반응형
openvpn 서버 설치
docker-compose.yml
$ vim docker-compose.yml
version: '3'
services:
openvpn:
image: awalach/openvpn
container_name: openvpn
restart: always
#network_mode: "host"
cap_add:
- NET_ADMIN
volumes:
- /usr/share/zoneinfo/Asia/Seoul:/etc/timezone
- ./openvpn-data/conf:/etc/openvpn
depends_on:
- "openvpn-gui"
ports:
- "1194:1194/udp"
openvpn-gui:
image: awalach/openvpn-web-ui
container_name: openvpn-gui
restart: always
volumes:
- /usr/share/zoneinfo/Asia/Seoul:/etc/timezone
- ./openvpn-data/conf:/etc/openvpn
- ./openvpn-data/db:/opt/openvpn-gui/db
ports:
- "8080:8080/tcp"
github : openvpn-web-ui
docker-compose 실행
$ docker-compose up -d
server.conf 편집
vim openvpn-data/conf/server.conf
$ vim openvpn-data/conf/server.conf
management 0.0.0.0 2080
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
cipher AES-256-CBC
keysize 256
auth SHA256
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
max-clients 100
persist-key
persist-tun
log openvpn.log
verb 3
mute 10
vars 편집
vim openvpn-data/conf/keys/vars
$ vim openvpn-data/conf/keys/vars
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="/usr/share/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="/etc/openvpn/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="KR"
export KEY_PROVINCE="Seoul"
export KEY_CITY="Jongno"
export KEY_ORG="dummy"
export KEY_EMAIL="demo@example.com"
export KEY_OU="IT"
# X509 Subject Field
export KEY_NAME="iXa-CA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"
openvpn-web-ui
- URL : http://SERVER IP:8080
- username: admin
- password: b3secure
728x90
반응형
'리눅스' 카테고리의 다른 글
[VPN] openvpn client 설치(리눅스) (0) | 2020.09.25 |
---|---|
openvpn 구성 파일(.ovpn) 생성 (0) | 2020.09.25 |
SSH 세션을 유지하는 방법 (0) | 2020.09.14 |
CentOS 7에서 사용하지 않는 오래된 커널 패키지를 정리하는 방법(사용하지 않는 커널 삭제) (0) | 2020.09.08 |
MySQL 리플리케이션(replication)을 설정하는 방법 (0) | 2020.09.04 |