tiukov/ocserv

By tiukov

Updated 10 months ago

Tiny OpenConnect Server

Image
Networking
0

69

Without customizing cert variables
$ docker run --privileged  -d \
              -p 4443:4443 \
              -p 4443:4443/udp \
              -e "SRV_CN=vpn.example.com" \
              tiukov/ocserv
With customizing cert variables
$ docker run --privileged  -d \
              -p 4443:4443 \
              -p 4443:4443/udp \
              -e "CA_CN=VPN CA" \
              -e "CA_ORG=OCSERV" \
              -e "CA_DAYS=9999" \
              -e "SRV_CN=vpn.example.com" \
              -e "SRV_ORG=MyCompany" \
              -e "SRV_DAYS=9999" \
              tiukov/ocserv

Intermediate Configuration (Providing own certs in /config/certs and running on port 443):

Cert files are stored in /config/certs. It will automatically generate certs if the following two files are not present in the cert directory:

server-key.pem
server-cert.pem
$ docker run --privileged  -d \
              -v /your/config/path/:/config \
              -e "LISTEN_PORT=443" \
              -e "DNS_SERVERS=192.168.1.2" \
              -e "TUNNEL_MODE=split-include" \
              -e "TUNNEL_ROUTES=192.168.1.0/24" \
              -e "SPLIT_DNS_DOMAINS=example.com" \
              -p 443:443 \
              -p 443:443/udp \
              tiukov/ocserv

Advanced Configuration:

This container allows for advanced configurations for power users who know what they are doing by mounting the /config volume to a host directory. Users can then drop in their own certs and modify the configuration. The POWER_USER environmental variable is required to stop the container from overwriting options set from container environment variables. Some advanced features include setting up site to site VPN links, User Groups, Proxy Protocol support and more.

Variables

Environment Variables

VariableRequiredFunctionExample
LISTEN_PORTNoListening port for VPN connectionsLISTEN_PORT=4443
DNS_SERVERSNoComma delimited name serversDNS_SERVERS=8.8.8.8,8.8.4.4
TUNNEL_MODENoTunnel mode (all / split-include)TUNNEL_MODE=split-include
TUNNEL_ROUTESNoComma delimited tunnel routes in CIDR notationTUNNEL_ROUTES=192.168.1.0/24
SPLIT_DNS_DOMAINSNoComma delimited dns domainsSPLIT_DNS_DOMAINS=example.com
POWER_USERNoAllows for advanced manual configuration via host mounted /config volumePOWER_USER=no

Volumes

VolumeRequiredFunctionExample
configNoOpenConnect config files/your/config/path/:/config

Ports

PortProtoRequiredFunctionExample
4443TCPYesOpenConnect server TCP listening port4443:4443
4443UDPYesOpenConnect server UDP listening port4443:4443/udp

Add User/Change Password

Add users by executing the following command on the host running the docker container

docker exec -ti openconnect ocpasswd -c /config/ocpasswd tiukov
Enter password:
Re-enter password:

Delete User

Delete users by executing the following command on the host running the docker container

docker exec -ti openconnect ocpasswd -c /config/ocpasswd -d tiukov

Docker Pull Command

docker pull tiukov/ocserv