Added s2s IPv6 example

Author: SloCompTech

root/usr/local/share/docker-openvpn/examples/basic_s2s/README.md

@@ -8,6 +8,7 @@ Features:
 
 ``` bash
 # PKI init
+# Edit vars file
 ovpn pki init [nopass]
 
 # Load example

root/usr/local/share/docker-openvpn/examples/basic_s2s_ipv6/README.md

@@ -0,0 +1,31 @@
+# basic_s2s
+
+Features:  
+
+- Site-to-site VPN
+
+## Configuration
+
+``` bash
+# PKI init
+# Edit vars file
+ovpn pki init [nopass]
+
+# Load example
+ovpn example basic_s2s_ipv6
+
+# Certifcates
+# NOTE: To also use server certificates for p2p connection between servers
+#       add clientAuth to extendedKeyUsage before generating certificate
+ovpn subject add first server [nopass]
+# Change filenames in config file
+
+ovpn subject add second server [nopass]
+ovpn subject gen-pkg second # creates .tar.gz in client-confs
+# Copy .tar.gz to second machine
+ovpn load NAME.pkg.tar.gz # Second machine
+```
+
+## External docs
+
+- [Tutorial 1](https://zeldor.biz/2010/12/openvpn-site-to-site-setup/)

root/usr/local/share/docker-openvpn/examples/basic_s2s_ipv6/config/openvpn/openvpn-template.conf

@@ -0,0 +1,40 @@
+#
+# Basic OpenVPN site-to-site IPv6 configuration
+# @author Martin Dagarin
+# @version 1
+# @since 22/03/2020
+#
+
+mode p2p
+dev tun0
+config include.conf
+config unprivileged.conf
+
+# Basic info
+remote $REMOTE_A
+proto $PROTO
+port $PORT
+
+# Network info 
+ifconfig $IP_B $IP_A
+ifconfig-ipv6 $IP6_B $IP6_A
+
+# Set routes in routing table
+# route 192.168.2.0 255.255.255.0
+# route-ipv6 ipv6addr/bits [gateway] [metric]
+
+# CA files
+tls-client
+remote-cert-tls server
+
+# Connection settings
+persist-local-ip
+persist-remote-ip
+persist-tun
+
+# Encryption settings
+cipher AES-256-GCM
+
+# Additional settings
+keepalive 15 120
+explicit-exit-notify 10

root/usr/local/share/docker-openvpn/examples/basic_s2s_ipv6/config/openvpn/openvpn.conf

@@ -0,0 +1,45 @@
+#
+# Basic OpenVPN site-to-site IPv6 configuration
+# @author Martin Dagarin
+# @version 1
+# @since 22/03/2020
+#
+
+mode p2p
+dev tun0
+config include.conf
+config unprivileged.conf
+
+# Basic info
+remote $REMOTE_B
+proto $PROTO
+port $PORT
+
+# Network info 
+ifconfig $IP_A $IP_B
+ifconfig-ipv6 $IP6_A $IP6_B
+
+# Set routes in routing table
+# route 192.168.2.0 255.255.255.0
+# route-ipv6 ipv6addr/bits [gateway] [metric]
+
+# CA files
+ca ca.crt
+cert server.crt
+key server.key
+dh dh.pem
+tls-crypt ta.key
+tls-server # Note: Only for TLS negotiation, requires dh.pem
+remote-cert-tls client # NOTE: Change this to server if you use server certificates on both sides
+
+# Connection settings
+persist-local-ip
+persist-remote-ip
+persist-tun
+
+# Encryption settings
+cipher AES-256-GCM
+
+# Additional settings
+keepalive 15 120
+explicit-exit-notify 10

root/usr/local/share/docker-openvpn/examples/basic_s2s_ipv6/wizard

@@ -0,0 +1,55 @@
+#!/usr/bin/with-contenv bash
+#
+# Config wizard for basic_s2s example
+# @author Martin Dagarin
+# @version 1
+# @since 20/03/2020
+#
+
+if [ -z "$1" ]; then
+  echo 'Directory path missing'
+  exit 1
+fi
+
+read -p 'Protocol udp, tcp, udp6, tcp6 [udp]: ' protocol
+protocol=${protocol:=udp}
+
+read -p 'Port [1194]: ' port
+port=${port:=1194}
+
+read -p 'Site A public IP: ' remote_a
+if [ -z "$remote_a" ]; then echo 'Invalid IP'; exit 2; fi
+
+read -p 'Site A tunnel IP: ' ip_a
+if [ -z "$ip_a" ]; then echo 'Invalid IP'; exit 2; fi
+
+read -p 'Site A tunnel IPv6: ' ip6_a
+if [ -z "$ip6_a" ]; then echo 'Invalid IPv6'; exit 2; fi
+
+read -p 'Site B public IP: ' remote_b
+if [ -z "$remote_b" ]; then echo 'Invalid IP'; exit 2; fi
+
+read -p 'Site B tunnel IP: ' ip_b
+if [ -z "$ip_b" ]; then echo 'Invalid IP'; exit 2; fi
+
+read -p 'Site B tunnel IPv6: ' ip6_b
+if [ -z "$ip6_b" ]; then echo 'Invalid IPv6'; exit 2; fi
+
+confs=(
+  "$1/config/openvpn/openvpn.conf"
+  "$1/config/openvpn/openvpn-template.conf"
+)
+
+for file in "${confs[@]}"
+do
+  mv $file $file.old
+  PROTO="$protocol" \
+  PORT="$port" \
+  REMOTE_A="$remote_a" \
+  IP_A="$ip_a" \
+  IP6_A="$ip6_a" \
+  REMOTE_B="$remote_b" \
+  IP_B="$ip_b" \
+  IP6_B="$ip6_b" \
+  envsubst < $file.old > $file
+done