Openvpn container

uralm1 · uralm1 · commit 78cf755339ab · 2020-03-30T13:14:44.000+05:00
diff --git a/.gitattributes b/.gitattributes
@@ -1,2 +1,3 @@
 *.tar.gz binary
 *.deb binary
+*.zip binary
diff --git a/openvpn/.dockerignore b/openvpn/.dockerignore
@@ -0,0 +1,6 @@
+_r
+_b
+gen_srv_config
+openvpn-db-log-master.zip
+pam-krb5-*.tar.gz
+*.keytab
diff --git a/openvpn/.gitignore b/openvpn/.gitignore
@@ -0,0 +1,2 @@
+*.keytab
+*.ovpn
diff --git a/openvpn/Dockerfile b/openvpn/Dockerfile
@@ -0,0 +1,44 @@
+FROM kylemanna/openvpn
+
+COPY openvpn-db-log.pl /usr/local/bin/
+#COPY pam-krb5-4.8.tar.gz /
+
+RUN apk update && \
+  apk add --no-cache perl perl-dbi perl-dbd-mysql mariadb-connector-c tzdata krb5 krb5-libs krb5-pkinit pam-krb5 && \
+  chmod +x /usr/local/bin/openvpn-db-log.pl && \
+# no need to build pam-krb5
+  #tar -xf /pam-krb5-4.8.tar.gz -C / && \
+  #rm -f /pam-krb5-4.8.tar.gz && \
+# cleanup
+  rm -rf /usr/local/share/man/* /var/cache/apk/* /var/cache/distfiles/*
+
+RUN \
+# setup /etc/krb5.conf
+  { echo '[libdefaults]'; \
+    echo ' default_realm = UWC.LOCAL'; \
+    echo ' clockskew = 300'; \
+    echo ' default_keytab_name = FILE:/etc/openvpn/krb5.keytab'; \
+    echo ' dns_lookup_realm = false'; \
+    echo ' forwardable = true'; \
+    echo ' rdns = false'; \
+    echo ' allow_weak_crypto = true'; \
+    echo ' default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5'; \
+    echo ' default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5'; \
+    echo ' permitted_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5'; \
+    echo ; \
+    echo '[realms]'; \
+    echo ' UWC.LOCAL = {'; \
+    echo '  kdc = plksrv1.uwc.local'; \
+    echo '  kdc = plksrv2.uwc.local'; \
+    echo ' }'; \
+    echo ; \
+    echo '[domain_realm]'; \
+    echo ' .uwc.local = UWC.LOCAL'; \
+    echo ; } > /etc/krb5.conf && \
+# setup /etc/pam.d/openvpn1
+  { echo '# PAM configuration for openvpn'; \
+    echo 'auth required /usr/lib/security/pam_krb5.so fail_pwchange keytab=FILE:/etc/openvpn/krb5.keytab'; \
+    echo 'account required pam_permit.so'; } > /etc/pam.d/openvpn1
+
+# same as in origin
+#CMD ["ovpn_run"]
diff --git a/openvpn/_b b/openvpn/_b
@@ -0,0 +1,3 @@
+#/bin/bash
+
+docker build -t uralm1/openvpn .
diff --git a/openvpn/_r b/openvpn/_r
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# network for wispa host -- vmware hosts must use ipvlan
+#docker network create -d macvlan --subnet=10.0.0.0/10 --gateway=10.15.0.1 --ip-range=10.14.75.32/28 -o parent=eth0 uwcnet
+
+docker run -d --name ovpn --network uwcnet --ip 10.14.72.2 \
+  --hostname ovpn --domainname uwc.local \
+  -v /srv/ovpn:/etc/openvpn \
+  -p 1194:1194/udp \
+  -e TZ=Asia/Yekaterinburg \
+  --cap-add=NET_ADMIN \
+  uralm1/openvpn
diff --git a/openvpn/create_client_cert b/openvpn/create_client_cert
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+CLIENTNAME=CLIENTNAME
+docker run -v /srv/ovpn:/etc/openvpn --rm -it uralm1/openvpn easyrsa build-client-full $CLIENTNAME nopass
+
diff --git a/openvpn/gen_cl_config b/openvpn/gen_cl_config
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+CLIENTNAME=CLIENTNAME
+docker run -v /srv/ovpn:/etc/openvpn --rm uralm1/openvpn ovpn_getclient $CLIENTNAME > cl_test.ovpn
+
diff --git a/openvpn/init_pki b/openvpn/init_pki
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+docker run -v /srv/ovpn:/etc/openvpn --rm -it uralm1/openvpn ovpn_initpki
+
diff --git a/openvpn/openvpn-db-log-master.zip b/openvpn/openvpn-db-log-master.zip
diff --git a/openvpn/openvpn-db-log.pl b/openvpn/openvpn-db-log.pl
diff --git a/openvpn/pam-krb5-4.8.tar.gz b/openvpn/pam-krb5-4.8.tar.gz

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`*.tar.gz binary`
`2`	`2`	`*.deb binary`
	`3`	`+*.zip binary`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#/bin/bash`
	`2`	`+`
	`3`	`+docker build -t uralm1/openvpn .`