diff --git a/ocserv/Dockerfile b/ocserv/Dockerfile index 358614b..37ae705 100644 --- a/ocserv/Dockerfile +++ b/ocserv/Dockerfile @@ -40,7 +40,6 @@ RUN buildDeps=" \ && make install \ && mkdir -p /etc/ocserv \ && cp /usr/src/ocserv/doc/sample.config /etc/ocserv/ocserv.conf \ - && cp /usr/src/ocserv/doc/profile.xml /etc/ocserv/profile.xml \ && cd / \ && rm -rf /usr/src/ocserv \ && runDeps="$( \ @@ -68,7 +67,6 @@ RUN set -xe \ -e 's@^#config-per-@config-per-@' \ -e 's@^#default-@default-@' \ -e 's@^#enable-auth = "certificate"$@enable-auth = "certificate"@' \ - -e 's@^#user-profile =.*@user-profile = /etc/ocserv/profile.xml@' \ -e 's@^default-domain@#&@' \ -e 's@^dns =.*@dns = 8.8.8.8@' \ -e 's@^max-clients =.*@max-clients = 0@' \ @@ -83,13 +81,13 @@ COPY docker-entrypoint.sh /entrypoint.sh VOLUME /etc/ocserv WORKDIR /etc/ocserv -ENV VPN_DOMAIN=vpn.easypi.pro \ - VPN_NETWORK=10.20.30.0 \ - VPN_NETMASK=255.255.255.0 \ - LAN_NETWORK=192.168.0.0 \ - LAN_NETMASK=255.255.0.0 \ - VPN_USERNAME=username \ - VPN_PASSWORD=password \ +ENV VPN_DOMAIN=vpn.easypi.pro \ + VPN_NETWORK=10.20.30.0 \ + VPN_NETMASK=255.255.255.0 \ + LAN_NETWORK=192.168.0.0 \ + LAN_NETMASK=255.255.0.0 \ + VPN_USERNAME=username \ + VPN_PASSWORD=password \ TERM=xterm EXPOSE 443/tcp 443/udp diff --git a/ocserv/README.md b/ocserv/README.md index 371cf65..63a2117 100644 --- a/ocserv/README.md +++ b/ocserv/README.md @@ -15,7 +15,7 @@ ocserv: - "4443:443/tcp" - "4443:443/udp" environment: - - VPN_DOMAIN=vpn.easypi.info + - VPN_DOMAIN=vpn.easypi.pro - VPN_NETWORK=10.20.30.0 - VPN_NETMASK=255.255.255.0 - LAN_NETWORK=192.168.0.0 @@ -37,9 +37,9 @@ ocserv: ```bash $ docker-compose up -d -$ docker-compose exec ocserv bash +$ docker-compose exec ocserv sh >>> cd /etc/ocserv/ ->>> echo 'no-route = 1.2.3.4/32' >> ocserv.conf +>>> echo 'no-route = 1.2.3.4/32' >> /etc/ocserv/defaults/group.conf >>> ocpasswd -c ocpasswd username Enter password: ****** Re-enter password: ****** @@ -50,13 +50,15 @@ $ docker cp ocserv_ocserv_1:/etc/ocserv/certs/server-cert.pem . $ docker-compose logs -f ``` +> You need to access your vpn server directly with `no-route`. + To remove the password protection of `client.p12`: ```bash -mv client.p12 client.p12.orig -openssl pkcs12 -in client.p12.orig -nodes -out tmp.pem -openssl pkcs12 -export -in tmp.pem -out client.p12 -passout pass: -rm tmp.pem +$ mv client.p12 client.p12.orig +$ openssl pkcs12 -in client.p12.orig -nodes -out tmp.pem +$ openssl pkcs12 -export -in tmp.pem -out client.p12 -passout pass: +$ rm tmp.pem ``` > :warning: Apple's Keychain Access will refuse to open it with no passphrase. diff --git a/ocserv/init.sh b/ocserv/init.sh index d8df774..38c81f5 100755 --- a/ocserv/init.sh +++ b/ocserv/init.sh @@ -29,7 +29,7 @@ cn = "${VPN_DOMAIN}" dns_name = "${VPN_DOMAIN}" organization = "ocserv" serial = 2 -expiration_days = 3650 +expiration_days = 365 encryption_key signing_key tls_www_server @@ -39,7 +39,7 @@ cat > client.tmpl <<_EOF_ cn = "client@${VPN_DOMAIN}" uid = "client" unit = "ocserv" -expiration_days = 3650 +expiration_days = 365 signing_key tls_www_client _EOF_