Update openvpn, docker base image and easy-rsa

.github/CONTRIBUTING.md

@@ -1,10 +1,10 @@
 # Contribution Guidelines
 
 Contributions are highly appreciated as I'm right now not that experience with docker / docker-compose!
-If you have an idea of how to improve it feel free to [open an issue](https://github.com/Simonwep/openvpn-pihole/issues/new)!
+If you have an idea of how to improve it feel free to [open an issue](https://github.com/simonwep/openvpn-pihole/issues/new)!
 
-1. Please follow the instructions in the [readme](https://github.com/Simonwep/openvpn-pihole) for how to set up this project.
-2. If you're making docker/docker-compose related changes please make sure it works with the version I used (see the [setup](https://github.com/Simonwep/openvpn-pihole#setup) in the readme).
+1. Please follow the instructions in the [readme](https://github.com/simonwep/openvpn-pihole) for how to set up this project.
+2. If you're making docker/docker-compose related changes please make sure it works with the version I used (see the [setup](https://github.com/simonwep/openvpn-pihole#setup) in the readme).
 3. Every feature-request / bug-fix needs its own branch - **never update master directly!**.
 4. I'm using 4 spaces for `.yml` and `.sh` files - please make sure you're doing the same ;)
 5. Right now I'm not running any tests agains the docker-image, if this thing gets bigger this will change until then just make sure the build succeeds.

.github/FUNDING.yml

@@ -1,3 +1,3 @@
-github: Simonwep
+github: simonwep
 patreon: simonwep
 custom: ["paypal.me/simonreinisch", "buymeacoffee.com/aVc3krbXQ"]

.github/ISSUE_TEMPLATE/bug.md

@@ -11,7 +11,7 @@ assignees: ''
 Please review these questions and check them to make sure noone has asked this before:
  - [ ] I'm using the latest version (you pulled the latest version of this repository)
  - [ ] I've searched through all the issues (if any) for this bug
- - [ ] I've checked out the [FAQ](https://github.com/Simonwep/openvpn-pihole#faq--recipes) section
+ - [ ] I've checked out the [FAQ](https://github.com/simonwep/openvpn-pihole#faq--recipes) section
 
 #### What is the current behavior?
 <!-- A clear and concise description of what the bug is. -->

README.md

@@ -33,17 +33,16 @@ and [kylemanna/docker-openvpn](https://github.com/kylemanna/docker-openvpn).
 
 ## Table of Contents
 - [Setup](#setup)
-    - [Generating `.ovpn` files](#generating-ovpn-files)
-        - [Generating a list of certificates](#generating-a-list-of-certificates)
-    - [Revoking `.ovpn` files](#revoking-ovpn-files)
-    - [Renewing certificates](#renewing-certificates)
+  - [Generating `.ovpn` files](#generating-ovpn-files) (or a [list](#generating-a-list-of-certificates))
+  - [Revoking `.ovpn` files](#revoking-ovpn-files)
+  - [Renewing certificates](#renewing-certificates)
 - [Configuration](#configuration)
-    - [OpenVPN](#openvpn)
-    - [PiHole](#pihole)
+  - [OpenVPN](#openvpn)
+  - [PiHole](#pihole)
 - [FAQ & Recipes](#faq--recipes)
-    - [Launching multiple openvpn instances with different protocol/port config](#launching-multiple-openvpn-instances-with-different-protocolport-config)
+  - [Launching multiple openvpn instances with different protocol/port config](#launching-multiple-openvpn-instances-with-different-protocolport-config)
 - [Troubleshooting](#troubleshooting)
-    - [Port 53 is already in use](#port-53-is-already-in-use)
+  - [Port 53 is already in use](#port-53-is-already-in-use)
 - [Contributing](#contributing)
 
 ## Setup
@@ -55,29 +54,29 @@ git clone https://github.com/simonwep/openvpn-pihole.git
 cd openvpn-pihole
 ```
 
-Make sure you're using the latest [docker](https://docs.docker.com/get-docker/) and [docker-compose](https://docs.docker.com/compose).
-I'm using `v3.5` for the [docker-compose.yml](docker-compose.yml), so you'll need at least `v17.12.0` for the docker-engine (see [this table](https://docs.docker.com/compose/compose-file/#compose-and-docker-compatibility-matrix)).
+> [!CAUTION]
+> If you share your VPN with others, it's highly recommended changing the admin password for the PiHole dashboard in the [docker-compose.yml](docker-compose.yml) file now.
 
-If you share your VPN with others it's highly recommended changing the admin password for the PiHole dashboard in the [docker-compose.yml](docker-compose.yml) file now.
-
-After you've installed all the pre-requisites you can run.
+After you've installed all the pre-requisites, you can run (make sure you're using the latest [docker](https://docs.docker.com/get-docker/) version):
 ```sh
 sudo docker compose up -d
 ```
 
 After this is done you'll find two new folders inside of this repository - the `/openvpn` folder will contain all of your certificates as well as an easy-rsa configuration file.
 `/pihole` will contain the content of `/etc/pihole` and `/etc/dnsmasq.d`.
 
-> Until [this issue](https://github.com/moby/moby/issues/32582) has been resolved I'll be using mounted host directories for the sake of simplicity.
+If you want to migrate settings or your query-database, you can now copy it into the corresponding folder in `/pihole` :)
+You'll also be able to import your config as usual in the docker dashboard.
 
-If you want to migrate settings or your query-database you can now copy it into the corresponding folder in `/pihole` :)
-The pihole admin dashboard can only be reached through the vpn.
+The pihole admin dashboard can only be reached through the vpn under [http://pi.hole](http://pi.hole).
 
-> If you're using a VPS make sure to open 1194/udp!
+> [!NOTE]
+> If you're using a VPS make sure to open `1194/udp`!
 
 ### Generating `.ovpn` files
 
-> Before you generate any client certificate you must update the host in [client configuration](openvpn/config/client.conf).
+> [!WARNING]
+> Before you generate any client certificate, you must update the host in [client configuration](openvpn/config/client.conf).
 > This file will be used as base-configuration for each `.ovpn` file! You probably at least want to change the IP address to your public one.
 
 ```sh
@@ -114,7 +113,7 @@ After restarting the service, a new CA will be generated.
 ```sh
 docker compose down
 rm -rf ./openvpn/pki
-docker compose down -d
+docker compose up -d
 ```
 
 Keep in mind, that after that you have to re-generate all `.ovpn`-files.
@@ -128,7 +127,8 @@ They get copied every time the instance gets spawned so feel free to change / up
 
 ### PiHole
 
-We're always using the very latest PiHole version - start the PiHole service at least once to edit configuration files manually.
+We're always using the very latest PiHole version.
+Start the PiHole service at least once to edit configuration files manually.
 
 ## FAQ & Recipes
 

docker-compose.yml

@@ -1,55 +1,46 @@
-version: "3.5"
-
 services:
-    openvpn:
-        container_name: openvpn
-        build: ./openvpn-docker
-        ports:
-            - "1194:1194/udp"
-        networks:
-            vpn-net:
-                ipv4_address: 172.20.0.3
-        environment:
-            REQ_COUNTRY: US
-            REQ_PROVINCE: California
-            REQ_CITY: San Francisco
-            REQ_ORG: Copyleft Certificate Co
-            REQ_OU: My Organizational Unit
-            REQ_CN: MyOpenVPN
-        volumes:
-            - ./openvpn/pki:/etc/openvpn/pki
-            - ./openvpn/clients:/etc/openvpn/clients
-            - ./openvpn/config:/etc/openvpn/config
-        cap_add:
-            - NET_ADMIN
-        restart: unless-stopped
+  openvpn:
+    container_name: openvpn
+    build: ./openvpn-docker
+    ports:
+      - "1194:1194/udp"
+    networks:
+      vpn-net:
+        ipv4_address: 172.20.0.3
+    volumes:
+      - ./openvpn/pki:/etc/openvpn/pki
+      - ./openvpn/clients:/etc/openvpn/clients
+      - ./openvpn/config:/etc/openvpn/config
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped
 
-    pihole:
-        container_name: pihole
-        image: pihole/pihole:latest
-        depends_on:
-            - "openvpn"
-        networks:
-            vpn-net:
-                ipv4_address: 172.20.0.2
-        environment:
-            TZ: "Europe/Berlin"
-            WEBPASSWORD: "password"
-            DNS1: 208.67.222.222 # OpenDNS
-            DNS2: 208.67.220.220
-            ServerIP: 172.20.0.2
-        volumes:
-            - ./pihole/pihole:/etc/pihole
-            - ./pihole/dnsmasq.d:/etc/dnsmasq.d
-        cap_add:
-            - NET_ADMIN
-        restart: unless-stopped
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    depends_on:
+      - "openvpn"
+    networks:
+      vpn-net:
+        ipv4_address: 172.20.0.2
+    environment:
+      TZ: "Europe/Berlin"
+      WEBPASSWORD: "password"
+      DNS1: 208.67.222.222 # OpenDNS
+      DNS2: 208.67.220.220
+      ServerIP: 172.20.0.2
+    volumes:
+      - ./pihole/pihole:/etc/pihole
+      - ./pihole/dnsmasq.d:/etc/dnsmasq.d
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped
 
 networks:
-    vpn-net:
-        driver: bridge
-        ipam:
-            driver: default
-            config:
-                - subnet: 172.20.0.0/16
+  vpn-net:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.20.0.0/16
 

openvpn-docker/Dockerfile

@@ -1,21 +1,18 @@
-FROM ubuntu:18.04
+FROM ubuntu:24.04
 
 COPY . /opt/app
 WORKDIR /opt/app
 
 # Install Latest OpenVPN Version
 RUN apt-get update -y && \
     apt-get upgrade -y && \
-    apt-get install gnupg wget -y && \
-    wget -qO - 'https://swupdate.openvpn.net/repos/repo-public.gpg' | apt-key add - && \
-    echo 'deb http://build.openvpn.net/debian/openvpn/stable bionic main' > /etc/apt/sources.list.d/openvpn-aptrepo.list && \
-    apt-get install openvpn -y
+    apt-get install gnupg wget openvpn -y
 
 # Download easy-rsa
-RUN wget -q https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-3.0.7.tgz && \
-    tar xf EasyRSA-3.0.7.tgz && \
-    rm -f EasyRSA-3.0.7.tgz && \
-    mv EasyRSA-3.0.7 easy-rsa
+RUN wget -q https://github.com/OpenVPN/easy-rsa/releases/download/v3.2.0/EasyRSA-3.2.0.tgz && \
+    tar xf EasyRSA-3.2.0.tgz && \
+    rm -f EasyRSA-3.2.0.tgz && \
+    mv EasyRSA-3.2.0 easy-rsa
 
 # Install iptables
 RUN apt-get install iptables -y
@@ -24,10 +21,4 @@ EXPOSE 1194/udp
 
 RUN chmod +x bin/*
 RUN chmod +x docker-entrypoint.sh
-ENTRYPOINT ./docker-entrypoint.sh \
-                "$REQ_COUNTRY" \
-                "$REQ_PROVINCE" \
-                "$REQ_CITY" \
-                "$REQ_ORG" \
-                "$REQ_OU" \
-                "$REQ_CN"
+ENTRYPOINT ./docker-entrypoint.sh

openvpn-docker/README.md

@@ -7,10 +7,10 @@
 </h3>
 
 There is already an existing docker-image for openvpn created by (kylemanna/docker-openvpn)[https://github.com/kylemanna/docker-openvpn] - With over [180](https://github.com/kylemanna/docker-openvpn/issues) issues,
-[40](https://github.com/kylemanna/docker-openvpn/pulls) open PR's and last commit done in March 2020 I decided to tread this image as not maintained anymore, also It was a good way for me to make myself more familiar with building and setting up docker iamges so that's why I created my own.
+[40](https://github.com/kylemanna/docker-openvpn/pulls) open PR's and last commit done in March 2020 I decided to tread this image as not maintained anymore, also It was a good way for me to make myself more familiar with building and setting up docker images so that's why I created my own.
 
-Most of its documentation can be found in the [root](https://github.com/Simonwep/openvpn-pihole) directory, if you want to run it without anything else you'll have to edit the [dns-configuration](https://github.com/Simonwep/openvpn-pihole/blob/master/openvpn-docker/server.conf#L200) (which currently points to the PiHole DNS Server) and
-if you don't want to use a custom dns-resolve at all you may also want to comment out [this line](https://github.com/Simonwep/openvpn-pihole/blob/master/openvpn-docker/server.conf#L192).
+Most of its documentation can be found in the [root](https://github.com/simonwep/openvpn-pihole) directory, if you want to run it without anything else you'll have to edit the [dns-configuration](https://github.com/simonwep/openvpn-pihole/blob/master/openvpn-docker/server.conf#L200) (which currently points to the PiHole DNS Server) and
+if you don't want to use a custom dns-resolve at all, you may also want to comment out [this line](https://github.com/simonwep/openvpn-pihole/blob/master/openvpn-docker/server.conf#L192).
 
 
 ### Run this image using `docker` itself

openvpn-docker/bin/genclient.sh

@@ -24,13 +24,13 @@ cp /etc/openvpn/config/easy-rsa.vars ./vars
 # Generate certificates
 if [[ -z $2 ]]; then
   echo 'Without password...'
-  ./easyrsa --batch --req-cn="$1" gen-req "client-$1" nopass
+  ./easyrsa --batch gen-req "client-$1" nopass
 else
   echo 'With password...'
   # See https://stackoverflow.com/questions/4294689/how-to-generate-an-openssl-key-using-a-passphrase-from-the-command-line
   # ... and https://stackoverflow.com/questions/22415601/using-easy-rsa-how-to-automate-client-server-creation-process
   # ... and https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Advanced.md
-  (echo -e '\n') | ./easyrsa --batch --req-cn="$1" --passin=pass:${2} --passout=pass:${2} gen-req "client-$1"
+  (echo -e '\n') | ./easyrsa --batch --passin=pass:${2} --passout=pass:${2} gen-req "client-$1"
 fi
 
 # Sign request

openvpn-docker/docker-entrypoint.sh

@@ -12,7 +12,7 @@ if [[ ! -f /etc/openvpn/pki/ca.crt ]]; then
   echo 'Setting up public key infrastructure...'
   ./easyrsa init-pki
 
-  echo 'Generating ertificate authority...'
+  echo 'Generating certificate authority...'
   ./easyrsa build-ca nopass
 
   # Creating the Server Certificate, Key, and Encryption Files
@@ -26,7 +26,7 @@ if [[ ! -f /etc/openvpn/pki/ca.crt ]]; then
   ./easyrsa gen-dh
 
   echo 'Generate HMAC signature...'
-  openvpn --genkey --secret pki/ta.key
+  openvpn --genkey secret pki/ta.key
 
   echo 'Create certificate revocation list (CRL)...'
   ./easyrsa gen-crl