fix ocserv

ocserv/Dockerfile

@@ -40,7 +40,6 @@ RUN buildDeps=" \
     && make install \
     && mkdir -p /etc/ocserv \
     && cp /usr/src/ocserv/doc/sample.config /etc/ocserv/ocserv.conf \
-    && cp /usr/src/ocserv/doc/profile.xml /etc/ocserv/profile.xml \
     && cd / \
     && rm -rf /usr/src/ocserv \
     && runDeps="$( \
@@ -68,7 +67,6 @@ RUN set -xe \
               -e 's@^#config-per-@config-per-@' \
               -e 's@^#default-@default-@' \
               -e 's@^#enable-auth = "certificate"$@enable-auth = "certificate"@' \
-              -e 's@^#user-profile =.*@user-profile = /etc/ocserv/profile.xml@' \
               -e 's@^default-domain@#&@' \
               -e 's@^dns =.*@dns = 8.8.8.8@' \
               -e 's@^max-clients =.*@max-clients = 0@' \
@@ -83,13 +81,13 @@ COPY docker-entrypoint.sh /entrypoint.sh
 VOLUME /etc/ocserv
 WORKDIR /etc/ocserv
 
-ENV VPN_DOMAIN=vpn.easypi.pro  \
+ENV VPN_DOMAIN=vpn.easypi.pro    \
-    VPN_NETWORK=10.20.30.0     \
+    VPN_NETWORK=10.20.30.0       \
-    VPN_NETMASK=255.255.255.0  \
+    VPN_NETMASK=255.255.255.0    \
-    LAN_NETWORK=192.168.0.0    \
+    LAN_NETWORK=192.168.0.0      \
-    LAN_NETMASK=255.255.0.0    \
+    LAN_NETMASK=255.255.0.0      \
-    VPN_USERNAME=username      \
+    VPN_USERNAME=username        \
-    VPN_PASSWORD=password      \
+    VPN_PASSWORD=password        \
     TERM=xterm
 
 EXPOSE 443/tcp 443/udp

ocserv/README.md

@@ -15,7 +15,7 @@ ocserv:
     - "4443:443/tcp"
     - "4443:443/udp"
   environment:
-    - VPN_DOMAIN=vpn.easypi.info
+    - VPN_DOMAIN=vpn.easypi.pro
     - VPN_NETWORK=10.20.30.0
     - VPN_NETMASK=255.255.255.0
     - LAN_NETWORK=192.168.0.0
@@ -37,9 +37,9 @@ ocserv:
 
 ```bash
 $ docker-compose up -d
-$ docker-compose exec ocserv bash
+$ docker-compose exec ocserv sh
 >>> cd /etc/ocserv/
->>> echo 'no-route = 1.2.3.4/32' >> ocserv.conf
+>>> echo 'no-route = 1.2.3.4/32' >> /etc/ocserv/defaults/group.conf
 >>> ocpasswd -c ocpasswd username
     Enter password: ******
     Re-enter password: ******
@@ -50,13 +50,15 @@ $ docker cp ocserv_ocserv_1:/etc/ocserv/certs/server-cert.pem .
 $ docker-compose logs -f
 ```
 
+> You need to access your vpn server directly with `no-route`.
+
 To remove the password protection of `client.p12`:
 
 ```bash
-mv client.p12 client.p12.orig
+$ mv client.p12 client.p12.orig
-openssl pkcs12 -in client.p12.orig -nodes -out tmp.pem
+$ openssl pkcs12 -in client.p12.orig -nodes -out tmp.pem
-openssl pkcs12 -export -in tmp.pem -out client.p12 -passout pass:
+$ openssl pkcs12 -export -in tmp.pem -out client.p12 -passout pass:
-rm tmp.pem
+$ rm tmp.pem
 ```
 
 > :warning: Apple's Keychain Access will refuse to open it with no passphrase.

ocserv/init.sh

@@ -29,7 +29,7 @@ cn = "${VPN_DOMAIN}"
 dns_name = "${VPN_DOMAIN}"
 organization = "ocserv"
 serial = 2
-expiration_days = 3650
+expiration_days = 365
 encryption_key
 signing_key
 tls_www_server
@@ -39,7 +39,7 @@ cat > client.tmpl <<_EOF_
 cn = "client@${VPN_DOMAIN}"
 uid = "client"
 unit = "ocserv"
-expiration_days = 3650
+expiration_days = 365
 signing_key
 tls_www_client
 _EOF_