tiukov/ocserv
$ docker run --privileged -d \
-p 4443:4443 \
-p 4443:4443/udp \
-e "SRV_CN=vpn.example.com" \
tiukov/ocserv
$ docker run --privileged -d \
-p 4443:4443 \
-p 4443:4443/udp \
-e "CA_CN=VPN CA" \
-e "CA_ORG=OCSERV" \
-e "CA_DAYS=9999" \
-e "SRV_CN=vpn.example.com" \
-e "SRV_ORG=MyCompany" \
-e "SRV_DAYS=9999" \
tiukov/ocserv
Cert files are stored in /config/certs. It will automatically generate certs if the following two files are not present in the cert directory:
server-key.pem
server-cert.pem
$ docker run --privileged -d \
-v /your/config/path/:/config \
-e "LISTEN_PORT=443" \
-e "DNS_SERVERS=192.168.1.2" \
-e "TUNNEL_MODE=split-include" \
-e "TUNNEL_ROUTES=192.168.1.0/24" \
-e "SPLIT_DNS_DOMAINS=example.com" \
-p 443:443 \
-p 443:443/udp \
tiukov/ocserv
This container allows for advanced configurations for power users who know what they are doing by mounting the /config volume to a host directory. Users can then drop in their own certs and modify the configuration. The POWER_USER environmental variable is required to stop the container from overwriting options set from container environment variables. Some advanced features include setting up site to site VPN links, User Groups, Proxy Protocol support and more.
Variable | Required | Function | Example |
---|---|---|---|
LISTEN_PORT | No | Listening port for VPN connections | LISTEN_PORT=4443 |
DNS_SERVERS | No | Comma delimited name servers | DNS_SERVERS=8.8.8.8,8.8.4.4 |
TUNNEL_MODE | No | Tunnel mode (all / split-include) | TUNNEL_MODE=split-include |
TUNNEL_ROUTES | No | Comma delimited tunnel routes in CIDR notation | TUNNEL_ROUTES=192.168.1.0/24 |
SPLIT_DNS_DOMAINS | No | Comma delimited dns domains | SPLIT_DNS_DOMAINS=example.com |
POWER_USER | No | Allows for advanced manual configuration via host mounted /config volume | POWER_USER=no |
Volume | Required | Function | Example |
---|---|---|---|
config | No | OpenConnect config files | /your/config/path/:/config |
Port | Proto | Required | Function | Example |
---|---|---|---|---|
4443 | TCP | Yes | OpenConnect server TCP listening port | 4443:4443 |
4443 | UDP | Yes | OpenConnect server UDP listening port | 4443:4443/udp |
Add users by executing the following command on the host running the docker container
docker exec -ti openconnect ocpasswd -c /config/ocpasswd tiukov
Enter password:
Re-enter password:
Delete users by executing the following command on the host running the docker container
docker exec -ti openconnect ocpasswd -c /config/ocpasswd -d tiukov
docker pull tiukov/ocserv