Merge 5dd44dad7f208f4e4035daacae33ff2bde7d70dc into 39f95e3d2c6e1f0e0fa425d9c45104d607c0e3d9

Dockerfile

@@ -9,7 +9,7 @@ COPY . /app
 ARG TARGETARCH
 RUN cd /app && packr2 && env CGO_ENABLED=1 GOOS=linux GOARCH=${TARGETARCH} go build -a -tags netgo -ldflags '-linkmode external -extldflags -static -s -w' -o ovpn-admin && packr2 clean
 
-FROM alpine:3.16
+FROM alpine:3.19
 WORKDIR /app
 COPY --from=backend-builder /app/ovpn-admin /app
 ARG TARGETARCH
@@ -17,4 +17,4 @@ RUN apk add --update bash easy-rsa openssl openvpn coreutils  && \
     ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
     wget https://github.com/pashcovich/openvpn-user/releases/download/v1.0.4/openvpn-user-linux-${TARGETARCH}.tar.gz -O - | tar xz -C /usr/local/bin && \
     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*
-RUN if [ -f "/usr/local/bin/openvpn-user-${TARGETARCH}" ]; then ln -s /usr/local/bin/openvpn-user-${TARGETARCH} /usr/local/bin/openvpn-user; fi
+RUN if [ -f "/usr/local/bin/openvpn-user-${TARGETARCH}" ]; then ln -s /usr/local/bin/openvpn-user-${TARGETARCH} /usr/local/bin/openvpn-user; fi

Dockerfile.openvpn

@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.19
 ARG TARGETARCH
 RUN apk add --update bash openvpn easy-rsa iptables  && \
     ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
@@ -6,4 +6,4 @@ RUN apk add --update bash openvpn easy-rsa iptables  && \
     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*
 RUN if [ -f "/usr/local/bin/openvpn-user-${TARGETARCH}" ]; then ln -s /usr/local/bin/openvpn-user-${TARGETARCH} /usr/local/bin/openvpn-user; fi
 COPY setup/ /etc/openvpn/setup
-RUN chmod +x /etc/openvpn/setup/configure.sh
+RUN chmod +x /etc/openvpn/setup/configure.sh

README.md

@@ -69,14 +69,14 @@ You can also download and use prebuilt binaries from the [releases](https://gith
 
 
 ## Notes
-* this tool uses external calls for `bash`, `coreutils` and `easy-rsa`, thus **Linux systems only are supported** at the moment.
-* to enable additional password authentication provide `--auth` and `--auth.db="/etc/easyrsa/pki/users.db`" flags and install [openvpn-user](https://github.com/pashcovich/openvpn-user/releases/latest). This tool should be available in your `$PATH` and its binary should be executable (`+x`).
-* master-replica synchronization does not work with `--storage.backend=kubernetes.secrets` - **WIP**
-* additional password authentication does not work with `--storage.backend=kubernetes.secrets` -  **WIP**
-* if you use `--ccd` and `--ccd.path="/etc/openvpn/ccd"` abd plan to use static address setup for users do not forget to provide `--ovpn.network="172.16.100.0/24"` with valid openvpn-server network 
-* tested only with Openvpn-server versions 2.4 and 2.5 with only tls-auth mode
-* not tested with EasyRsa version > 3.0.8
-* status of users connections update every 28 second(*no need to ask why =)*)
+* This tool uses external calls for `bash`, `coreutils` and `easy-rsa`, thus **Linux systems only are supported** at the moment.
+* To enable additional password authentication, provide `--auth` and `--auth.db="/etc/easyrsa/pki/users.db`" flags and install [openvpn-user](https://github.com/pashcovich/openvpn-user/releases/latest). This tool should be available in your `$PATH` and its binary should be executable (`+x`).
+* If you use `--ccd` and `--ccd.path="/etc/openvpn/ccd"` and plan to use static address setup for users, do not forget to provide `--ovpn.network="172.16.100.0/24"` with valid openvpn-server network.
+* If you want to pass all the traffic generated by the user, you need to edit `ovpn-admin/templates/client.conf.tpl` and uncomment `redirect-gateway def1`.
+* Tested with openvpn-server versions 2.4 and 2.5 and with tls-auth mode only.
+* Not tested with Easy-RSA version > 3.0.8.
+* Status of user connections update every 28 seconds.
+* Master-replica synchronization and additional password authentication do not work with `--storage.backend=kubernetes.secrets` - **WIP**
 
 ## Usage