티스토리 뷰

___리눅스

[OpenVPN] openvpn 서버 설치

변군 변군이글루 2020. 9. 25. 15:52

openvpn 서버 설치

 

docker-compose.yml

$ vim docker-compose.yml
version: '3'
services:

  openvpn:
    image: awalach/openvpn
    container_name: openvpn
    restart: always
    #network_mode: "host"
    cap_add:
      - NET_ADMIN
    volumes:
      - /usr/share/zoneinfo/Asia/Seoul:/etc/timezone
      - ./openvpn-data/conf:/etc/openvpn
    depends_on:
      - "openvpn-gui"
    ports:
      - "1194:1194/udp"

  openvpn-gui:
    image: awalach/openvpn-web-ui
    container_name: openvpn-gui
    restart: always
    volumes:
      - /usr/share/zoneinfo/Asia/Seoul:/etc/timezone
      - ./openvpn-data/conf:/etc/openvpn
      - ./openvpn-data/db:/opt/openvpn-gui/db
    ports:
      - "8080:8080/tcp"

github : openvpn-web-ui

 

adamwalach/openvpn-web-ui

Web interface (with golang backend) for monitoring and administration of OpenVPN server - adamwalach/openvpn-web-ui

github.com

docker-compose 실행

$ docker-compose up -d

 

server.conf 편집

vim openvpn-data/conf/server.conf

$ vim openvpn-data/conf/server.conf
management 0.0.0.0 2080

port 1194
proto udp

dev tun

ca keys/ca.crt
cert keys/server.crt
key keys/server.key

cipher AES-256-CBC
keysize 256
auth SHA256
dh dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120

comp-lzo
max-clients 100

persist-key
persist-tun

log         openvpn.log
verb 3

mute 10

 

vars 편집

vim openvpn-data/conf/keys/vars

$ vim openvpn-data/conf/keys/vars
# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="/usr/share/easy-rsa"

#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"


# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="/etc/openvpn/keys"

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"

# Increase this to 2048 if you
# are paranoid.  This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="KR"
export KEY_PROVINCE="Seoul"
export KEY_CITY="Jongno"
export KEY_ORG="dummy"
export KEY_EMAIL="demo@example.com"
export KEY_OU="IT"

# X509 Subject Field
export KEY_NAME="iXa-CA"

# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234

# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

 

openvpn-web-ui

- URL : http://SERVER IP:8080

- username: admin
- password: b3secure

 

 

 

댓글
댓글쓰기 폼