背景
在家需要访问公司服务,然后还得访问海外服务。如果使用了openvpn则本地网络全部被干扰,海外访问也受影响。于是将openvpn转为代理服务,将代理加入公司规则列表。
Docker 解决方案,适合 Mac, Linux 用户
services:
gluetun:
image: qmcgaw/gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 17888:8888/tcp
volumes:
- /home/user/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=custom
- OPENVPN_CUSTOM_CONFIG=/gluetun/work.ovpn
- DNS_ADDRESS=10.4.53.53
- HTTPPROXY=on
- TZ=Asia/Shanghai
gluetun:
image: qmcgaw/gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 17888:8888/tcp
volumes:
- /home/user/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=custom
- OPENVPN_CUSTOM_CONFIG=/gluetun/work.ovpn
- DNS_ADDRESS=10.4.53.53
- HTTPPROXY=on
- TZ=Asia/Shanghai
常见问题
- work.ovpn 中的地址要使用绝对路径,如
/gluetun/ca.key - 远程地址要使用ip, 如
remote 1.1.1.1 4444, 不能使用域名,除非你内网域名可以使用公网解析 - DNS_ADDRESS 指定为内网DNS, 这个镜像不会自动拉取DNS, 需要手动设置,有优化的空间
- VPN 使用了全部路由,有一些调整的空间
加入 socks5 代理 和 ssd 服务
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 17888:8888/tcp # http proxy
- 17080:1080 #socks5 proxy
- 17222:2222
volumes:
- /home/user/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=custom
- OPENVPN_CUSTOM_CONFIG=/gluetun/work.ovpn
- DNS_ADDRESS=10.4.53.53
- HTTPPROXY=on
- TZ=Asia/Shanghai
socks5:
image: serjs/go-socks5-proxy
container_name: gluetun-socks5
depends_on:
- gluetun
network_mode: "service:gluetun"
sshd:
image: linuxserver/openssh-server
container_name: gluetun-sshd
environment:
- PUID=1000
- PGID=1000
- SHELL_NOLOGIN=false
- TZ=Asia/Shanghai
- SUDO_ACCESS=true
- PASSWORD_ACCESS=true
- USER_PASSWORD=123456 # 设置用户的密码
- USER_NAME=work # 设置用户名
volumes:
- ./88-enable_tunnels:/etc/cont-init.d/88-enable_tunnels
depends_on:
- gluetun
network_mode: "service:gluetun"
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 17888:8888/tcp # http proxy
- 17080:1080 #socks5 proxy
- 17222:2222
volumes:
- /home/user/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=custom
- OPENVPN_CUSTOM_CONFIG=/gluetun/work.ovpn
- DNS_ADDRESS=10.4.53.53
- HTTPPROXY=on
- TZ=Asia/Shanghai
socks5:
image: serjs/go-socks5-proxy
container_name: gluetun-socks5
depends_on:
- gluetun
network_mode: "service:gluetun"
sshd:
image: linuxserver/openssh-server
container_name: gluetun-sshd
environment:
- PUID=1000
- PGID=1000
- SHELL_NOLOGIN=false
- TZ=Asia/Shanghai
- SUDO_ACCESS=true
- PASSWORD_ACCESS=true
- USER_PASSWORD=123456 # 设置用户的密码
- USER_NAME=work # 设置用户名
volumes:
- ./88-enable_tunnels:/etc/cont-init.d/88-enable_tunnels
depends_on:
- gluetun
network_mode: "service:gluetun"
新建 88-enable_tunnels 文件, 然后 chmod +x 88-enable_tunnels 添加执行权限
#!/usr/bin/with-contenv bash
echo Enabling Tunneling
sed -i 's@#PermitTunnel no@PermitTunnel yes@' /etc/ssh/sshd_config
sed -i 's@AllowTcpForwarding no@AllowTcpForwarding yes@' /etc/ssh/sshd_config
sed -i 's@GatewayPorts no@GatewayPorts yes@' /etc/ssh/sshd_config
echo Enabling Tunneling
sed -i 's@#PermitTunnel no@PermitTunnel yes@' /etc/ssh/sshd_config
sed -i 's@AllowTcpForwarding no@AllowTcpForwarding yes@' /etc/ssh/sshd_config
sed -i 's@GatewayPorts no@GatewayPorts yes@' /etc/ssh/sshd_config
参考
https://github.com/qdm12/gluetun
https://github.com/linuxserver/docker-openssh-server/issues/43
当前还没有任何评论