Skip to content

Commit

Permalink
Merge pull request #56 from theohbrothers/docs/docker-compose-update-…
Browse files Browse the repository at this point in the history 
…client.conf-and-server.conf-to-be-unified-configs-and-update-docker-compose.yml-examples-to-work

Docs (docker-compose): Update `client.conf` and `server.conf` to be unified configs, and update `docker-compose.yml` examples to work
  • Loading branch information
@leojonathanoh
leojonathanoh authored Jun 30, 2023
2 parents f050079 + 2d0b792 commit 35bf0a3
Show file tree
Hide file tree
Showing 54 changed files with 6,825 additions and 392 deletions.
7 changes: 6 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,12 @@ Dockerized `openvpn`.

## Usage

It is assumed that you have knowledge of configuring `openvpn`.
It is assumed that you have knowledge of configuring `openvpn`. If needed, refer to the official manuals:

- [Openvpn 2.3 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-3/)
- [Openvpn 2.4 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/)
- [Openvpn 2.5 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/)
- [Openvpn 2.6 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/)

To run the image, at the least you should mount a `/etc/openvpn/server.conf`, which may be a unified openvpn profile (see INLINE FILE SUPPORT section in the [openvpn manual](https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage)).

Expand Down
7 changes: 6 additions & 1 deletion generate/templates/README.md.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,12 @@ $(
@'
## Usage
It is assumed that you have knowledge of configuring `openvpn`.
It is assumed that you have knowledge of configuring `openvpn`. If needed, refer to the official manuals:
- [Openvpn 2.3 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-3/)
- [Openvpn 2.4 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/)
- [Openvpn 2.5 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/)
- [Openvpn 2.6 manual](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/)
To run the image, at the least you should mount a `/etc/openvpn/server.conf`, which may be a unified openvpn profile (see INLINE FILE SUPPORT section in the [openvpn manual](https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage)).
Expand Down
11 changes: 8 additions & 3 deletions generate/templates/docker-compose.yml.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,18 @@
version: '2.1'
services:
openvpn-server:
image: theohbrothers/docker-openvpn:$( $VARIANT['tag'] )
build:
dockerfile: Dockerfile
context: .
environment:
- OPENVPN_CONFIG_FILE=/etc/openvpn/server.conf
- NAT_MASQUERADE=1
# - CUSTOM_FIREWALL_SCRIPT=/etc/openvpn/firewall.sh
volumes:
- ./openvpn/server.conf:/etc/openvpn/server.conf
# - ./openvpn/firewall.sh:/etc/openvpn/firewall.sh
ports:
- "1194:1194/udp"
- 1194:1194/udp
cap_add:
- NET_ADMIN
# sysctls for the container if it is not set on the host. See: https://docs.docker.com/compose/compose-file/compose-file-v2/#sysctls
Expand All @@ -22,7 +25,9 @@ services:
restart: unless-stopped
openvpn-client:
image: theohbrothers/docker-openvpn:$( $VARIANT['tag'] )
build:
dockerfile: Dockerfile
context: .
environment:
- OPENVPN_CONFIG_FILE=/etc/openvpn/client.conf
- NAT_MASQUERADE=0
Expand Down
261 changes: 248 additions & 13 deletions generate/templates/openvpn/client.conf.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,261 @@
@"
# See sample config file: https://github.com/OpenVPN/openvpn/blob/v2.4.8/sample/sample-config-files/client.conf
# redirect-gateway def1 bypass-dhcp
client
dev tun
proto udp
remote 10.8.0.1 1194
remote openvpn-server 1194
remote-random
# Push all traffic into the tunnel
;redirect-gateway def1 bypass-dhcp
resolv-retry infinite
nobind
# user nobody
# group nobody
user nobody
group nobody
persist-key
persist-tun
ca pki/ca.crt
cert pki/issued/client.crt
key pki/private/client.key
remote-cert-tls server
tls-auth pki/ta.key 1
# key-direction 1
cipher AES-256-CBC
# auth SHA256
comp-lzo no
verb 3
# mute 20
auth SHA512
comp-lzo
verb 4
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIFQjCCAyqgAwIBAgIUERS7/2c1CMHgGN/t28Ry8A5tRSwwDQYJKoZIhvcNAQEL
BQAwEzERMA8GA1UEAwwIQ2hhbmdlTWUwHhcNMjMwNjMwMTE0NTEyWhcNMzMwNjI3
MTE0NTEyWjATMREwDwYDVQQDDAhDaGFuZ2VNZTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAMh7oK+Y4U4VN5lt3MEl2IlkofgZfjHI6fOzdZVdIcgNSkwm
2P00zFW1+FR/eKzCq44TINum3EUiE2Z1UFEsEolgXwKd5zzkRRvryeQFAQppqXFU
TOrQG4BCteDaKNnkdqVL7Zqp3xzWfhr8ygM+N1heBal88kvM38YKEVz2ZnEqd/Jk
cptNijI8CWYYmCpscq6z7U7PDlIEFcstXb2KWGlgXKAtbW1hGw5HNFdALHMAHSv1
ez0p+++neWR+7Ti1OntiaDYMTVoE+MVtCxHIBQ+sOEzfH82ukDkEglbPhPRVSilM
FAYGSN36LxjqhLtwOSjt2UlAW0XHSiU61/qE8gB7yc6b+HHtcV7fe9HNQt0LkNh2
7vD53oaXawn4//3eD+l3nnfIp6TlaGFkYAt6RJ1I36A2kjoaV29tk27YLCHhHwj4
o4LMmg23fXW6ecyLnCWDHF9W1E8OZhLqPQ/Fgofhr8BOIRh6LMNdn72Ao0bE/XdD
w2dtMASboSadHJsB7vtd+v/U0q6c4iIKR/c23nd4ZRAH4mv1Bs57OXKpviZ+rmO+
13uUgBIrHUloO7yprwysF8UDDf6TkzG38yql9DIHcFU6uADRs6V63nRxyTvxiwZs
Hz/rnTgkAxT29b8myhCW/TpaqI75i5DH5yjSRBunTV/UkYi4KEb0Nl7AU85RAgMB
AAGjgY0wgYowHQYDVR0OBBYEFJgbsO272mGYtTp6yMROMnCl+KkHME4GA1UdIwRH
MEWAFJgbsO272mGYtTp6yMROMnCl+KkHoRekFTATMREwDwYDVQQDDAhDaGFuZ2VN
ZYIUERS7/2c1CMHgGN/t28Ry8A5tRSwwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
AQYwDQYJKoZIhvcNAQELBQADggIBAAbbhy74imUoD+MDYE2oREDMCJ4oRsOa3kTs
5Ayqx4r3292ZmyIHHweOUyIJSC+BW9hCosqnl0uJxGoQ2358TaMFw7TrOpQjZIs1
ycUZUHp/fg2TeVhN32M7z3xa6zhdmxK4+W19/cHPF4LlJqk45Odxza/R0IkWzTo9
De7Kj/cYwP+ADEFOIrQxro5CfKqZcyLQCFsbh3MDNdvqt3cxmTR0Qo+GwLs+wLbG
8Kgxc0qJ/MAaazOng0iyRz6uz+s72fqb3Qh9ZG94Hdqoo4IxhbCzy7coKmmzEJ6w
w3OIDJZOFy1gjEHqRQzxtg/xga48Lq2o/HEyqFz7NSqk3xRzgck0NMIw5Iq6HuU2
T6ovarXKt79YcExI9T94YJqKs0+0hMZdD70IP12bESTVtGJLkJCdj+hAkEfZiBhp
X3bRStslNrMO/fc2c10kvtRgxcbuZryMgakCrfFq4CCOsUBmXq/IvmTbN71Zx/AD
UQ1g2Y5zsOMlc4AOGBWXNyaKNh7B/u0/aAqAZwXJtqlIUmYqcCn4SQBmaGsba97B
t7bInqFaKr63qlvS+jIYEwv882b4TrM9obBCE/uG8Iu7JjHizbp8/IZpRq9ZKXiJ
J//FW4GtjxdCJPPe3ZNDoJTciIhFMSsUH4Le8E7FKPt1hgdhZ09yTqA1eqvCTB0Y
OnkxZyxs
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:4e:3e:ee:0c:a0:be:17:77:36:7e:3e:48:bf:5a:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ChangeMe
Validity
Not Before: Jun 30 11:45:12 2023 GMT
Not After : Oct 2 11:45:12 2025 GMT
Subject: CN=client-01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b3:ef:25:0f:86:77:8e:9f:a4:42:02:f0:19:0e:
20:0e:93:5e:67:78:17:99:a9:cd:06:84:fe:c1:ed:
5b:c9:96:d1:82:ef:5f:a5:95:d7:de:99:97:84:cc:
a8:28:13:69:2f:41:7a:d4:f0:ac:a7:a3:10:8a:31:
c6:aa:14:dd:d0:5d:15:51:2c:e9:5e:3e:fe:f0:1c:
d7:62:07:f7:fb:01:93:22:8f:4b:72:77:76:8a:14:
fe:26:52:59:c8:59:b0:01:b6:cb:7a:2d:ba:0d:35:
a2:8c:42:97:18:54:45:58:f1:69:ff:3b:ce:fd:71:
a5:13:42:82:ca:e2:25:43:61:d6:34:1f:f6:f3:36:
7f:c9:7d:a4:e2:83:f1:8f:b7:2d:cd:7f:cf:1a:90:
a4:86:ce:c0:6b:36:b3:9e:90:d0:60:5c:ec:ac:70:
f7:32:16:59:20:1f:27:a5:3c:00:a0:9b:63:30:41:
a5:d3:63:37:9d:10:f7:f6:53:45:54:57:70:7e:06:
a6:01:32:38:2c:2d:d1:11:4c:3f:57:25:5a:2c:2c:
06:a0:20:bb:c0:95:fd:44:a8:0d:3a:b0:c9:a3:b2:
77:ce:f7:f0:f5:c8:1c:a7:74:ba:b9:83:0b:3c:56:
6f:18:cb:df:39:77:3a:69:18:57:be:48:7e:ab:2a:
21:2d:b0:eb:4c:26:ae:93:f2:d9:0d:29:01:b8:2c:
0b:5a:ec:8a:c0:fd:5d:1c:a7:6f:31:29:5d:5c:35:
cd:0e:e0:97:86:07:af:5e:69:8e:e7:e1:f0:78:21:
f3:15:c6:35:cd:e6:4b:65:d5:17:0b:87:6e:ea:39:
44:96:ab:bc:fc:ee:27:85:fe:10:c4:77:96:25:cd:
9a:66:ee:e4:36:fb:f0:c8:90:62:de:6d:f6:8c:19:
76:c6:6d:c3:9c:a4:9f:80:ec:39:79:ba:32:36:b2:
7d:93:3c:dc:58:c5:13:34:35:8a:7e:cb:cc:f0:9a:
bb:39:dd:ca:bc:cf:c7:7a:8f:9b:60:f1:a8:e6:e4:
41:62:82:cd:cc:d2:81:06:c1:5b:82:0c:49:88:e6:
bd:39:b2:06:82:a0:fb:55:ba:fd:de:57:2f:40:84:
07:b8:38:9a:49:6e:38:49:c0:b9:26:f7:7e:a9:9a:
18:b3:27:b9:d9:b3:fb:7f:6d:9e:68:58:94:f7:b1:
21:b5:ee:59:b0:7f:fc:0f:ab:00:c2:8e:94:34:09:
c3:45:dd:4c:79:03:b8:bf:ce:55:8f:6e:6d:c9:ff:
4c:5b:da:fb:eb:70:bd:c9:37:68:6e:03:e0:db:2f:
6e:db:6c:d4:f0:1f:01:43:42:6e:f6:31:4b:8d:fb:
21:1e:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
23:46:34:1C:74:3B:D8:21:40:4D:81:B3:58:9F:57:CB:0C:5E:90:FB
X509v3 Authority Key Identifier:
keyid:98:1B:B0:ED:BB:DA:61:98:B5:3A:7A:C8:C4:4E:32:70:A5:F8:A9:07
DirName:/CN=ChangeMe
serial:11:14:BB:FF:67:35:08:C1:E0:18:DF:ED:DB:C4:72:F0:0E:6D:45:2C
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
3c:80:ef:a8:a1:94:bc:12:33:6c:19:2e:44:44:6c:20:8e:69:
f6:b8:21:ad:4b:f7:14:d6:bf:c3:8d:b0:87:d1:e2:55:df:c0:
fd:03:31:82:8a:82:dd:68:3d:61:1f:c4:89:eb:e6:07:b0:89:
1d:19:8b:ee:57:9f:87:d8:a2:d8:fe:84:ad:f1:18:9c:b5:93:
a1:17:48:41:1e:f7:12:1e:50:46:b7:57:93:6e:d5:0f:d5:84:
a8:8e:74:4f:ab:8a:ae:40:64:8a:a8:57:32:75:b6:82:20:10:
be:ab:70:0c:96:c7:30:f4:69:c7:c9:24:db:3a:bc:40:eb:ac:
ee:04:f3:58:4a:09:6e:42:01:b4:a5:77:e5:2b:01:05:c1:5c:
08:59:0b:e3:a9:7a:b4:3e:f9:41:8d:2b:e6:8e:40:27:07:07:
0d:b0:03:ba:c9:d2:cd:dd:3c:9a:7e:20:66:bb:7f:4f:9d:fc:
37:16:88:84:a1:26:6a:91:43:d1:47:82:cb:e1:84:d4:03:93:
ec:8d:14:ce:2c:c8:fc:96:f8:28:d5:cb:89:c8:84:ee:8a:54:
8e:3c:12:86:10:73:78:5c:b8:a5:7d:99:94:b1:e1:f9:18:ed:
4b:2f:ae:8d:d4:9b:bc:20:21:d3:13:ed:07:15:70:dc:d1:1f:
58:22:fc:0e:5a:49:4e:6f:c1:99:9d:de:71:4e:62:7d:ad:d3:
2e:c3:ca:3f:db:cf:f3:46:aa:95:1f:99:1c:81:f8:15:5a:a1:
30:f7:7b:4a:e1:8a:fa:8b:a4:92:6d:11:e3:4c:f5:2b:b9:a3:
6d:a4:07:93:cb:28:f7:06:c1:e8:1b:1e:c5:aa:76:51:7e:1b:
a7:fe:db:9b:d4:23:d1:2a:16:52:ed:d1:2c:55:2b:cd:db:73:
fa:20:1a:18:47:af:90:50:0c:fe:1b:0d:f6:06:ec:33:1f:8e:
6f:f2:9a:d0:49:88:cb:a0:8c:8a:60:54:8e:d0:c1:59:ad:e6:
6e:6a:3e:e4:3b:b4:1b:01:8e:81:a4:f2:21:94:d1:a7:5e:e8:
1a:14:af:f1:46:5d:6a:ad:9d:06:02:84:58:96:b2:e6:f8:02:
5f:ce:ed:87:54:b5:f9:b6:62:97:51:b2:88:05:49:de:fd:56:
d1:67:e5:59:78:31:82:36:17:ce:07:62:81:5c:19:82:48:22:
88:15:ea:d9:fc:1e:c3:ee:05:a5:ec:e9:ca:69:b5:2a:7e:79:
ed:aa:6e:3f:b5:45:75:0b:d4:27:e4:4c:88:04:e0:06:36:5e:
41:37:b0:f5:44:80:58:86:dc:c1:be:82:62:fe:a8:2c:6c:ca:
6a:f8:dd:fd:85:df:5a:41
-----BEGIN CERTIFICATE-----
MIIFUTCCAzmgAwIBAgIQDU4+7gygvhd3Nn4+SL9a8zANBgkqhkiG9w0BAQsFADAT
MREwDwYDVQQDDAhDaGFuZ2VNZTAeFw0yMzA2MzAxMTQ1MTJaFw0yNTEwMDIxMTQ1
MTJaMBQxEjAQBgNVBAMMCWNsaWVudC0wMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALPvJQ+Gd46fpEIC8BkOIA6TXmd4F5mpzQaE/sHtW8mW0YLvX6WV
196Zl4TMqCgTaS9BetTwrKejEIoxxqoU3dBdFVEs6V4+/vAc12IH9/sBkyKPS3J3
dooU/iZSWchZsAG2y3otug01ooxClxhURVjxaf87zv1xpRNCgsriJUNh1jQf9vM2
f8l9pOKD8Y+3Lc1/zxqQpIbOwGs2s56Q0GBc7Kxw9zIWWSAfJ6U8AKCbYzBBpdNj
N50Q9/ZTRVRXcH4GpgEyOCwt0RFMP1clWiwsBqAgu8CV/USoDTqwyaOyd8738PXI
HKd0urmDCzxWbxjL3zl3OmkYV75IfqsqIS2w60wmrpPy2Q0pAbgsC1rsisD9XRyn
bzEpXVw1zQ7gl4YHr15pjufh8Hgh8xXGNc3mS2XVFwuHbuo5RJarvPzuJ4X+EMR3
liXNmmbu5Db78MiQYt5t9owZdsZtw5ykn4DsOXm6MjayfZM83FjFEzQ1in7LzPCa
uzndyrzPx3qPm2DxqObkQWKCzczSgQbBW4IMSYjmvTmyBoKg+1W6/d5XL0CEB7g4
mkluOEnAuSb3fqmaGLMnudmz+39tnmhYlPexIbXuWbB//A+rAMKOlDQJw0XdTHkD
uL/OVY9ubcn/TFva++twvck3aG4D4Nsvbtts1PAfAUNCbvYxS437IR53AgMBAAGj
gZ8wgZwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUI0Y0HHQ72CFATYGzWJ9XywxekPsw
TgYDVR0jBEcwRYAUmBuw7bvaYZi1OnrIxE4ycKX4qQehF6QVMBMxETAPBgNVBAMM
CENoYW5nZU1lghQRFLv/ZzUIweAY3+3bxHLwDm1FLDATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBADyA76ihlLwSM2wZ
LkREbCCOafa4Ia1L9xTWv8ONsIfR4lXfwP0DMYKKgt1oPWEfxInr5gewiR0Zi+5X
n4fYotj+hK3xGJy1k6EXSEEe9xIeUEa3V5Nu1Q/VhKiOdE+riq5AZIqoVzJ1toIg
EL6rcAyWxzD0acfJJNs6vEDrrO4E81hKCW5CAbSld+UrAQXBXAhZC+OperQ++UGN
K+aOQCcHBw2wA7rJ0s3dPJp+IGa7f0+d/DcWiIShJmqRQ9FHgsvhhNQDk+yNFM4s
yPyW+CjVy4nIhO6KVI48EoYQc3hcuKV9mZSx4fkY7Usvro3Um7wgIdMT7QcVcNzR
H1gi/A5aSU5vwZmd3nFOYn2t0y7Dyj/bz/NGqpUfmRyB+BVaoTD3e0rhivqLpJJt
EeNM9Su5o22kB5PLKPcGwegbHsWqdlF+G6f+25vUI9EqFlLt0SxVK83bc/ogGhhH
r5BQDP4bDfYG7DMfjm/ymtBJiMugjIpgVI7QwVmt5m5qPuQ7tBsBjoGk8iGU0ade
6BoUr/FGXWqtnQYChFiWsub4Al/O7YdUtfm2YpdRsogFSd79VtFn5Vl4MYI2F84H
YoFcGYJIIogV6tn8HsPuBaXs6cpptSp+ee2qbj+1RXUL1CfkTIgE4AY2XkE3sPVE
gFiG3MG+gmL+qCxsymr43f2F31pB
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCz7yUPhneOn6RC
AvAZDiAOk15neBeZqc0GhP7B7VvJltGC71+lldfemZeEzKgoE2kvQXrU8KynoxCK
McaqFN3QXRVRLOlePv7wHNdiB/f7AZMij0tyd3aKFP4mUlnIWbABtst6LboNNaKM
QpcYVEVY8Wn/O879caUTQoLK4iVDYdY0H/bzNn/JfaTig/GPty3Nf88akKSGzsBr
NrOekNBgXOyscPcyFlkgHyelPACgm2MwQaXTYzedEPf2U0VUV3B+BqYBMjgsLdER
TD9XJVosLAagILvAlf1EqA06sMmjsnfO9/D1yByndLq5gws8Vm8Yy985dzppGFe+
SH6rKiEtsOtMJq6T8tkNKQG4LAta7IrA/V0cp28xKV1cNc0O4JeGB69eaY7n4fB4
IfMVxjXN5ktl1RcLh27qOUSWq7z87ieF/hDEd5YlzZpm7uQ2+/DIkGLebfaMGXbG
bcOcpJ+A7Dl5ujI2sn2TPNxYxRM0NYp+y8zwmrs53cq8z8d6j5tg8ajm5EFigs3M
0oEGwVuCDEmI5r05sgaCoPtVuv3eVy9AhAe4OJpJbjhJwLkm936pmhizJ7nZs/t/
bZ5oWJT3sSG17lmwf/wPqwDCjpQ0CcNF3Ux5A7i/zlWPbm3J/0xb2vvrcL3JN2hu
A+DbL27bbNTwHwFDQm72MUuN+yEedwIDAQABAoICAAuYKlwwvv16vfve8pe6uEgY
KOoj6+lj7qkv4raeU97OkBuOzyv9VtaqMQBGq8NBVPLNlluoUofO0x8EjBejlpN5
nAkKCtOe3ZCdWyee+dS7yj5c23C5z/Kf3ayce9qUJOpHXB84WRfGz/2XwOK5c2qC
y+C9et4L96YhEAqAvgP0hvf+40vSxDM4nGpYNDWdiR8H0FGW5nMlWXLPKI3cKQE8
m6eU8+jPVdjjCQv1rNisipyubkAL0aaWVFQUE5CWvdHxHbtQABygqyshLaew6XmV
MKwaz95eC97jsU6J28RnmJ7GjUlZJreHpwyTLCMsMqZ3ZJ/wVdw1zFmflEH1SgPq
/JNd0OONKm8x7nORX9dHEn33Imfyg2jI6tzVx1oAmMWMb9hJ0XjkIyzjfHTPi5KW
pM3pTUUn6ee4P1T4ReBlatiw2TFgAd18/9gSIaSlENEjslJGQ6/Ndt9O7UNHgwth
ZNtPovjNLqUobHGXlmwg3haeBshn9iPcjdksAjgtjEyowzq7IpiSxQezXNcMezGM
Y9UL5Qc/yjQ3t+Vu94Jmnu0TT3lHGWa3zSgI6L+UdBiIsLF6P5YQVloYOYWE3q/n
HTaORoZlsRKfMIUHmhrZ1keJ4VGqLruSpQHobh3Cfb/xzgOEB3nSwhIK3l2FhSiR
N9jb0r7kMElO+xlm7NChAoIBAQDllnlfyWnTBGog8+T9eJiODuBfdozy2vCZO8nc
vp11NC7fLh5NXR16Ju6I+dcXDhPdoOG8H/DScjer82kEINrY7Wb4swNd01cLCg+/
xVNe9iiLl4Q4m/QOI6ZOUbOfJjH9R8J4Bh/FzR1MXtVktgtsd6JB3zv6V246zDjy
eMnOImwoj6TH/3hI/g2s5i3GoaC7CK+XjpdfZbVAX5+mnpZxBbOqXt7an1IzYHhx
hQO8uo/9b2IDxMrWWn80mGj9Fw5AdK1Ef3eMtbyG6iOIR92UEo9ZwlZ9Tang58Sa
7IFHZko/HcCrS92Hl9YcnYmjG0GDeFl4des+IcVz0AHDhe6RAoIBAQDIolXgCYO3
zo2MtoBTCr+GcluT4DD16ALz7wd8/jXFqmD3UWCAeaS5IsTno1PmuIpvB7dvwz8B
6SOpE//J/bECDmhE18UHYOAqkXzzuuEGMCP1TuaCWBq7kWV8GVTRcSGQDxLyf/Yu
IdxiPQMaCxi0Ffv+aq27Nii1IyV8tyDL3skyGZeQJNW2xjNkngkXsB5Tp7H7tA0G
lSmld1Rtq2XWcRnHQh9ZVP+FxwkjBkdoX0oAASVQwHsy9Q4hZ5ykxPkIGULj3Hw5
zvG1RAM5B4GQegK0OfYuX5Ullrz6a/6p/FnGLvRkZGlHML/bHTmrr8ywSvF63Gkd
oU0nqjPFQ1CHAoIBACoFR4PDno3TwgTz/tZxqyJdEK4ISbXtYpn5OnIfpTwdZ/LL
QxqPz2RbGc+SQs7icbpfxtEi23X5F71uGKt7w/JuSSl9wkD6/HR1y/oiiKbZ0QPz
oGyoBpxL5BVzmLepSv77kllbbZdLenBO7ym2tBKPNvBthlHEjNVQKaAfgXgsDrXB
zLwaQw7BCQm7O2eej4eMCG9p1sTMHceBePwLDKf1DjRBlvJWtLnYj1LfsJZrYw1U
xJDCBQoEmEGtH5IrFR2w/UGLPvtPDAl5czVvSdvfJcOc8S2P+GbEpNRiMys5Sp+Q
t4HiqdI2dSbZoqZqx6vjbCTDGGJP1g7jZF8/9TECggEAXOXVj2O4an4oSnQiXNEI
N29x+bl/0gy4eUw/El/+c+Tc+wbiAPrSC6sOsxaL/bOK3bgb9pLX9MGHcn1BHbzq
ncIgA2hI4Y64nN06lvv7v0rBC4+Z6dZzok/DRr/P5x5T5Qklw8T+LwQcsBwB+KgU
qyXWxUmN4bZFCQIaFHISrHMeg6UX6XU0w2loWHlYSnCQyjlGjv4iXd7pJqVnIVSQ
VceOoRV7wHg7zCyJjX8Vxzz/3ZqqNYa6RLD09wCrphtSF67iqvDnUDkC7+Rq/Zf9
JPFpmRuRYo19WKdAH0+r3fdrdfk9zdI0cPMgkosordc7lpFM2I9/2GlceTY0vGzb
twKCAQEArUbkiwUZFjdjAbKS2m0uPJyytB8bZ335szcoMUV665hzU9EJPcWeVY0L
1FSRu/cig+ZCmpUEc/4JhJVKLEEXgC3BgfHGNHi5PIuvssMT/fJJ9InQe8n4Zq0Q
eZbrfAewrdH3bTpEf6AxIsrMioLsUQSV12iRQ7olsEP9t5HqRKqwhAnqp+q33XT3
L++8IcaaEQ3S/sBb23pY+VSWQfKGFVQES+P7yKeNHjBNQpJTPOdM9iLtvriUmNdO
Gy5HOpLgd10DzXBOI7CgqzFm69Bqk+WFZXGVd9T/Ku69B8XfshoRChGbgHbbEG70
0xT4AQEuygYVBbUrIerZFpDD+Tw7ww==
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
c6a3616134ba696526f84d92101568d7
9fc2475d84662ff95006c44818228e7e
bc0d798cc503f7cd0b610b243821b8eb
2902a2db027fc77034d793250f2012cf
a73a13988ce33992bd01d45e31192b9b
901d5276483c1856facb89617c8f2eff
063c4247898968cb4a3136a96a60a1ca
f06bf0929452a5ed628a38235dafdc2e
21183a859a3d49780a195330ee8e093b
9ace3ee877210e3ff51d0d58a6b09e5f
37b7877514dc6d487e431aa2d77ed857
5a6987ddbac3323a4d7177542deed2ba
f169822453e115c841fb59446263b106
045204603da94d76bff0baf6ca611679
5d32b90d5ff1c7682923ff02046799c3
63431f1365fdd9a1a8e670e81be11c97
-----END OpenVPN Static key V1-----
</tls-auth>
"@
3 changes: 1 addition & 2 deletions generate/templates/openvpn/firewall.sh.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
@'
#!/bin/sh
set -eu
# This iptables script to controlling traffic in the openvpn tunnel.
# In this example, clients can only perform DNS, HTTP and HTTPS requests to the world.
set -eu -o pipefail
# Drop everything by default from tunnel to world
iptables -P FORWARD DROP
# Allow DNS from tunnel to world
Expand Down
Loading

0 comments on commit 35bf0a3

Please sign in to comment.