Public | Automated Build

Last pushed: a year ago
Short Description
A standalone script to manage OpenVPN server and client configurations.
Full Description


This standalone script allows you to manage configuration files for an OpenVPN server and multiple clients using only one-liners, and no OpenSSL command.

Unlike its predecessors, it does not rely on easy-rsa, it is fairly straightforward to parse and understand (< 250 lines), and doesn't try to cover all your possible needs with dozens of commandline options. Instead, you are given a "sane" OpenVPN configuration file, which you are encouraged to read and understand, and which you can edit if it doesn't suit you.


Clone this project using Git, or just wget the script, then read it.

git clone /srv/openvpn/

Without Docker:

Initialise a certification authority, a server configuration, and a client configuration template in the same directory:

./ init

Modify server.conf and client_template.conf (you will especially need to setup the remote and port parts, but you might want to disable compression, change the cipher suite, etc.)

Issue certificates and create all-in-one configuration files for each of your clients (each must have a unique ID containing only letters, digits, underscores and dashes):

./ issue "my-client-name"
./ issue "another-self-explanatory-id"
./ list

If a client profile or private key gets leaked, or if you lose access to it, you might want to prevent that profile from being used:

./ revoke "my-client-name"

If you want to remove all configuration files, certificates, private keys, and profiles after your tests, simply run: (like all other commands, it will prompt you before modifying anything, except if you use the -y option)

./ cleanup

With Docker:

Run commands as in the previous case, but prefixed with the following Docker options:

docker run -it --rm -v /your/config/dir/:/etc/openvpn/ mtthbfft/simplvpn init
docker run -it --rm -v /your/config/dir/:/etc/openvpn/ mtthbfft/simplvpn /etc/openvpn/ issue "your-client"
docker run -d -v /your/config/dir/:/etc/openvpn/ --restart unless-stopped -p 9090:9090 --cap-add NET_ADMIN mtthbfft/simplvpn

Finally, you only have to send an all-in-one .ovpn file to your client.


  1. Read OpenVPN's documentation
  2. Read the contents of this script, and understand at least its basic steps;
  3. As recommended in, handle CA operations offline, or at least move
    client private keys and .ovpn profiles offline once they are generated.


Configurations generated by this script have been tested against:

  • OpenVPN Connect 1.1.{16,17} on Android 6.0.1
  • OpenVPN Connect 1.0.7 on iOS 9.3.5
  • NetworkManager 1.4.2 on ArchLinux
  • Tunnelblick 3.5.11 on Mac OS 10.6.8

Help by telling me if it works on other versions or platforms, or open an issue with your logs.

Docker Pull Command
Source Repository