various fixes

2020-06-09 02:00:55 -03:00 · 2020-06-09 02:00:55 -03:00 · a56c452f4f
commit a56c452f4f
parent d2b4c8c23f
3 changed files with 63 additions and 28 deletions
--- a/13
+++ b/13
@ -1,14 +1,17 @@
 FROM debian:buster-slim
 ARG REMCO_VER=0.11.1
 RUN apt-get update \
-  && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-    openvpn \
+    openvpn unzip wget ca-certificates \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
  && wget https://github.com/HeavyHorst/remco/releases/download/v${REMCO_VER}/remco_${REMCO_VER}_linux_amd64.zip \
  && unzip remco_${REMCO_VER}_linux_amd64.zip \
  && rm remco_${REMCO_VER}_linux_amd64.zip \
-  && mv remco_linux /bin/remco
+  && mv remco_linux /bin/remco \
  && apt-get purge -y unzip wget ca-certificates \
  && apt-get autoremove --purge -y \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 COPY config /etc/remco/config
 COPY openvpn_setup.tmpl /etc/remco/templates/openvpn_setup.tmpl
 ENTRYPOINT ["remco"]
--- a/docker-compose.sample.yml
+++ b/docker-compose.sample.yml
@ -0,0 +1,25 @@
 ---
 version: "3.5"
 services:
  openvpn:
    build: .
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=false
    environment:
      OPENVPN_MODE: client
      OPENVPN_DEV: tun
      OPENVPN_REMOTE: ${OPENVPN_REMOTE}
      OPENVPN_NOBIND: "yes"
      OPENVPN_COMP_LZO: "yes"
      OPENVPN_NS_CERT_TYPE: server
      OPENVPN_TLS_CLIENT: "yes"
      # OPENVPN_TA: ${OPENVPN_TA}
      # OPENVPN_TA_DIR: "1"
      OPENVPN_CA: ${OPENVPN_CA}
      OPENVPN_KEY: ${OPENVPN_KEY}
      OPENVPN_CERT: ${OPENVPN_CERT}
      OPENVPN_VERB: 3
    volumes:
      - /dev/net/tun:/dev/net/tun
--- a/openvpn_setup.tmpl
+++ b/openvpn_setup.tmpl
@ -6,48 +6,53 @@ mkdir -p /etc/openvpn
 cat - <<EOF > /etc/openvpn.conf
 # client
-{% if getv("/openvpn/mode") %}
+{% if exists("/openvpn/mode") %}
 {{ getv("/openvpn/mode") }}
 {% endif %}
 # dev tun
-{% if getv("/openvpn/dev") %}
+{% if exists("/openvpn/dev") %}
 dev {{ getv("/openvpn/dev") }}
 {% endif %}
 # remote <host>
-{% if getv("/openvpn/remote") %}
+{% if exists("/openvpn/remote") %}
 remote {{ getv("/openvpn/remote") }}
 {% endif %}
 # proto udp
-{% if getv("/openvpn/proto") %}
+{% if exists("/openvpn/proto") %}
 proto {{ getv("/openvpn/proto") }}
 {% endif %}
 # nobind
-{% if getv("/openvpn/nobind") %}
+{% if exists("/openvpn/nobind") %}
 nobind
 {% endif %}
 # ns-cert-type server
-{% if getv("/openvpn/ns/cert/type") %}
+{% if exists("/openvpn/ns/cert/type") %}
 ns-cert-type {{ getv("/openvpn/ns/cert/type") }}
 {% endif %}
 # up /etc/openvpn/update-resolv-conf
-{% if getv("/openvpn/up") %}
+{% if exists("/openvpn/up") %}
 up {{ getv("/openvpn/up") }}
 {% endif %}
 # down /etc/openvpn/update-resolv-conf
-{% if getv("/openvpn/down") %}
+{% if exists("/openvpn/down") %}
 down {{ getv("/openvpn/down") }}
 {% endif %}
-# tls-auth file 1 # This file is secret
+# tls-client
-{% if getv("/openvpn/ta") %}
+{% if exists("/openvpn/tls/client") %}
-tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default(1) }}
+tls-client
 {% endif %}
 # tls-auth file 1
 {% if exists("/openvpn/ta") %}
 tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default:"1" }}
 {% endif %}
 # ca <file>
@ -60,70 +65,71 @@ cert /etc/openvpn/cert
 key /etc/openvpn/key
 # port 1194
-{% if getv("/openvpn/port") %}
+{% if exists("/openvpn/port") %}
 port {{ getv("/openvpn/port") }}
 {% endif %}
-{% if getv("/openvpn/user") %}
+{% if exists("/openvpn/user") %}
 user {{ getv("/openvpn/user") }}
 {% else %}
 user nobody
 {% endif %}
-{% if getv("/openvpn/group") %}
+{% if exists("/openvpn/group") %}
 group {{ getv("/openvpn/group") }}
 {% else %}
 group nogroup
 {% endif %}
 # comp-lzo
-{% if getv("/openvpn/comp/lzo") %}
+{% if exists("/openvpn/comp/lzo") %}
 comp-lzo
 {% endif %}
 # ping 15
-{% if getv("/openvpn/ping") %}
+{% if exists("/openvpn/ping") %}
 ping {{ getv("/openvpn/ping") }}
 {% endif %}
 # ping-restart 45
-{% if getv("/openvpn/ping/restart") %}
+{% if exists("/openvpn/ping/restart") %}
 ping-restart {{ getv("/openvpn/ping/restart") }}
 {% endif %}
 # ping-timer-rem
-{% if getv("/openvpn/ping/timer/rem") %}
+{% if exists("/openvpn/ping/timer/rem") %}
 ping-timer-rem
 {% endif %}
 # persist-tun
-{% if getv("/openvpn/persist/tun") %}
+{% if exists("/openvpn/persist/tun") %}
 persist-tun
 {% endif %}
 # persist-remote-ip
-{% if getv("/openvpn/persist/remote/ip") %}
+{% if exists("/openvpn/persist/remote/ip") %}
 persist-remote-ip
 {% endif %}
 # persist-key
-{% if getv("/openvpn/persist/key") %}
+{% if exists("/openvpn/persist/key") %}
 persist-key
 {% endif %}
 # verb 4
-{% if getv("/openvpn/verb") %}
+{% if exists("/openvpn/verb") %}
 verb {{ getv("/openvpn/verb") }}
 {% endif %}
 EOF
-{% if getv("/openvpn/ta") %}
+{% if exists("/openvpn/ta") %}
 cat - <<EOKEY > /etc/openvpn/ta
 {% for keyline in (replace(getv("/openvpn/ta"),"\\n","!",-1)|split:"!") %}
 {{ keyline }}
 {% endfor %}
 EOKEY
 chmod 600 /etc/openvpn/ta
 {% endif %}
 cat - <<EOKEY > /etc/openvpn/ca
@ -143,3 +149,4 @@ cat - <<EOKEY > /etc/openvpn/key
 {{ keyline }}
 {% endfor %}
 EOKEY
 chmod 600 /etc/openvpn/key