Skip to content

Instantly share code, notes, and snippets.

@ryansch

ryansch/README.md

Last active February 5, 2019 21:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ryansch/e27604be323206a1e321e3b9bfb3b9f1 to your computer and use it in GitHub Desktop.
Save ryansch/e27604be323206a1e321e3b9bfb3b9f1 to your computer and use it in GitHub Desktop.
Download ZIP
openvpn-armhf
Raw
README.md

Configure openvpn

You can run this entire first section with ryansch/openvpn:latest on a more powerful machine than the pi.

OVPN_DATA="ovpn-data"

docker run -v $OVPN_DATA:/etc/openvpn --rm ryansch/openvpn:latest ovpn_genconfig -d -N -b -C AES-256-CBC -T TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -a SHA512 -n 192.168.8.1 -p 'route 192.168.8.0 255.255.255.0' -u udp://<OPENVPN_HOST> -e 'topology subnet' -p 'dhcp-option DOMAIN <LAN_DOMAIN>' -E 'remote <OPENVPN_HOST> 443 tcp'

docker run -v $OVPN_DATA:/etc/openvpn --rm -it -e EASYRSA_KEY_SIZE=4096 ryansch/openvpn:latest ovpn_initpki

docker run -v $OVPN_DATA:/etc/openvpn --rm -it -e EASYRSA_KEY_SIZE=4096 ryansch/openvpn:latest easyrsa build-client-full <CLIENT_NAME> nopass

docker run -v $OVPN_DATA:/etc/openvpn --rm ryansch/openvpn:latest ovpn_getclient <CLIENT_NAME> > <CLIENT_NAME>.ovpn

docker run --net=none -it --rm -v $OVPN_DATA:/etc/openvpn ryansch/openvpn:latest ovpn_copy_server_files

docker run -v $OVPN_DATA:/etc/openvpn -w /etc/openvpn --rm ryansch/openvpn:latest tar -zcv server > openvpn-server-data.tar.gz

Prepare rasp pi

Copy tarball to rasp pi.

mkdir /opt/openvpn

Copy docker-compose.yml and openvpn.servce to /opt/openvpn

docker run -it --rm -v openvpn_data:/etc/openvpn -v $(pwd):/host -w /etc/openvpn ryansch/openvpn:latest tar --strip-components=1 -zxvf /host/openvpn-server-data.tar.gz

sudo systemctl enable /opt/openvpn/openvpn.service

sudo systemctl start openvpn

Raw
docker-compose.yml
version: '3'
services:
openvpn:
cap_add:
- NET_ADMIN
image: ryansch/openvpn:latest
ports:
- "1194:1194/udp"
restart: always
volumes:
- data:/etc/openvpn
openvpn-tcp:
command: ovpn_run --proto tcp
cap_add:
- NET_ADMIN
image: ryansch/openvpn:latest
ports:
- "443:1194/tcp"
restart: always
volumes:
- data:/etc/openvpn
volumes:
data:
Raw
openvpn.service
[Unit]
Description=OpenVPN
After=docker.service
BindsTo=docker.service
[Service]
TimeoutStartSec=0
TimeoutStopSec=30
Restart=always
RestartSec=10
WorkingDirectory=/opt/openvpn
ExecStartPre=-/usr/local/bin/docker-compose kill
ExecStartPre=-/usr/local/bin/docker-compose rm -f
ExecStart=/usr/local/bin/docker-compose up --force-recreate
ExecStop=/usr/local/bin/docker-compose stop
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment