From 9e6788ec23089b90b816f4cc3eb1b00b1e6c6172 Mon Sep 17 00:00:00 2001 From: kev Date: Tue, 12 Jul 2016 15:23:52 +0800 Subject: [PATCH] update openvpn-arm --- openvpn/arm/README.md | 57 ++++++++++++++++++++++++++++++++++ openvpn/arm/data/dnsmasq.conf | 4 +-- openvpn/arm/data/wlan0.network | 11 +++++++ openvpn/arm/docker-compose.yml | 18 +++++------ 4 files changed, 79 insertions(+), 11 deletions(-) create mode 100644 openvpn/arm/README.md create mode 100644 openvpn/arm/data/wlan0.network diff --git a/openvpn/arm/README.md b/openvpn/arm/README.md new file mode 100644 index 0000000..1c1943e --- /dev/null +++ b/openvpn/arm/README.md @@ -0,0 +1,57 @@ +openvpn +======= + +Setup OpenVPN on Raspberry Pi. + +## docker-compose.yml + +```yaml +stunnel: + image: easypi/stunnel-arm + ports: + - "1194:1194" + environment: + - CLIENT=yes + - SERVICE=openvpn + - ACCEPT=0.0.0.0:1194 + - CONNECT=server:4911 + extra_hosts: + - server:1.2.3.4 + restart: always + +openvpn: + image: easypi/openvpn-arm + command: --config pi.ovpn + volumes: + - ./data:/etc/openvpn + net: host + privileged: yes + restart: always + +dnsmasq: + image: easypi/dnsmasq-arm + volumes: + - ./data/dnsmasq.conf:/etc/dnsmasq.d/dnsmasq.conf + cap_add: + - NET_ADMIN + net: host + restart: always +``` + +## up and running + +```bash +$ echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/local.conf +$ sysctl -p /etc/sysctl.d/local.conf + +$ iptables -t nat -A POSTROUTING -s 192.168.31.0/24 -o tun0 -j MASQUERADE +$ iptables-save -t nat | grep -vi docker > /etc/iptables/iptables.rules +$ systemctl enable iptables + +$ docker-compose up -d stunnel # 1st +$ docker-compose up -d openvpn # 2nd +$ docker-compose up -d dnsmasq # 3rd +$ docker-compose logs -f +``` + +> :warning: The order of execution is very important! diff --git a/openvpn/arm/data/dnsmasq.conf b/openvpn/arm/data/dnsmasq.conf index 5f784ac..1a807c3 100644 --- a/openvpn/arm/data/dnsmasq.conf +++ b/openvpn/arm/data/dnsmasq.conf @@ -5,5 +5,5 @@ cache-size=10000 server=8.8.8.8#53 server=8.8.4.4#53 dhcp-range=192.168.31.10,192.168.31.20,1h -dhcp-option=3,192.168.31.1 -dhcp-option=6,192.168.31.1 +#dhcp-option=3,192.168.31.1 +#dhcp-option=6,192.168.31.1 diff --git a/openvpn/arm/data/wlan0.network b/openvpn/arm/data/wlan0.network new file mode 100644 index 0000000..ea94c96 --- /dev/null +++ b/openvpn/arm/data/wlan0.network @@ -0,0 +1,11 @@ +# /etc/systemd/network/wlan0.network + +[Match] +Name=wlan0 + +[Network] +Address=192.168.31.111/24 +Gateway=192.168.31.1 +DNS=8.8.8.8 +DNS=8.8.4.4 +IPForward=yes diff --git a/openvpn/arm/docker-compose.yml b/openvpn/arm/docker-compose.yml index 890d4ca..2423150 100644 --- a/openvpn/arm/docker-compose.yml +++ b/openvpn/arm/docker-compose.yml @@ -1,12 +1,3 @@ -openvpn: - image: easypi/openvpn-arm - command: --config pi.ovpn - volumes: - - ./data:/etc/openvpn - net: host - privileged: yes - restart: always - stunnel: image: easypi/stunnel-arm ports: @@ -20,6 +11,15 @@ stunnel: - server:1.2.3.4 restart: always +openvpn: + image: easypi/openvpn-arm + command: --config pi.ovpn + volumes: + - ./data:/etc/openvpn + net: host + privileged: yes + restart: always + dnsmasq: image: easypi/dnsmasq-arm volumes: