基于docker搭建openvpn

1.初始化openvpn容器,生成证书文件

在本地创建openvpn目录用来存放openvpn配置

mkdir /opt/openvpn

初始化openvpn容器

docker run -v /opt/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://acaiblog.top
docker run -v /opt/openvpn:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

初始化的过程中需要输入域名和证书密码:

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki

Generating a 2048 bit RSA private key
.........................+++++
...................................................................+++++
writing new private key to '/etc/openvpn/pki/private/ca.key.XXXXELNpeh'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:acaiblog.top

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt

确认证书认证密码:

writing new private key to '/etc/openvpn/pki/private/acaiblog.top.key.XXXXnMNlip'
-----
Using configuration from /usr/share/easy-rsa/openssl-easyrsa.cnf
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'acaiblog.top'
Certificate is to be certified until Dec 2 04:42:08 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Using configuration from /usr/share/easy-rsa/openssl-easyrsa.cnf
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
An updated CRL has been created.
CRL file: /etc/openvpn/pki/crl.pem

2.启动openvpn容器

启动容器

docker run -d --name openvpn-server -v /opt/openvpn/:/etc/openvpn  -p 1194:1194/udp --cap-add=NET_ADMIN  --restart always kylemanna/openvpn

3.生成客户端证书

生成客户端无密码证书

docker run -v /opt/openvpn/:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass

需要输入初始化openvpn-server的认证密码

Generating a 2048 bit RSA private key
.......................................................+++++
...................+++++
writing new private key to '/etc/openvpn/pki/private/CLIENTNAME.key.XXXXpIdkeF'
-----
Using configuration from /usr/share/easy-rsa/openssl-easyrsa.cnf
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'CLIENTNAME'
Certificate is to be certified until Dec 2 04:48:52 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

4.导出客户端证书

导出客户端证书到/root目录下

docker run -v /opt/openvpn/:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > /root/client-acaiblog.top.ovpn

5.windows安装openvpn客户端测试

下载地址:https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe

文章作者: 慕容峻才
文章链接: https://www.acaiblog.top/基于docker搭建openvpn/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 阿才的博客
微信打赏
支付宝打赏