Merge pull request #15 from d3vilh/dev

0.5.1 server.conf move
d3vilh · Feb 18, 2024 · fd80916 · fd80916
2 parents fae80f5 + 634bf7c
commit fd80916
Show file tree

Hide file tree

Showing 7 changed files with 58 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # Start from Alpine base image
 FROM alpine
 LABEL maintainer="Mr.Philipp <[email protected]>"
-LABEL version="0.4.1"
+LABEL version="0.5.1"
 
 # Set the working directory to /opt/app
 WORKDIR /opt/app

diff --git a/README.md b/README.md
@@ -185,19 +185,19 @@ This setup use `tun` mode, as the most compatible with wide range of devices, fo
 
 The topology used is `subnet`, for the same reasons. `p2p`, for instance, does not work on Windows.
 
-The server config [specifies](https://github.com/d3vilh/openvpn-aws/blob/master/openvpn/config/server.conf#L34) `push redirect-gateway def1 bypass-dhcp`, meaning that after establishing the VPN connection, all traffic will go through the VPN. This might cause problems if you use local DNS recursors which are not directly reachable, since you will try to reach them through the VPN and they might not answer to you. If that happens, use public DNS resolvers like those of OpenDNS (`208.67.222.222` and `208.67.220.220`) or Google (`8.8.4.4` and `8.8.8.8`).
+The server config [specifies](https://github.com/d3vilh/openvpn-aws/blob/master/openvpn/server.conf#L34) `push redirect-gateway def1 bypass-dhcp`, meaning that after establishing the VPN connection, all traffic will go through the VPN. This might cause problems if you use local DNS recursors which are not directly reachable, since you will try to reach them through the VPN and they might not answer to you. If that happens, use public DNS resolvers like those of OpenDNS (`208.67.222.222` and `208.67.220.220`) or Google (`8.8.4.4` and `8.8.8.8`).
 
 ### OpenVPN Server Pstree structure
 
 All the Server and Client configuration located in mounted Docker volume and can be easely tuned. Here is the tree structure:
 
 ```shell
+|-- server.conf  // OpenVPN Server configuration file
 |-- clients
 |   |-- your_client1.ovpn
 |-- config
 |   |-- client.conf
 |   |-- easy-rsa.vars
-|   |-- server.conf
 |-- db
 |   |-- data.db //Optional OpenVPN UI DB
 |-- log

diff --git a/config/server.conf → config/old-server.conf b/config/server.conf → config/old-server.conf
diff --git a/docker-compose-openvpnui.yml b/docker-compose-openvpnui.yml
@@ -23,6 +23,7 @@ services:
            - ./log:/var/log/openvpn
            - ./fw-rules.sh:/opt/app/fw-rules.sh
            - ./checkpsw.sh:/opt/app/checkpsw.sh
+           - ./server.conf:/etc/openvpn/server.conf
        cap_add:
            - NET_ADMIN
        restart: always

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -23,6 +23,7 @@ services:
            - ./log:/var/log/openvpn
            - ./fw-rules.sh:/opt/app/fw-rules.sh
            - ./checkpsw.sh:/opt/app/checkpsw.sh
+           - ./server.conf:/etc/openvpn/server.conf
        cap_add:
            - NET_ADMIN
        restart: always

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-#VERSION 0.2.1 by @[email protected] aka Mr. Philipp
+#VERSION 0.2.2 by @[email protected] aka Mr. Philipp
 set -e
 
 #Variables
@@ -89,4 +89,4 @@ echo 'IPT FWD Chains:'
 iptables -v -x -n -L | grep DROP 
 
 echo 'Start openvpn process...'
-/usr/sbin/openvpn --cd $OPENVPN_DIR --script-security 2 --config $OPENVPN_DIR/config/server.conf
+/usr/sbin/openvpn --cd $OPENVPN_DIR --script-security 2 --config $OPENVPN_DIR/server.conf
diff --git a/server.conf b/server.conf
@@ -0,0 +1,51 @@
+management 0.0.0.0 2080
+
+port 1194
+proto udp
+
+dev tun
+
+ca pki/ca.crt
+cert pki/issued/server.crt
+key pki/private/server.key
+
+# cipher AES-256-CBC  # Deprecated since v.0.3. we are using GCM now.
+cipher AES-256-GCM
+auth SHA512
+dh pki/dh.pem
+
+server 10.0.70.0 255.255.255.0
+route 10.0.71.0 255.255.255.0
+ifconfig-pool-persist pki/ipp.txt
+push "route 10.0.60.0 255.255.255.0"
+push "dhcp-option DNS 8.8.8.8"
+push "dhcp-option DNS 1.0.0.1"
+
+keepalive 10 120
+max-clients 100
+
+persist-key
+persist-tun
+
+log         /var/log/openvpn/openvpn.log
+verb 4
+topology subnet
+
+client-config-dir /etc/openvpn/staticclients
+push "redirect-gateway def1 bypass-dhcp"
+
+#ncp-ciphers AES-256-GCM:AES-192-GCM:AES-128-GCM   # Deprecated since v.0.3. we have to use data-ciphers below instead
+data-ciphers AES-256-GCM:AES-192-GCM:AES-128-GCM
+
+user nobody
+group nogroup
+
+status /var/log/openvpn/openvpn-status.log
+explicit-exit-notify 1
+crl-verify pki/crl.pem
+
+# 2FA Auth part
+# script-security 2
+# auth-user-pass-verify /opt/app/oath.sh via-file
+
+# Default openvpn-server configuration file