mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-25 02:04:06 +02:00

History

kev 30485449c3 ocserv: no-route=192.168/16		2016-06-29 17:33:41 +08:00
..
docker-compose.yml	add ocserv	2016-06-29 04:35:26 +08:00
docker-entrypoint.sh	ocserv: enable-auth = "certificate"	2016-06-29 16:30:45 +08:00
Dockerfile	ocserv: no-route=192.168/16	2016-06-29 17:33:41 +08:00
init.sh	ocserv: enable-auth = "certificate"	2016-06-29 16:30:45 +08:00
README.md	ocserv: no-route=192.168/16	2016-06-29 17:33:41 +08:00

README.md

ocserv

OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server.

docker-compose.yml

ocserv:
  image: vimagick/ocserv
  ports:
    - "4443:443/tcp"
    - "4443:443/udp"
  environment:
    - VPN_DOMAIN=vpn.easypi.info
    - VPN_NETWORK=10.20.30.0
    - VPN_NETMASK=255.255.255.0
    - VPN_USERNAME=username
    - VPN_PASSWORD=password
  cap_add:
    - NET_ADMIN
  restart: always

⚠️ Please choose a strong password to protect VPN service.

These environment variables are used to generate config files/keys.

VPN accounts can be managed via ocpasswd command.

You can edit the config file /etc/ocserv/ocserv.conf, then restart service.

up and running

$ docker-compose up -d
$ docker-compose exec ocserv bash
>>> cd /etc/ocserv/
>>> ocpasswd -c /etc/ocserv/ocpasswd username
    Enter password: ******
    Re-enter password: ******
>>> exit
$ docker cp ocserv_ocserv_1:/etc/ocserv/certs/client.p12 .
$ docker-compose logs -f

mobile client

There are two auth types:

👎 passwd: type everytime
👍 certificate: import once

AnyConnect ->
  Connection ->
    Add New VPN Connection... ->
      Advanced Preferences... ->
        Certificate ->
          Import ->
            File System: client.p12

desktop client

download

client.p12 can be imported into keychain.