2021-05-07 23:28:37 +03:00
|
|
|
# Run container
|
2022-07-27 17:34:43 +03:00
|
|
|
sudo docker run -d \
|
2023-08-13 03:10:41 -07:00
|
|
|
--privileged \
|
2022-07-27 17:34:43 +03:00
|
|
|
--log-driver none \
|
|
|
|
|
--restart always \
|
|
|
|
|
--cap-add=NET_ADMIN \
|
|
|
|
|
-p $OPENVPN_PORT:$OPENVPN_PORT/$OPENVPN_TRANSPORT_PROTO \
|
|
|
|
|
--name $CONTAINER_NAME $CONTAINER_NAME
|
2022-02-02 02:12:29 +03:00
|
|
|
|
2022-01-31 16:08:22 +03:00
|
|
|
sudo docker network connect amnezia-dns-net $CONTAINER_NAME
|
2021-05-07 23:28:37 +03:00
|
|
|
|
|
|
|
|
# Create tun device if not exist
|
|
|
|
|
sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
|
|
|
|
|
|
|
|
|
|
# Prevent to route packets outside of the container in case if server behind of the NAT
|
|
|
|
|
sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
|
|
|
|
|
|
|
|
|
|
# OpenVPN config
|
|
|
|
|
sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /opt/amnezia/openvpn/clients; \
|
|
|
|
|
cd /opt/amnezia/openvpn && easyrsa init-pki; \
|
|
|
|
|
cd /opt/amnezia/openvpn && easyrsa gen-dh; \
|
|
|
|
|
cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
|
|
|
|
|
cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
|
|
|
|
|
cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
|
2023-04-21 07:44:35 +03:00
|
|
|
cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\
|
|
|
|
|
cd /opt/amnezia/openvpn && easyrsa gen-crl;\
|
|
|
|
|
cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem'
|
