Public Repository

Last pushed: 3 months ago
Short Description
OpenVPN in Docker
Full Description

Based on kylemanna/openvpn with custom "logless" DNS, stronger SHA-256-CBC encryption and 443/TCP as default port.

Original image remained untouched, I've edited the commands for your convenience. DNS are from PIA, based in US. Client certificate was renamed to macbook, as it is the hardware I use - feel free to change it. SHA384 cipher is the strongest working parameter for this build. 443/TCP protocol and port is used to punch through firewalls that block default 1194/UDP port. The reason I created it is that I didn't wanted to use generic Google DNS and found a note on kylemanna's GitHub about altering the -n setting. Extensively tested on UnRAID VM, 5$ Digital Ocean Droplet and AWS - just bear in mind that generating 4096 key takes much longer than 2048.

Pick a name for the $OVPN_DATA data volume container, it will be created automatically:

Initialize the $OVPN_DATA container that will hold the configuration files and certificates:
docker volume create --name $OVPN_DATA

docker run -v $OVPN_DATA:/etc/openvpn --net=none --rm tengu8890/openvpn ovpn_genconfig -C 'AES-256-CBC' -a 'SHA384' -n -n -u tcp://YOURVPN.IP.HERE:443

docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn ovpn_initpki

Start OpenVPN server process
docker run -v $OVPN_DATA:/etc/openvpn -d -p 443:1194/tcp --privileged --cap-add=NET_ADMIN tengu8890/openvpn

Generate a client certificate without a passphrase
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn easyrsa build-client-full macbook nopass

Retrieve the client configuration with embedded certificates
docker run -v $OVPN_DATA:/etc/openvpn --rm tengu8890/openvpn ovpn_getclient macbook > macbook.ovpn

If you want to add additional client after some time (mobile for example), you just have to retype:
docker volume create --name $OVPN_DATA
docker run -e EASYRSA_KEY_SIZE=4096 -v $OVPN_DATA:/etc/openvpn --rm -it tengu8890/openvpn easyrsa build-client-full mobile nopass
docker run -v $OVPN_DATA:/etc/openvpn --rm tengu8890/openvpn ovpn_getclient mobile > mobile.ovpn

Docker Pull Command