Public Repository

Last pushed: 2 days ago
Short Description
Fork of kylemanna/openvpn with custom "logless" DNS and stronger SHA-256-CBC encryption.
Full Description


Based on kylemanna/openvpn with custom "logless" DNS, stronger SHA-256-CBC encryption and 443/TCP as default port.

Original image remained untouched, I've edited the commands for your convenience. DNS are from PIA, based in US.
Client certificate was renamed to macbook, as it is the hardware I use - feel free to change it.
SHA384 cipher is the strongest working parameter for this build.
443/TCP protocol and port is used to punch through firewalls that block default 1194/UDP port.
The reason I created it is that I didn't wanted to use generic Google DNS and found a note on kylemanna's GitHub about altering the -n setting.
Extensively tested on UnRAID VM, 5$ Digital Ocean node and AWS - just bear in mind that generating 4096 key takes much longer than 2048.


  • Pick a name for the $OVPN_DATA data volume container, it will be created automatically

  • Initialize the $OVPN_DATA container that will hold the configuration files and certificates

    docker volume create --name $OVPN_DATA
docker run -v $OVPN_DATA:/etc/openvpn --net=none --rm tengu8890/openvpn ovpn_genconfig -C 'AES-256-CBC' -a 'SHA384' -n -n -u tcp://YOURVPN.IP.HERE:443
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn ovpn_initpki
  • Start OpenVPN server process

    docker run -v $OVPN_DATA:/etc/openvpn -d -p 443:1194/tcp --privileged --cap-add=NET_ADMIN tengu8890/openvpn
  • Generate a client certificate without a passphrase

    docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn easyrsa build-client-full macbook nopass
  • Retrieve the client configuration with embedded certificates

    docker run -v $OVPN_DATA:/etc/openvpn --rm tengu8890/openvpn ovpn_getclient macbook > macbook.ovpn

If you want to add additional client after some time (mobile for example), you just have to retype:

docker volume create --name $OVPN_DATA
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn easyrsa build-client-full mobile nopass
docker run -v $OVPN_DATA:/etc/openvpn --rm tengu8890/openvpn ovpn_getclient mobile > mobile.ovpn
Docker Pull Command