fi
mkdir -p "${TARGET}"

## Ensure that no other keys then the one for the server is present.
rm -rf "$TARGET/pki/private" "$TARGET/pki/issued"

FILES=(
"openvpn.conf"
"ovpn_env.sh"
"pki/private/${OVPN_CN}.key"
"pki/issued/${OVPN_CN}.crt"
"pki/dh.pem"
"pki/ta.key"
"pki/ca.crt"
"ccd"
)

if [ -f "${OPENVPN}/pki/crl.pem" ]; then
FILES+=("pki/crl.pem")
fi

# Ensure the ccd directory exists, even if empty
mkdir -p "ccd"

# rsync isn't available to keep size down
# cp --parents isn't in busybox version
# hack the directory structure with tar
tar cf - -C "${OPENVPN}" "${FILES[@]}" | tar xvf - -C "${TARGET}"

echo "Created the openvpn configuration for the server: $TARGET"
Loading
Loading