sdsys
/
openvpn


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
							registry_secret_data: ewoJImF1dGhzIjogewoJCSJqY3IuaW5mb2NsaW5pY2EucnUiOiB7CgkJCSJhdXRoIjogImNISnZkbWx6YVc5dU9tUmxiVzl6WlhKMlpYSWpjMlJ6TVRJeiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9

openvpn:
  image: "jcr.infoclinica.ru/iru/openvpn-gost"
  tag: "200518041"
  pullPolicy: IfNotPresent

  mode: server
  ccd_confdir: ccd

#  podAnnotations:
  resources:
    limits:
      cpu: 350m
      memory: 50Mi
    requests:
      cpu: 350m
      memory: 50Mi
  configuration: |-
    dev             external
    dev-type        tun
    port            1195
    proto           tcp
    verb            3
    status /var/log/openvpn-external-status.log
    management localhost 7505
    keepalive       10 120
    persist-key
    persist-tun
    comp-lzo       yes
    push comp-lzo  yes
    topology subnet
    mssfix
    server  10.9.0.0 255.255.0.0
    push "route 5.200.59.165 255.255.255.255"
    push "route 192.168.200.0 255.255.248.0"
    push "route 192.168.205.0 255.255.255.0"
    push "route 10.1.116.0 255.255.255.0"
    push "route 217.74.42.71 255.255.255.255"
    route 192.168.206.0 255.255.255.0
    route 192.168.201.0 255.255.255.0
    route 192.168.21.0 255.255.255.0
    route 10.10.0.0 255.255.0.0
    crl-verify /etc/openvpn/keys/crl.pem
    client-config-dir /etc/openvpn/ccd
    ccd-exclusive
    engine          cryptocom
    auth            gost-mac
    cipher          gost89
    tls-cipher      GOST2012-GOST8912-GOST8912
    ca              /etc/openvpn/keys/ca.crt
    cert            /etc/openvpn/keys/server.crt
    key             /etc/openvpn/keys/server.key
  
  keys:
    ca.crt: |-
      -----BEGIN CERTIFICATE-----
      MIICPzCCAeqgAwIBAgIJAL4mALec3gSvMAwGCCqFAwcBAQMCBQAwSTELMAkGA1UE
      BhMCUlUxDzANBgNVBAcTBk1vc2NvdzEOMAwGA1UEChMFU0RTeXMxGTAXBgNVBAMT
      EEVhc3ktR09TVCBDQSB2M2wwHhcNMjAwMzE4MDk1MTE2WhcNMjIwMzE4MDk1MTE2
      WjBJMQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9zY293MQ4wDAYDVQQKEwVTRFN5
      czEZMBcGA1UEAxMQRWFzeS1HT1NUIENBIHYzbDBmMB8GCCqFAwcBAQEBMBMGByqF
      AwICIwEGCCqFAwcBAQICA0MABEAllxmY+xR99A9iyEmgPb9mkm+Wm9jbYe2zOT0O
      tqhAREQUEJPaolixLvNxTxEsySyumqHDihrCD/LXTV9nUhnTo4GrMIGoMB0GA1Ud
      DgQWBBTf9pPnhQwwCC6VD+yCTkhWZpUWEDB5BgNVHSMEcjBwgBTf9pPnhQwwCC6V
      D+yCTkhWZpUWEKFNpEswSTELMAkGA1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEO
      MAwGA1UEChMFU0RTeXMxGTAXBgNVBAMTEEVhc3ktR09TVCBDQSB2M2yCCQC+JgC3
      nN4ErzAMBgNVHRMEBTADAQH/MAwGCCqFAwcBAQMCBQADQQBx4PZpxdGxFiA+3Dgs
      GUr4Urk8+jiQLbmknuD6vWUADO9A7VvMEEdZkWgml0/3Yt2qGs2ZZ56IMmkmwkM4
      Rozv
      -----END CERTIFICATE-----
    server.crt: |-
      -----BEGIN CERTIFICATE-----
      MIICWDCCAgOgAwIBAgIBbjAMBggqhQMHAQEDAgUAMEkxCzAJBgNVBAYTAlJVMQ8w
      DQYDVQQHEwZNb3Njb3cxDjAMBgNVBAoTBVNEU3lzMRkwFwYDVQQDExBFYXN5LUdP
      U1QgQ0EgdjNsMB4XDTIwMDUxNzEzMzQ1NFoXDTIxMDUxNzEzMzQ1NFowSzELMAkG
      A1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEOMAwGA1UEChMFU0RTeXMxCjAIBgNV
      BAsTATIxDzANBgNVBAMTBnNlcnZlcjBmMB8GCCqFAwcBAQEBMBMGByqFAwICIwEG
      CCqFAwcBAQICA0MABEDMynDvbv1HLKFmQc1gdSCzC3XiBZkczzYEG3cGMwe9pPwu
      +XfeErjCnI6L3dZ20bZR7Ad91bwXoUjOVZQnuY88o4HKMIHHMAkGA1UdEwQCMAAw
      HQYDVR0OBBYEFGtYB3CvKR0VqUQRWqmzqwPxFjJCMHkGA1UdIwRyMHCAFN/2k+eF
      DDAILpUP7IJOSFZmlRYQoU2kSzBJMQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9z
      Y293MQ4wDAYDVQQKEwVTRFN5czEZMBcGA1UEAxMQRWFzeS1HT1NUIENBIHYzbIIJ
      AL4mALec3gSvMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIDiDAMBggq
      hQMHAQEDAgUAA0EAlDPHu4InFKvakuz70ISjgfYJddTbSMvnxGV9h9LCuOnyotML
      2k6/NS/SXEnVm/zaF2i1bMsUlU1mBQX3sxGRqQ==
      -----END CERTIFICATE-----
    server.key: |-
      -----BEGIN PRIVATE KEY-----
      MIGAAgEAMB8GCCqFAwcBAQEBMBMGByqFAwICIwEGCCqFAwcBAQICBCCQsswQzpFL
      7ecRbAKbTf8V5tZs8hMOnMDp486YomUsoaA4MDYGCCqFAwIJAwgBMSoEKAFsAU0p
      lsQAkisnUOguGeJ96UJQIXzPjpnm/WBFeECPYfeygjbUp10=
      -----END PRIVATE KEY-----
    crl.pem: |-
      -----BEGIN X509 CRL-----
      MIIBMTCB3TAMBggqhQMHAQEDAgUAMEkxCzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZN
      b3Njb3cxDjAMBgNVBAoTBVNEU3lzMRkwFwYDVQQDExBFYXN5LUdPU1QgQ0EgdjNs
      Fw0yMDAzMjMwODAyMDJaFw0zMDAzMjEwODAyMDJaMGQwEgIBIxcNMTkxMjI1MTEz
      MjQwWjASAgElFw0yMDAzMjMwODAyMDFaMBICASoXDTIwMDIyODE1NDA0MVowEgIB
      MRcNMjAwMzExMDk1NjQ2WjASAgFAFw0yMDAzMTkxMTI4MTVaMAwGCCqFAwcBAQMC
      BQADQQDsLtvVArTSNUu58siBrFJnIFneV17SB8RzvB/NFsmqlDYKAcC5YlSuPeX0
      4NsLD/VSPLD1eJEZotycJgubXQhq
      -----END X509 CRL-----

  scripts:
    startscript.sh: |-
      _SERVERKEY_="MZCP-EU87-PNM9-E985"
      cp -r /tmp/server/.magprocryptopack /root
      chmod -R 700 /root/.magprocryptopack
      echo ${_SERVERKEY_} | /opt/cryptopack3/ssl/misc/getlicense.sh
      touch /tmp/lic
      mkdir /dev/net
      mknod /dev/net/tun c 10 200
      exec "/opt/openvpn-gost/sbin/openvpn" "--config" "/etc/openvpn/configuration/openvpn.conf"
    healthcheck.sh: |-
      #!/bin/bash
      update_lic() {
        /opt/cryptopack3/bin/updater -l /opt/cryptopack3/ssl/cryptocom.lic
        touch /tmp/lic
      }
      file=`find /tmp -name lic -type f -mtime +1`
      if [[ -z ${file} ]];then echo "Обновление лицензии не требуется"; else update_lic;fi


# Inbound IP and port
inbound_IP: 10.1.116.14
inbound_port: 1195

dev_name: external
net: 10.9.0.0
mask: 255.255.0.0

ccd:
  client: ifconfig-push 10.9.10.2 255.255.0.0
  someclient: |-
    ifconfig-push 10.9.10.2 255.255.0.0
    iroute 192.168.250.0 255.255.255.0

router:
  image: "jcr.infoclinica.ru/sdsys/kubectl"
  tag: "1.18.9-3"
  pullPolicy: IfNotPresent
  resources:
    limits:
      cpu: 50m
      memory: 50Mi
    requests:
      cpu: 50m
      memory: 50Mi