Features:
- OpenVPN running as non-root user (limited permission)
- Containerized (Isolated environment)
- Easy managed (Helper scripts).
- Easy start (Simple first-start guide).
- Easly modified to your needs (see docs).
- Easy scripting (python3 installed).
Here are some example snippets to help you get started creating a container.
# Normal start command (but you need to setup config first) docker run \ --name=ovpn \ --cap-add NET_ADMIN \ -e PUID=1000 \ -e PGID=1000 \ -p 1194:1194/udp \ -v </path/o/config>:/config \ --restart=unless-stopped \ --network host \ slocomptech/openvpn:latest # First config command docker run \ --rm -it \ --cap-add NET_ADMIN \ -e PUID=1000 \ -e PGID=1000 \ -e SKIP_APP=true \ -v $(pwd)/data:/config slocomptech/openvpn:latest bash
version: '2.2' services: ovpn: image: slocomptech/openvpn container_name: ovpn hostname: ovpn cap_add: - NET_ADMIN ports: - "1194:1194/udp" volumes: - ./data:/config environment: - PUID=1000 - PGID=1000 restart: on-failure # If you want to build from source add build: build: context: . sysctls: # For IPv6 - net.ipv6.conf.all.disable_ipv6=0 - net.ipv6.conf.default.forwarding=1 - net.ipv6.conf.all.forwarding=1 network_mode: host
| Parameter | Function |
|---|---|
-e CONFIG=test.conf |
Config file name |
-e FAIL_MODE=hard |
Restart whole container on error |
-e NO_CRL_UPDATE=true |
Disable auto CRL update (used when CA is password protected) |
-e NO_CRON=true |
Disable Cron for CRL update ... |
-e PERSIST_INTERFACE=true |
Persist tunnel interface |
-e PUID=1000 |
for UserID - see below for explanation |
-e PGID=1000 |
for GroupID - see below for explanation |
-e SKIP_APP=true |
Skip app startup |
-v /config |
All the config files including OpenVPNs reside here |
-v /log |
Directory for log files (if configured) |
See also: EasyRSA
See upstream image
When using volumes (-v flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user PUID and group PGID.
Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
In this instance PUID=1000 and PGID=1000, to find yours use id user as below:
id username
# uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)-
OpenVPN configuration is in
/config/openvpn. Config file isopenvpn.confor<anyfilename>.ovpn. -
Client template configuration is
openvpn-client.conf. -
At the top of config file you MUST include:
dev tun0 # You MUST set interface with name (with number !!) config include.conf # Includes general config config include-server.conf # Includes additional server config (only for server) config unprivileged.conf # Sets OpenVPN to run unprivileged
If you are new to containers please see rather Detailed first setup guide, because it includes more detailed description.
- Init configuration directory with initial config files:
docker run -it --rm --cap-add NET_ADMIN -e SKIP_APP=true -v </path/to/config>:/config slocomptech/openvpn:latest bash
- Edit
varsfile. (See docs) - At this point you will have bash shell which runs in container. Now run following commands to setup your PKI:
ovpn pki init [nopass] # Inits PKI- Setup OpenVPN config based on example
basicwith configuration wizard or put your config in/config/openvpn/openvpn.conf:
ovpn example basic #Out interface [eth0]: <interface connected to the Internet> #Protocol udp, tcp, udp6, tcp6 [udp]: #VPN network [10.0.0.0]: #Port [1194]: #Public IP or domain of server: <YOUR PUBLIC IP> #DNS1 [8.8.8.8]: #DNS2 [8.8.4.4]:
- Generate server certificate
ovpn subject add server server [nopass]. - Enable port forwarding on your router so OpenVPN server will be accessible from the internet.
- Add clients
# Generates client certificates (put in client-confs directory) ovpn subject add <name> [nopass] # Generate .ovpn manually (generated in client-configs) ovpn subject gen-ovpn <name>
- Exit container with
exit, then it will destroy itself. - Start container using command specified in Usage section.
For more infromation see:
- Detailed first setup guide
- docs (for detailed command usage)
- configuration example directory (for more info about example)
- Contributing (for explanation how container works, how to write an example config ...)
Note: OpenVPN documentation is located at /usr/share/doc/openvpn.
- Run container to get config structure
docker run -it --rm -v PATH:/config slocomptech/openvpn. - Make sure you don't have following options specified in your config file
- user
- group
- Put config file in
/config/openvpn.
Just manualy remove tun0 manually openvpn --rmtun --dev tun0.
Feel free to contribute new features to this container, but first see Contribute Guide.
See CHANGELOG