Shulou(Shulou.com)06/01 Report--

This article mainly shows you "linux based on docker how to install openvpn server and client", the content is easy to understand, well-organized, hope to help you solve your doubts, the following let the editor lead you to study and learn "linux based on docker how to install openvpn server and client" this article.

1. Initialize docker

This article installs the sample server IP:192.11.11.10

Create a local openvpn configuration storage directory

Mkdir / data/public/openvpn

Initialize configuration and other information through the container

Docker run-v / data/public/openvpn:/etc/openvpn-- rm kylemanna/openvpn ovpn_genconfig-u udp://openvpn.gongstring.comdocker run-v / data/public/openvpn:/etc/openvpn-- rm-it kylemanna/openvpn ovpn_initpki

You need to enter the domain name and certificate password during startup:

For example, enter: vpn123pwd here

The following is an example of installation:

Init-pki complete You may now create a CA or requests.Your newly created PKI dir is: / etc/openvpn/pkiUsing SSL: openssl OpenSSL 1.1.1d 10 Sep 2019Enter New CA Key Passphrase: Re-Enter New CA Key Passphrase: Generating RSA private key 2048 bit long modulus (2 primes). +.. + e is 65537 (0x010001) Can't load / etc/openvpn/pki/.rnd into RNG140360007494984:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:98:Filename=/etc/openvpn / pki/.rndYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name ora DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value If you enter'.', the field will be left blank.-Common Name (eg: your user, host, or server name) [Easy-RSA CA]: openvpn.gongstring.comCA creation complete and you may now import and sign cert requests.Your new CA certificate file for publishing is at:/etc/openvpn/pki/ca.crtUsing SSL: openssl OpenSSL 1.1.1d 10 Sep 2019Generating DH parameters, 2048 bit long safe prime Generator 2This is going to take a long time.+....++*DH parameters of size 2048 created at / etc/openvpn/ Pki/dh.pemUsing SSL: openssl OpenSSL 1.1.1d 10 Sep 2019Generating a RSA private key.+....+writing new private key To'/ etc/openvpn/pki/private/openvpn.gongstring.com.key.XXXXcMLjEc'-Using configuration from / etc/openvpn/pki/safessl-easyrsa.cnfEnter pass phrase for / etc/openvpn/pki/private/ca.key:Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName: ASN.1 12:'openvpn.gongstring.com'Certificate is to be certified until Aug 5 07:14:33 2023 GMT (1080 days) Write out database with 1 new entriesData Base UpdatedUsing SSL: openssl OpenSSL 1.1.1d 10 Sep 2019Using configuration from / etc/openvpn/pki/safessl-easyrsa.cnfEnter pass phrase for / etc/openvpn/pki/private/ca.key:An updated CRL has been created.CRL file: / etc/openvpn/pki/crl.pem2. Launch container docker run-d-- name openvpn-server-v / data/public/openvpn/:/etc/openvpn-p 1194:1194/udp-- cap-add=NET_ADMIN-- restart always kylemanna/openvpn3. Generate client certificate (can be generated multiple times)

The above password will need to be added in the middle: vpn123pwd

Docker run-v / data/public/openvpn/:/etc/openvpn-- rm-it kylemanna/openvpn easyrsa build-client-full gongstring nopass

The gongstring can be changed into your own user name.

4. Export the certificate to the client using docker run-v / data/public/openvpn/:/etc/openvpn-- rm kylemanna/openvpn ovpn_getclient gongstring > / data/public/openvpn/clients/openvpn.gongstring.com.ovpn

When the execution is complete, the file openvpn.gongstring.com.ovpn appears under the / data/public/openvpn/clients directory

5. Client use

Here is an example of centos7 using a client connection.

5.1 add Mirror Source install openvpn client

Vim / etc/yum.repo.d/epel.repo

[epel] name=Extra Packages for Enterprise Linux 7-$basearchbaseurl= http://mirrors.aliyun.com/epel/7/$basearchfailovermethod=priorityenabled=1gpgcheck=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo] name=Extra Packages for Enterprise Linux 7-$basearch-Debugbaseurl= http://mirrors.aliyun.com/epel/7/$basearch/debugfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=0 [epel-source] name=Extra Packages for Enterprise Linux 7-$basearch-Sourcebaseurl= http://mirrors.aliyun. Com/epel/7/SRPMSfailovermethod=priorityenabled=0gpgkey= file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=0

Installation

Yum makecacheyum update-yyum install-y openssl lzo pam openssl-devel lzo-devel pam-develyum install-y easy-rsayum install-y openvpn5.2 starts client

Upload openvpn.gongstring.com.ovpn to the server's / data/public/openvpn

Mkdir-p / data/public/openvpn

You can use the command on the server to upload the certificate to the client machine:

Scp. / openvpn.gongstring.com.ovpn root@192.11.11.11:/data/public/openvpn

Execute the startup command and note that the client should be able to access the server through openvpn.gongstring.com and the port should be open. Of course, if the intranet, the easiest way is to add hosts.

192.11.11.10 openvpn.gongstring.com/data/public/openvpnopenvpn. / openvpn.gongstring.com.ovpn

If the login is successful, the following prompt appears:

Thu Aug 20 23:37:43 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020Thu Aug 20 23:37:43 2020 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017 LZO 2.06Thu Aug 20 23:37:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET] 192.168.8.10:1194Thu Aug 20 23:37:43 2020 UDP link local: (not bound) Thu Aug 20 23:37:43 2020 UDP link remote: [AF_INET] 192.168.8.10:1194Thu Aug 20 23:37:43 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541' Remote='link-mtu 1542'Thu Aug 20 23:37:43 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config Remote='comp-lzo'Thu Aug 20 23:37:43 2020 [openvpn.gongstring.com] Peer Connection Initiated with [AF_INET] 192.168.8.10:1194Thu Aug 20 23:37:44 2020 Options error: Unrecognized option or missing or extra parameter (s) in [PUSH-OPTIONS]: 1: block-outside-dns (2.4.9) Thu Aug 20 23:37:44 2020 TUN/TAP device tun0 openedThu Aug 20 23:37:44 2020 / sbin/ip link set dev tun0 up mtu 1500Thu Aug 20 23: 37:44 2020 / sbin/ip addr add dev tun0 local 192.168.255.6 peer 192.168.255.5Thu Aug 20 23:37:44 2020 WARNING: this configuration may cache passwords in memory-- use the auth-nocache option to prevent thisThu Aug 20 23:37:44 2020 Initialization Sequence Completed are all the contents of the article "how to install openvpn servers and clients based on docker in linux" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.