tiukov/ocserv

docker

Hub

By tiukov

•Updated 10 months ago

Tiny OpenConnect Server

Image

Networking

Overview Tags

Without customizing cert variables

$ docker run --privileged  -d \
              -p 4443:4443 \
              -p 4443:4443/udp \
              -e "SRV_CN=vpn.example.com" \
              tiukov/ocserv

With customizing cert variables

$ docker run --privileged  -d \
              -p 4443:4443 \
              -p 4443:4443/udp \
              -e "CA_CN=VPN CA" \
              -e "CA_ORG=OCSERV" \
              -e "CA_DAYS=9999" \
              -e "SRV_CN=vpn.example.com" \
              -e "SRV_ORG=MyCompany" \
              -e "SRV_DAYS=9999" \
              tiukov/ocserv

Intermediate Configuration (Providing own certs in /config/certs and running on port 443):

Cert files are stored in /config/certs. It will automatically generate certs if the following two files are not present in the cert directory:

server-key.pem
server-cert.pem

$ docker run --privileged  -d \
              -v /your/config/path/:/config \
              -e "LISTEN_PORT=443" \
              -e "DNS_SERVERS=192.168.1.2" \
              -e "TUNNEL_MODE=split-include" \
              -e "TUNNEL_ROUTES=192.168.1.0/24" \
              -e "SPLIT_DNS_DOMAINS=example.com" \
              -p 443:443 \
              -p 443:443/udp \
              tiukov/ocserv

Advanced Configuration:

This container allows for advanced configurations for power users who know what they are doing by mounting the /config volume to a host directory. Users can then drop in their own certs and modify the configuration. The POWER_USER environmental variable is required to stop the container from overwriting options set from container environment variables. Some advanced features include setting up site to site VPN links, User Groups, Proxy Protocol support and more.

Variables

Environment Variables

Variable	Required	Function	Example
`LISTEN_PORT`	No	Listening port for VPN connections	`LISTEN_PORT=4443`
`DNS_SERVERS`	No	Comma delimited name servers	`DNS_SERVERS=8.8.8.8,8.8.4.4`
`TUNNEL_MODE`	No	Tunnel mode (all / split-include)	`TUNNEL_MODE=split-include`
`TUNNEL_ROUTES`	No	Comma delimited tunnel routes in CIDR notation	`TUNNEL_ROUTES=192.168.1.0/24`
`SPLIT_DNS_DOMAINS`	No	Comma delimited dns domains	`SPLIT_DNS_DOMAINS=example.com`
`POWER_USER`	No	Allows for advanced manual configuration via host mounted /config volume	`POWER_USER=no`

Volumes

Volume	Required	Function	Example
`config`	No	OpenConnect config files	`/your/config/path/:/config`

Ports

Port	Proto	Required	Function	Example
`4443`	TCP	Yes	OpenConnect server TCP listening port	`4443:4443`
`4443`	UDP	Yes	OpenConnect server UDP listening port	`4443:4443/udp`

Add User/Change Password

Add users by executing the following command on the host running the docker container

docker exec -ti openconnect ocpasswd -c /config/ocpasswd tiukov
Enter password:
Re-enter password:

Delete User

Delete users by executing the following command on the host running the docker container

docker exec -ti openconnect ocpasswd -c /config/ocpasswd -d tiukov

Docker Pull Command

docker pull tiukov/ocserv