update openvpn

2024-11-24 08:52:15 +02:00 · 2016-09-02 12:23:56 +08:00 · 2016-09-02 12:23:56 +08:00 · f7f3fed822
commit f7f3fed822
parent eaa75b551f
3 changed files with 48 additions and 77 deletions
--- a/openvpn/README.md
+++ b/openvpn/README.md
@ -1,4 +1,4 @@
-openvpn
+OpenVPN
 =======

 [OpenVPN][1] is blocked in China. You need to connect vpn via secure tunnel.
@ -11,18 +11,13 @@ Instead of using [fteproxy][2] as bridge, you can also use [stunnel][3].

 ## docker-compose.yml (server)

-```
-data:
-  image: busybox
-  volumes:
-    - /etc/openvpn
-
-server:
+```yaml
+openvpn:
  image: vimagick/openvpn
-  expose:
-    - "1194/tcp"
-  volumes_from:
-    - data
+  ports:
+    - "1194:1194"
+  volumes:
+    - ./data:/etc/openvpn
  cap_add:
    - NET_ADMIN
  restart: always
@ -32,59 +27,55 @@ fteproxy:
  ports:
    - "4911:4911"
  links:
-    - "server"
+    - openvpn
  environment:
-    - "MODE=server"
-    - "SERVER_IP=0.0.0.0"
-    - "SERVER_PORT=4911"
-    - "PROXY_IP=server"
-    - "PROXY_PORT=1194"
-    - "KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18"
+    - MODE=server
+    - SERVER_IP=0.0.0.0
+    - SERVER_PORT=4911
+    - PROXY_IP=openvpn
+    - PROXY_PORT=1194
+    - KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18
  restart: always
 ```

 ## docker-compose.yml (bridge)

-```
+```yaml
 fteproxy:
  image: vimagick/fteproxy
  ports:
    - "1194:1194"
  environment:
-    - "MODE=client"
-    - "SERVER_IP=vpn.easypi.info"
-    - "SERVER_PORT=4911"
-    - "CLIENT_IP=0.0.0.0"
-    - "CLIENT_PORT=1194"
-    - "KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18"
+    - MODE=client
+    - SERVER_IP=vpn.easypi.info
+    - SERVER_PORT=4911
+    - CLIENT_IP=0.0.0.0
+    - CLIENT_PORT=1194
+    - KEY=CB2FBA2BC70490526E749E01BB050F6B555964290DFF58CF24785B4A093F7B18
  restart: always
 ```

-## server
-
-```
-$ fig up -d data
+## Server Setup

+```bash
 $ ./setup.sh
-1) server
-2) client
+1) server ...... (Step 1)
+2) client ...... (Step 2)
 3) revoke
-4) backup
-5) restore
-6) quit
+4) quit   ...... (Step 3)

-$ fig up -d
+$ docker-compose up -d
 ```

-## bridge
+## Bridge Setup

-```
-$ fig up -d
+```bash
+$ docker-compose up -d
 ```

-## client
+## Client Setup

-```
+```bash
 $ cat /etc/openvpn/client.conf
 ...
 remote bridge.easypi.info 1194 tcp
--- a/openvpn/docker-compose.yml
+++ b/openvpn/docker-compose.yml
@ -1,14 +1,9 @@
-data:
-  image: busybox
-  volumes:
-    - /etc/openvpn
-
-server:
+openvpn:
  image: vimagick/openvpn
-  expose:
-    - "1194/tcp"
-  volumes_from:
-    - data
+  ports:
+    - "1194:1194"
+  volumes:
+    - ./data:/etc/openvpn
  cap_add:
    - NET_ADMIN
  restart: always
@ -18,10 +13,10 @@ stunnel:
  ports:
    - "4911:4911"
  links:
-    - server
+    - openvpn
  environment:
    - CLIENT=no
    - SERVICE=openvpn
    - ACCEPT=0.0.0.0:4911
-    - CONNECT=server:1194
+    - CONNECT=openvpn:1194
  restart: always
--- a/openvpn/setup.sh
+++ b/openvpn/setup.sh
@ -4,44 +4,29 @@
 #

 OVPN_DIR=./ovpn
-OVPN_IMG=vimagick/openvpn
-OVPN_DATA=openvpn_data_1
-OVPN_BACKUP=openvpn.tgz
-OVPN_SERVER=tcp://vpn.easypi.info
+OVPN_SERVER=tcp://openvpn.easypi.info

 mkdir -p $OVPN_DIR

-select opt in server client revoke backup restore quit
+select opt in server client revoke quit
 do
  if [[ $opt == "server" ]]
  then
    echo "setup server ..."
-    docker run --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_genconfig -u $OVPN_SERVER
-    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_initpki
+    docker-compose run --rm openvpn ovpn_genconfig -u $OVPN_SERVER
+    docker-compose run --rm openvpn ovpn_initpki
  elif [[ $opt == "client" ]]
  then
    echo "setup client ..."
    read -p '>>> ' OVPN_CLIENT
-    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa build-client-full ${OVPN_CLIENT:?client is empty} nopass
-    docker run --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_getclient $OVPN_CLIENT > $OVPN_DIR/$OVPN_CLIENT.ovpn
+    docker-compose run --rm openvpn easyrsa build-client-full ${OVPN_CLIENT:?client is empty} nopass
+    docker-compose run --rm openvpn ovpn_getclient $OVPN_CLIENT > $OVPN_DIR/$OVPN_CLIENT.ovpn
  elif [[ $opt == "revoke" ]]
  then
+    echo "revoke client ..."
    read -p '>>> ' OVPN_CLIENT
-    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa revoke ${OVPN_CLIENT:?client is empty}
-    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa gen-crl
-  elif [[ $opt == "backup" ]]
-  then
-    echo "backup volume ..."
-    docker run --rm --volumes-from $OVPN_DATA alpine tar cvzf - -C /etc openvpn > $OVPN_DIR/$OVPN_BACKUP
-  elif [[ $opt == "restore" ]]
-  then
-    echo "restore volume ..."
-    if docker inspect $OVPN_DATA >& /dev/null
-    then
-        docker run --rm --volumes-from $OVPN_DATA -i alpine tar xvzf - -C /etc < $OVPN_DIR/$OVPN_BACKUP
-    else
-        docker run --name $OVPN_DATA -v /etc/openvpn -i alpine tar xvzf - -C /etc < $OVPN_DIR/$OVPN_BACKUP
-    fi
+    docker-compose run --rm openvpn easyrsa revoke ${OVPN_CLIENT:?client is empty}
+    docker-compose run --rm openvpn easyrsa gen-crl
  elif [[ $opt == "quit" ]]
  then
    echo "bye"