WIP: openvpn

services/openvpn/config/openvpn.conf

@@ -0,0 +1,7 @@
+port 1194
+proto udp
+dev tun
+
+topology subnet
+
+# TODO

services/openvpn/install.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+echo "Setting up OpenVPN..."
+apk add openvpn
+
+rc-update add openvpn
+modprobe tun
+echo tun >> /etc/modules-load.d/tun.conf
+
+# Enable IP forwarding, persistent
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/ip_forward.conf
+sysctl -p /etc/sysctl.d/ip_forward.conf

services/openvpn/openvpn.policy.json

@@ -0,0 +1,14 @@
+{
+    "description": "Allow OpenVPN server access from the internet",
+    "service": {
+        "openvpn": { "port": 1194, "proto": "udp" }
+    },
+    "filter": [
+        {
+            "in": "WAN",
+            "out": "_fw",
+            "service": "openvpn",
+            "action": "accept"
+        }
+    ]
+}

services/openvpn/update.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+ln -sf ./config/openvpn.conf /etc/openvpn/openvpn.conf