{"id":63,"date":"2024-09-23T21:14:18","date_gmt":"2024-09-23T13:14:18","guid":{"rendered":"https:\/\/blog.62510360.xyz\/?p=63"},"modified":"2024-09-23T21:24:53","modified_gmt":"2024-09-23T13:24:53","slug":"docker-openvpn%e7%9a%84%e5%ae%89%e8%a3%85%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/blog.62510360.xyz\/?p=63","title":{"rendered":"docker openvpn\u7684\u5b89\u88c5\u65b9\u6cd5"},"content":{"rendered":"\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u524d\u63d0\u6761\u4ef6<\/h2>\n\n\n\n

1\u3001\u4e91\u670d\u52a1\u5668\uff0c\u4e0d\u9650\u5236\u4e91\u670d\u52a1\u5546\u4f46\u662f\u5fc5\u987b\u8981\u516c\u7f51IP\u5730\u5740\uff0c\u4e14\u6709\u6700\u9ad8\u6743\u3001\u80fd\u653e\u884c\u7aef\u53e3<\/p>\n\n\n\n

2\u3001\u5bb6\u91cc\u6709\u4e00\u53f0\u80fd\u5b89\u88c5OpenVPN Client\u5ba2\u6237\u7aef\u7684\u8def\u7531\u5668\uff0c\u6211\u662f\u7528\u7684\u662f\u7ea2\u7c73AC2100\uff0c\u5237\u7684OpenWRT\u7cfb\u7edf<\/p>\n\n\n\n

3\u3001\u8fdc\u7a0b\u4f7f\u7528\u7684OpenVPN Client\u7684\u5ba2\u6237\u7aef\uff0c\u6bd4\u5982\u624b\u673a\u3001\u7535\u8111<\/p>\n\n\n\n

\u6559\u7a0b<\/h2>\n\n\n\n

1\u3001\u4f7f\u7528Docker\u5b89\u88c5OpenVPN\u670d\u52a1\u7aef<\/h3>\n\n\n\n

\u83b7\u53d6\u6700\u65b0\u7248\u672c\u7684 Docker \u5b89\u88c5\u5305<\/p>\n\n\n\n

wget -qO- https:\/\/get.docker.com\/ | sh<\/p>\n\n\n\n

shell38 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u542f\u52a8docker\u670d\u52a1\uff0c\u9a8c\u8bc1docker\u4fe1\u606f\uff0c\u547d\u4ee4\u5982\u4e0b\uff1a<\/p>\n\n\n\n

sudo service docker start<\/p>\n\n\n\n

docker version<\/p>\n\n\n\n

shell40 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u62c9\u53d6OpenVPN\u955c\u50cf\u5230\u672c\u5730\uff0c\u5e76\u521d\u59cb\u5316docker\u5bb9\u5668<\/p>\n\n\n\n

# \u62c9\u53d6OpenVPN\u7684\u955c\u50cf<\/p>\n\n\n\n

docker pull kylemanna\/openvpn<\/p>\n\n\n\n

# \u65b0\u5efaOpenVPN\u7684\u5de5\u4f5c\u76ee\u5f55<\/p>\n\n\n\n

mkdir \/etc\/openvpn<\/p>\n\n\n\n

# \u521d\u59cb\u5316\u5bb9\u5668\u4ee5\u4fdd\u5b58\u914d\u7f6e\u6587\u4ef6\u548c\u8bc1\u4e66\u3002\u5bb9\u5668\u5c06\u63d0\u793a\u7528\u6237\u8f93\u5165\u4e00\u4e2a\u5bc6\u7801\u4ee5\u4fdd\u62a4\u65b0\u751f\u6210\u7684\u8bc1\u4e66\u6388\u6743\u673a\u6784\u4f7f\u7528\u7684\u79c1\u94a5<\/p>\n\n\n\n

# xx.xx.xx.xx\u4e3a\u60a8\u670d\u52a1\u5668\u7684\u516c\u7f51IP\u5730\u5740<\/p>\n\n\n\n

docker run -v \/etc\/openvpn:\/etc\/openvpn –rm kylemanna\/openvpn ovpn_genconfig -u udp:\/\/xx.xx.xx.xx:1194<\/p>\n\n\n\n

docker run -v \/etc\/openvpn:\/etc\/openvpn –rm -it kylemanna\/openvpn ovpn_initpki<\/p>\n\n\n\n

shell342 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u542f\u52a8\u8fc7\u7a0b\u4e2d\u9700\u8981\u8f93\u5165\u8bc1\u4e66\u5bc6\u7801\u548c\u57df\u540d\uff0c\u8bf7\u6ce8\u610f\u8f93\u5165\u5bc6\u7801\u65f6\u4e0d\u4f1a\u663e\u793a\u4efb\u4f55\u4fe1\u606f\uff1b<\/p>\n\n\n\n

\"\u57fa\u4e8eOpenVPN\u5b9e\u73b0\u968f\u65f6\u968f\u5730\u8bbf\u95ee\u5bb6\u91cc\u7684NAS\"<\/a><\/figure>\n\n\n\n
\"\u57fa\u4e8eOpenVPN\u5b9e\u73b0\u968f\u65f6\u968f\u5730\u8bbf\u95ee\u5bb6\u91cc\u7684NAS\"<\/a><\/figure>\n\n\n\n

\u542f\u52a8OpenVPN Server\u8fdb\u7a0b\uff0c\u542f\u52a8\u540e\u53ef\u4ee5\u8f93\u5165 docker ps\u67e5\u770b\u8fd0\u884c\u5bb9\u5668\u4fe1\u606f<\/p>\n\n\n\n

docker run \\<\/p>\n\n\n\n

–name openvpn \\<\/p>\n\n\n\n

–restart=always \\<\/p>\n\n\n\n

–privileged=true \\<\/p>\n\n\n\n

-v \/etc\/openvpn\/:\/etc\/openvpn \\<\/p>\n\n\n\n

-v \/usr\/share\/zoneinfo\/Asia\/Shanghai:\/etc\/localtime:ro \\<\/p>\n\n\n\n

-p 1194:1194\/udp \\<\/p>\n\n\n\n

–cap-add=NET_ADMIN \\<\/p>\n\n\n\n

-d kylemanna\/openvpn<\/p>\n\n\n\n

<\/p>\n\n\n\n

shell228 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\"\u57fa\u4e8eOpenVPN\u5b9e\u73b0\u968f\u65f6\u968f\u5730\u8bbf\u95ee\u5bb6\u91cc\u7684NAS\"<\/a><\/figure>\n\n\n\n

2\u3001\u914d\u7f6eOpenVPN\u670d\u52a1\u7aef<\/h3>\n\n\n\n

\u4fee\u6539\/etc\/openvpn.config\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\uff1a<\/p>\n\n\n\n

server 192.168.255.0 255.255.255.0<\/p>\n\n\n\n

verb 3<\/p>\n\n\n\n

key \/etc\/openvpn\/pki\/private\/192.168.175.128.key<\/p>\n\n\n\n

ca \/etc\/openvpn\/pki\/ca.crt<\/p>\n\n\n\n

cert \/etc\/openvpn\/pki\/issued\/192.168.175.128.crt<\/p>\n\n\n\n

dh \/etc\/openvpn\/pki\/dh.pem<\/p>\n\n\n\n

tls-auth \/etc\/openvpn\/pki\/ta.key<\/p>\n\n\n\n

key-direction 0<\/p>\n\n\n\n

keepalive 10 60<\/p>\n\n\n\n

persist-key<\/p>\n\n\n\n

persist-tun<\/p>\n\n\n\n

proto udp<\/p>\n\n\n\n

# Rely on Docker to do port mapping, internally always 1194<\/p>\n\n\n\n

port 1194<\/p>\n\n\n\n

dev tun0<\/p>\n\n\n\n

status \/tmp\/openvpn-status.log<\/p>\n\n\n\n

# VPN\u8fde\u63a5\u540e\u5206\u914d\u7684IP\u5730\u5740\u5c06\u8bb0\u5f55\u5728ipp.txt\u4e2d\uff0c\u4e0b\u6b21\u8fde\u63a5VPN\u7ee7\u7eed\u4f7f\u7528\u6b64IP\u5730\u5740<\/p>\n\n\n\n

ifconfig-pool-persist ipp.txt<\/p>\n\n\n\n

# \u5ba2\u6237\u7aef\u4e92\u8054<\/p>\n\n\n\n

client-to-client<\/p>\n\n\n\n

# \u5ba2\u6237\u7aef\u6240\u5728\u7684\u5c40\u57df\u7f51\u8054\u901a<\/p>\n\n\n\n

client-config-dir \/etc\/openvpn\/ccd<\/p>\n\n\n\n

user nobody<\/p>\n\n\n\n

group nogroup<\/p>\n\n\n\n

comp-lzo no<\/p>\n\n\n\n

### Route Configurations Below<\/p>\n\n\n\n

route 192.168.254.0 255.255.255.0<\/p>\n\n\n\n

### Push Configurations Below<\/p>\n\n\n\n

push “block-outside-dns”<\/p>\n\n\n\n

push “dhcp-option DNS 8.8.8.8”<\/p>\n\n\n\n

push “dhcp-option DNS 8.8.4.4”<\/p>\n\n\n\n

push “comp-lzo no”<\/p>\n\n\n\n

generic794 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u914d\u7f6e\u6587\u4ef6\u4fee\u6539\u5b8c\u6210\u540e\uff0c\u91cd\u65b0\u542f\u52a8docker\u5bb9\u5668<\/p>\n\n\n\n

# \u5148\u6682\u505copenvpn\u5bb9\u5668<\/p>\n\n\n\n

docker stop openvpn<\/p>\n\n\n\n

# \u540e\u542f\u52a8openvpn\u5bb9\u5668<\/p>\n\n\n\n

docker start openvpn<\/p>\n\n\n\n

shell71 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u5728 \/etc\/openvpn\/ccd\u76ee\u5f55\u4e0b, \u4e3a\u5c40\u57df\u7f51\u7684VPN\u7f51\u5173\u521b\u5efa\u914d\u7f6e\u6587\u4ef6\uff0c\u914d\u7f6e\u6587\u4ef6\u7684\u6587\u4ef6\u540d\u8981\u548c\u5ba2\u6237\u540d\u76f8\u540c\u3002<\/p>\n\n\n\n

\u6211\u4e3a\u5bb6\u4e2d\u8def\u7531\u5668\u751f\u6210\u7684\u8bc1\u4e66\u540d\u79f0\u4e3aOpenWRT\uff0c\u5185\u7f51\u7f51\u6bb5\u4e3a192.168.1.0\/24\uff0c\u6240\u4ee5\u914d\u7f6e\u6587\u4ef6\u4e3a\uff1a<\/p>\n\n\n\n

vi ccd\/OpenWRT<\/p>\n\n\n\n

# \u952e\u5165i\uff0c\u5728\u6587\u4ef6\u91cc\u6dfb\u52a0\u8def\u7531\u4fe1\u606f<\/p>\n\n\n\n

iroute 192.168.1.0 255.255.255.0<\/p>\n\n\n\n

# \u952e\u5165Esc\uff0c\u8f93\u5165:wq \u4fdd\u5b58\u9000\u51fa<\/p>\n\n\n\n

generic85 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

3\u3001\u914d\u7f6eOpenVPN\u5ba2\u6237\u7aef<\/h3>\n\n\n\n

\u751f\u6210\u5e26\u5bc6\u7801\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u4f5c\u4e3a\u7535\u8111\u548c\u624b\u673a\u7684VPN\u8bc1\u4e66\uff0c\u6bcf\u6b21\u767b\u5f55VPN\u65f6\uff0c\u90fd\u9700\u8981\u8f93\u5165\u5bc6\u7801\uff1b<\/p>\n\n\n\n

docker run -v \/etc\/openvpn\/:\/etc\/openvpn –rm -it kylemanna\/openvpn easyrsa build-client-full client001<\/p>\n\n\n\n

\u8f93\u5165\u5bc6\u7801\uff1a******<\/p>\n\n\n\n

shell115 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u751f\u6210\u4e0d\u5e26\u5bc6\u7801\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u4f5c\u4e3aOpenWRT\u7684VPN\u8bc1\u4e66\uff0cVPN\u8fde\u63a5\u65f6\u4e0d\u7528\u8f93\u5165\u5bc6\u7801\uff1b<\/p>\n\n\n\n

docker run -v \/etc\/openvpn\/:\/etc\/openvpn –rm -it kylemanna\/openvpn easyrsa build-client-full OpenWRT nopass<\/p>\n\n\n\n

shell108 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u5bfc\u51fa\u8bc1\u4e66\uff0c\u5e76\u4e0b\u8f7d\u5230\u672c\u5730<\/p>\n\n\n\n

docker run -v \/etc\/openvpn\/:\/etc\/openvpn –rm kylemanna\/openvpn ovpn_getclient client001 > \/etc\/openvpn\/client001.ovpn<\/p>\n\n\n\n

docker run -v \/etc\/openvpn\/:\/etc\/openvpn –rm kylemanna\/openvpn ovpn_getclient client001 > \/etc\/openvpn\/OpenWRT.ovpn<\/p>\n\n\n\n

shell236 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u4fee\u6539client001.ovpn\u8fdc\u7a0b\u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u7981\u7528\u9ed8\u8ba4\u8def\u7531\uff0c\u65b0\u589e\u5c40\u57df\u7f51192.168.1.0\u7684\u8def\u7531\u548c\u6307\u5411\u670d\u52a1\u7aef\u7684\u8def\u7531\uff1b<\/p>\n\n\n\n

# redirect-gateway def1<\/p>\n\n\n\n

route-nopull<\/p>\n\n\n\n

route 192.168.1.0 255.255.255.0 vpn_gateway<\/p>\n\n\n\n

route 192.168.255.0 255.255.255.0 vpn_gateway<\/p>\n\n\n\n

generic128 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u4fee\u6539OpenWRT.ovpn\u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u7981\u7528\u9ed8\u8ba4\u8def\u7531\uff0c\u65b0\u589e\u4e00\u6761\u6307\u5411\u670d\u52a1\u7aef\u7684\u8def\u7531\uff1b<\/p>\n\n\n\n

# redirect-gateway def1<\/p>\n\n\n\n

route-nopull<\/p>\n\n\n\n

route 192.168.255.0 255.255.255.0 vpn_gateway<\/p>\n\n\n\n

generic83 Bytes\u00a9 \u594e\u5229<\/p>\n\n\n\n

\u5c06OpenWRT.ovpn\u5bfc\u5165\u5230\u5bb6\u4e2d\u8def\u7531\u5668\u7684OpenVPN\u5ba2\u6237\u7aef\u4e2d\uff0c\u5e76\u542f\u7528\uff1b<\/p>\n\n\n\n

\u5c06client001.ovpn\u5bfc\u5165\u5230\u624b\u673a\u6216\u8005\u7535\u8111\u7684OpenVPN\u5ba2\u6237\u7aef\u4e2d\uff0c\u70b9\u51fb\u8fde\u63a5\u5e76\u8f93\u5165\u5bc6\u7801\uff0c\u7b49\u5f85\u8fde\u63a5\u5b8c\u6210\u540e\u5373\u53ef\u8bbf\u95ee\u5bb6\u4e2d\u7684\u670d\u52a1\u3002<\/p>\n\n\n\n

\u53c2\u8003\u8d44\u6599<\/h2>\n\n\n\n

OpenVPN Docker\u642d\u5efa – \u7b80\u4e66 (jianshu.com)<\/a><\/p>\n\n\n\n

kylemanna\/openvpn – Docker Image |\u7801\u5934\u5de5\u4eba\u4e2d\u5fc3<\/a><\/p>\n\n\n\n

\u4f7f\u7528OpenVPN\u5b9e\u73b0\u5c40\u57df\u7f51\u4e92\u8054 (itxueyuan.com)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\u524d\u63d0\u6761\u4ef6 1\u3001\u4e91\u670d\u52a1\u5668\uff0c\u4e0d\u9650\u5236\u4e91\u670d\u52a1\u5546\u4f46\u662f\u5fc5\u987b\u8981\u516c\u7f51IP\u5730\u5740\uff0c\u4e14\u6709\u6700\u9ad8\u6743\u3001\u80fd\u653e\u884c\u7aef\u53e3 2\u3001\u5bb6\u91cc\u6709\u4e00\u53f0\u80fd\u5b89\u88c5Op […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-63","post","type-post","status-publish","format-standard","hentry","category-wlzy"],"_links":{"self":[{"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=\/wp\/v2\/posts\/63","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=63"}],"version-history":[{"count":2,"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=\/wp\/v2\/posts\/63\/revisions"}],"predecessor-version":[{"id":66,"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=\/wp\/v2\/posts\/63\/revisions\/66"}],"wp:attachment":[{"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=63"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=63"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.62510360.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=63"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}