Public Repository

Last pushed: a month ago
Short Description
Fork of kylemanna/openvpn with custom "logless" DNS and stronger SHA-256-CBC encryption.
Full Description

openvpn

Fork of kylemanna/openvpn with custom "logless" DNS and stronger SHA-256-CBC encryption.

Original image remained untouched, I've edited the commands for your convenience. DNS are from PIA, based in US.
Client certificate was renamed to macbook, as it is the hardware I use - feel free to change it.
SHA384 cipher is the strongest working parameter for this build.
The reason I created it is that I didn't wanted to use generic Google DNS and found a note on kylemanna's GitHub about altering the -n setting.
Extensively tested on UnRAID VM and 5$ Digital Ocean node - just bear in mind that generating 4096 key takes much longer than 2048.

• Pick a name for the $OVPN_DATA data volume container, it will be created automatically:
OVPN_DATA="ovpn-data"

• Initialize the $OVPN_DATA container that will hold the configuration files and certificates:
docker volume create --name $OVPN_DATA

docker run -v $OVPN_DATA:/etc/openvpn --net=none --rm tengu8890/openvpn ovpn_genconfig -C 'AES-256-CBC' -a 'SHA384' -n 209.222.18.222 -n 209.222.18.218 -u udp://YOURVPN.IP.HERE

docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn ovpn_initpki

• Start OpenVPN server process:
docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN tengu8890/openvpn

• Generate a client certificate without a passphrase:
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn easyrsa build-client-full macbook nopass

• Retrieve the client configuration with embedded certificates:
docker run -v $OVPN_DATA:/etc/openvpn --rm tengu8890/openvpn ovpn_getclient macbook > macbook.ovpn

If you want to add additional client after some time (mobile for example), you just have to retype:

• OVPN_DATA="ovpn-data"

• docker volume create --name $OVPN_DATA

• docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn easyrsa build-client-full mobile nopass

• docker run -v $OVPN_DATA:/etc/openvpn --rm tengu8890/openvpn ovpn_getclient mobile > mobile.ovpn

Docker Pull Command
Owner
tengu8890

Comments (0)