Skip to content

Commit

Permalink
Merge pull request #620 from kylemanna/dev
Browse files Browse the repository at this point in the history
Fix /etc/openvpn/vars bug for old docker volumes
  • Loading branch information
kylemanna authored Dec 4, 2020
2 parents e47f86b + 6ad9310 commit 1228577
Show file tree
Hide file tree
Showing 5 changed files with 5 additions and 50 deletions.
3 changes: 1 addition & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,7 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi
ENV OPENVPN=/etc/openvpn
ENV EASYRSA=/usr/share/easy-rsa \
EASYRSA_CRL_DAYS=3650 \
EASYRSA_PKI=$OPENVPN/pki \
EASYRSA_VARS_FILE=$OPENVPN/vars
EASYRSA_PKI=$OPENVPN/pki

VOLUME ["/etc/openvpn"]

Expand Down
1 change: 0 additions & 1 deletion Dockerfile.aarch64
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/reposi
ENV OPENVPN /etc/openvpn
ENV EASYRSA /usr/share/easy-rsa
ENV EASYRSA_PKI $OPENVPN/pki
ENV EASYRSA_VARS_FILE $OPENVPN/vars

# Prevents refused client connection because of an expired CRL
ENV EASYRSA_CRL_DAYS 3650
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,20 +31,20 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
private key used by the newly generated certificate authority.

docker volume create --name $OVPN_DATA
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

* Start OpenVPN server process

docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

* Generate a client certificate without a passphrase

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass

* Retrieve the client configuration with embedded certificates

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

## Next Steps

Expand Down
39 changes: 0 additions & 39 deletions bin/easyrsa_vars

This file was deleted.

4 changes: 0 additions & 4 deletions bin/ovpn_initpki
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,6 @@ source "$OPENVPN/ovpn_env.sh"
# Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
nopass=$1

# EasyRSA 3.0.7 introduced checks for $EASYRSA_VARS_FILE existence
# in the init-pki script
touch $EASYRSA_VARS_FILE

# Provides a sufficient warning before erasing pre-existing files
easyrsa init-pki

Expand Down

0 comments on commit 1228577

Please sign in to comment.