Setup a tiny (22MB), but full featured and secure OpenVPN server without effort using Docker.
-
Create the docker-compose.yml file
services: openvpn: image: ghcr.io/yokitoki/openvpn:2.6.14-r0-1.0.0 container_name: openvpn restart: unless-stopped cap_add: - NET_ADMIN ports: - "1194:1194/udp" volumes: - /etc/localtime:/etc/localtime:ro - ./openvpn-data:/etc/openvpn
and start
docker compose up -d
-
Initialize the OpenVPN configurations
docker compose exec -it openvpn ovpnctl init host=vpn.example.com docker compose exec -it openvpn ovpnctl initpki
-
Generate a client certificate (nopass)
docker compose exec -it openvpn ovpnctl new username=test
Profile in .ovpn will stored in /etc/openvpn
-
Revoke a client certificate
docker compose exec -it openvpn ovpnctl revoke username=test -
List all generated certificate names (includes the server certificate name)
docker compose exec -it openvpn ovpnctl list -
Renew the CRL
docker compose exec -it openvpn ovpnctl renewcrl
- To enable (bash) debug output set an environment variable with the name DEBUG and value of 1
- To view the log output run
docker compose logs openvpn, to view it realtime rundocker compose logs -f openvpn
-
OpenVPN 2.6.14
-
Easy-RSA v3.1.5+
-
tunmode because it works on the widest range of devices.tapmode, for instance, does not work on Android, except if the device is rooted. -
The UDP server uses
192.168.255.0/24for clients. -
Diffie-Hellman parameters for perfect forward secrecy
-
2048 bits key size
-
Client certificate revocation functionality
-
Tweaks for Windows clients
-
net30topology because it works on the widest range of OS's.p2p, for instance, does not work on Windows. -
Google DNS (8.8.4.4 and 8.8.8.8)
-
The configuration is located in
/etc/openvpn -
Certificates are generated in
/etc/openvpn/pki.
- Clients
- Android, OpenVPN for Android 0.7.46
- Windows 10 64 bit using openvpn-2.6.5
- Based on chadoe/docker-openvpn.
- Based on kylemanna/docker-openvpn.